Importante Richiesta controllo Logfile of HijackThis

Hi dragokas,
like Ercolino told, "When you put the log in case delete the PC name under Language" has nothing to do with GDPR; it was just a hint to avoid any problems of recognition and tracking on the web, especially after all the crazy mess up on the last months

Good work to you and your team and thanks for signing up to this forum
 
https://www.digital-forum.it/showthread.php?196039-HELP-Malware-o-simile-virus-Ciambella

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:49:50, on 22/06/2018
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)

FIREFOX: 60.0.1 (x86 it)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Deion\salvadoran.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Weeds\Mortimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avpui.exe
C:\Program Files\Weeds\Mortimer.exe
C:\Program Files\eInstruction\Device Manager\Launch.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
C:\Windows\System32\dinotify.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\taskhost.exe
E:\HijackThis.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\conhost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=IT& userid=46582969-9b21-4294-b716-ebb235ec35f4&searchtype=ds&q={searchTerms}&install Date=06/04/2013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {0E2877D3-2641-4970-B794-A553E295428D} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\IEExt\ie_plugin.dll
O2 - BHO: uTorrentBar_IT - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll
O3 - Toolbar: Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Remanufacture] "C:\Program Files\Daddy\Mortimer.exe" iakn
O4 - HKLM\..\Run: [Fielden] "C:\Program Files\intercalation\Atari.exe" iakn
O4 - HKLM\..\Run: [Canaries] "C:\Program Files\Weeds\Mortimer.exe" iakn
O4 - HKLM\..\Run: [Wilting] "C:\Program Files\Daddy\Mortimer.exe" iakn
O4 - HKLM\..\Run: [Campion] "C:\Program Files\intercalation\Atari.exe" iakn
O4 - HKLM\..\Run: [Cancelation] "C:\Program Files\Weeds\Mortimer.exe" iakn
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: BootSys.url
O4 - Startup: kraemer.lnk = ?
O4 - Startup: kraemerkraemer.lnk = ?
O4 - Startup: Monitora avvisi inchiostro - HP Deskjet 1050 J410 series (Copia 1).lnk = ?
O4 - Global Startup: eInstruction Device Manager.lnk = C:\Program Files\eInstruction\Device Manager\Launch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Kaspersky Anti-Virus 18.0.0 (AVP18.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avp.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Secure Connection Service 1.0.0 (KSDE1.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: MGUwZ - Unknown owner - C:\Program Files\MGUwZ\MWU2OG.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NmFiN2U2ZmM - Unknown owner - rundll32.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7826 bytes
 
Devi usare la nuova versione di HijackThis

In ogni caso elimina

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = _http://feed.snap.do/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=IT&[/url] userid=46582969-9b21-4294-b716-ebb235ec35f4&searchtype=ds&q={searchTerms}&install Date=06/04/2013

O4 - Startup: BootSys.url
O4 - Startup: kraemer.lnk = ?
O4 - Startup: kraemerkraemer.lnk = ?
O23 - Service: MGUwZ - Unknown owner - C:\Program Files\MGUwZ\MWU2OG.exe (file missing)
O23 - Service: NmFiN2U2ZmM - Unknown owner - rundll32.exe (file missing)

Verifica poi tra i programmi installati, se c'è qualche programma strano installato di recente


Cancella tutto il contenuto nella cartella Temp

C:windows/temp
 
Dopo aver rimosso e riscanzionato con quello descritto


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:49:50, on 22/06/2018
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)

FIREFOX: 60.0.1 (x86 it)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe ----------> questo apre la finestra CMD.. non riesco ad eliminarlo ma e un file di sistema
C:\Windows\system32\taskeng.exe ---------->
C:\Program Files\Deion\salvadoran.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Weeds\Mortimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avpui.exe
C:\Program Files\Weeds\Mortimer.exe
C:\Program Files\eInstruction\Device Manager\Launch.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
C:\Windows\System32\dinotify.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\taskhost.exe
E:\HijackThis.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\conhost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=AdKnowledgeYB&dpid=AdKnowledgeYB&co=IT&userid=46582969-9b21-4294-b716-ebb235ec35f4&searchtype=ds&q={searchTerms}&installDate=06/04/2013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {0E2877D3-2641-4970-B794-A553E295428D} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\IEExt\ie_plugin.dll
O2 - BHO: uTorrentBar_IT - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll
O3 - Toolbar: Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Remanufacture] "C:\Program Files\Daddy\Mortimer.exe" iakn
O4 - HKLM\..\Run: [Fielden] "C:\Program Files\intercalation\Atari.exe" iakn
O4 - HKLM\..\Run: [Canaries] "C:\Program Files\Weeds\Mortimer.exe" iakn
O4 - HKLM\..\Run: [Wilting] "C:\Program Files\Daddy\Mortimer.exe" iakn
O4 - HKLM\..\Run: [Campion] "C:\Program Files\intercalation\Atari.exe" iakn
O4 - HKLM\..\Run: [Cancelation] "C:\Program Files\Weeds\Mortimer.exe" iakn
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: BootSys.url
O4 - Startup: kraemer.lnk = ?
O4 - Startup: kraemerkraemer.lnk = ?
O4 - Startup: Monitora avvisi inchiostro - HP Deskjet 1050 J410 series (Copia 1).lnk = ?
O4 - Global Startup: eInstruction Device Manager.lnk = C:\Program Files\eInstruction\Device Manager\Launch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Kaspersky Anti-Virus 18.0.0 (AVP18.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\avp.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Secure Connection Service 1.0.0 (KSDE1.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: MGUwZ - Unknown owner - C:\Program Files\MGUwZ\MWU2OG.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NmFiN2U2ZmM - Unknown owner - rundll32.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7826 bytes
 
Gli elementi da rimuovere, che ti ha detto Ercolino, sono ancora tutti lì.

Fixa come ti è stato precedentemente indicato.

Hai ancora Firefox (60.0.2) e anche internet explorer (11) da aggiornare
 
Cortesemente potreste controllarmi se tutto è regolare, grazie.

Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.8.0.4

Platform: x32 Windows XP (Professional), 5.1.2600.0, Service Pack: 3
Time: 22.06.2018 - 22:07 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)

Chrome: 49.0.2623.112
Firefox: 52.8.1.6730
Internet Explorer: 8.0.6001.18702
Default: "C:\Programmi\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Documents and Settings\pc\Documenti\Downloads\HiJackThis.exe
5 C:\Documents and Settings\pc\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
1 C:\Programmi\AVAST Software\Avast\AvastSvc.exe
1 C:\Programmi\AVAST Software\Avast\AvastUI.exe
1 C:\Programmi\AVAST Software\Avast\aswidsagent.exe
1 C:\Programmi\File comuni\Java\Java Update\jusched.exe
1 C:\Programmi\Google\Update\GoogleUpdate.exe
1 C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1 C:\Programmi\Outlook Express\msimn.exe
1 C:\WINDOWS\Explorer.EXE
1 C:\WINDOWS\RTHDCPL.EXE
1 C:\WINDOWS\System32\alg.exe
1 C:\WINDOWS\System32\smss.exe
1 C:\WINDOWS\system32\csrss.exe
1 C:\WINDOWS\system32\ctfmon.exe
1 C:\WINDOWS\system32\lsass.exe
1 C:\WINDOWS\system32\rundll32.exe
1 C:\WINDOWS\system32\services.exe
1 C:\WINDOWS\system32\spoolsv.exe
7 C:\WINDOWS\system32\svchost.exe
1 C:\WINDOWS\system32\wbem\unsecapp.exe
1 C:\WINDOWS\system32\wdfmgr.exe
1 C:\WINDOWS\system32\winlogon.exe
1 C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar: [LinksFolderName] = Collegamenti
R1 - HKCU\Software\Microsoft\Internet Explorer: (default)
R1 - HKLM\Software\Microsoft\Internet Explorer: (default)
R1 - HKU\.DEFAULT\Software\Microsoft\Internet Explorer: (default)
R1 - HKU\S-1-5-19\Software\Microsoft\Internet Explorer: (default)
R1 - HKU\S-1-5-20\Software\Microsoft\Internet Explorer: (default)
R1 - HKU\S-1-5-21-1715567821-1580436667-725345543-1005\Software\Microsoft\Internet Explorer: (default)
R3 - HKCU\..\URLSearchHooks: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll
R3 - HKU\S-1-5-21-1715567821-1580436667-725345543-1005: Default URLSearchHook is missing
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3CBD5BAE-0C34-4D94-8FC4-234B21AD2DCC} = https://it.search.yahoo.com/sear...sec. - 30468 bytes, CRC32: FFFFFFFF. Sign: 堜ἰ
 
Riscontri qualche problema?

Elimina

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3CBD5BAE-0C34-4D94-8FC4-234B21AD2DCC} = https://it.search.yahoo.com/sear...oppo vecchia di Chrome per utilizzarlo ancora
 
Da stamattina appena accendo il computer si spegne subito prima di caricare la pagina, per farlo partire devo riavviarlo almeno 3/4 volte fino a che parte, prima non succedeva. Riguardo chrome lo utilizzo ancora perchè con firefox mi è quasi impossibile navigare, mi si blocca di continuo e va lento, la cosa l'abbiamo già affrontata in passato riguardo la lentezza. Mi sono accorto che navigando con Chrome (anche se il browser principale è firefox) mi va meglio ed ho molti meno problemi e quindi fino a che me lo consente utilizzo chrome. Purtroppo il mio computer è vecchio, del 2009, ed ho Xp, dovrei cambiarlo.
 
Per i riavvi apri una discussione apposita.

Ma è molto probabile che se quando lo spegni stacchi anche corrente, il problema sia l'alimentatore
 
Domani se il problema si ripresenta apro una discussione. Le cose che mi hai fatto cancellare cosa erano?
 
Qualche anima pia potrebbe contollare per favore questo logfile?:D

Grazie.

Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.8.0.4

Platform: x32 Windows XP (Professional), 5.1.2600.0, Service Pack: 3
Time: 19.08.2018 - 18:31 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Ran by: Alfredo (group: Administrator) on ALFREDO-5EC8D9D, FirstRun: yes

Firefox: 52.9.0.6746
Internet Explorer: 8.0.6001.18702
Default: "C:\Programmi\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Documents and Settings\Alfredo\Desktop\HiJackThis.exe
1 C:\Programmi\AVAST Software\Avast\AvastSvc.exe
1 C:\Programmi\AVAST Software\Avast\AvastUI.exe
1 C:\Programmi\Malwarebytes\Anti-Malware\mbamservice.exe
1 C:\Programmi\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Programmi\Mozilla Firefox\firefox.exe
1 C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1 C:\Programmi\PDF24\pdf24.exe
1 C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
1 C:\WINDOWS\Explorer.EXE
1 C:\WINDOWS\System32\alg.exe
1 C:\WINDOWS\System32\smss.exe
1 C:\WINDOWS\system32\csrss.exe
1 C:\WINDOWS\system32\ctfmon.exe
1 C:\WINDOWS\system32\lsass.exe
1 C:\WINDOWS\system32\nvsvc32.exe
1 C:\WINDOWS\system32\services.exe
1 C:\WINDOWS\system32\spoolsv.exe
7 C:\WINDOWS\system32\svchost.exe
1 C:\WINDOWS\system32\wbem\wmiprvse.exe
1 C:\WINDOWS\system32\winlogon.exe
1 C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar: [LinksFolderName] = Collegamenti
R1 - HKCU\Software\Microsoft\Internet Explorer: (default)
R1 - HKLM\Software\Microsoft\Internet Explorer: (default)
R1 - HKU\.DEFAULT\Software\Microsoft\Internet Explorer: (default)
R1 - HKU\S-1-5-19\Software\Microsoft\Internet Explorer: (default)
R1 - HKU\S-1-5-20\Software\Microsoft\Internet Explorer: (default)
R1 - HKU\S-1-5-21-220523388-329068152-839522115-1005\Software\Microsoft\Internet Explorer: (default)
R3 - HKCU\..\URLSearchHooks: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll
R3 - HKU\S-1-5-21-220523388-329068152-839522115-1005: Default URLSearchHook is missing
O2 - HKLM\..\BHO: Wondershare Player 1.6.0 - {43D9786F-A485-683B-9B5B-ACC97ABC17FC} - C:\Documents and Settings\All Users\Dati applicazioni\Wondershare\Player\WSBrowserAppMgr.dll
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Programmi\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [NvCplDaemon] = C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - MSConfig\startupreg: Adobe ARM [command] = C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (HKLM) (2018/07/15)
O4 - MSConfig\startupreg: CCleaner Monitoring [command] = C:\Programmi\CCleaner\CCleaner.exe /MONITOR (HKCU) (2018/07/24)
O4 - MSConfig\startupreg: DAEMON Tools Lite Automount [command] = C:\Programmi\DAEMON Tools Lite\DTAgent.exe -autorun (HKCU) (2018/07/15)
O4 - MSConfig\startupreg: DelaypluginInstall [command] = C:\Documents and Settings\All Users\Dati applicazioni\Wondershare\Player\DelayPluginI.exe (HKLM) (2018/07/15)
O4 - MSConfig\startupreg: HP Software Update [command] = C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe (HKLM) (2018/07/24)
O4 - MSConfig\startupreg: MSMSGS [command] = C:\Programmi\Messenger\msmsgs.exe /background (HKCU) (2018/07/15)
O4 - MSConfig\startupreg: NvMediaCenter [command] = C:\WINDOWS\system32\RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login (HKLM) (2018/07/15)
O4 - MSConfig\startupreg: PDFPrint [command] = C:\Programmi\PDF24\pdf24.exe (HKLM) (2018/07/15)
O4 - MSConfig\startupreg: RTHDCPL [command] = C:\WINDOWS\RTHDCPL.EXE (HKLM) (2018/07/15)
O4 - MSConfig\startupreg: WiseStubReboot [command] = C:\WINDOWS\system32\MSIEXEC.exe /I "C:\Programmi\File comuni\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MSI" TRANSFORMS="C:\Programmi\File comuni\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MST" WISE_SETUP_EXE_PATH="D:\Drivers\Chipset\15.45-WinXP32\display\PhysX_9.09.0428_SystemSoftware.exe" (HKCU) (2018/07/15)
O4 - MSConfig\startupreg: Wondershare Helper Compact.exe [command] = C:\Programmi\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (HKLM) (2018/07/15)
O4 - MSConfig\startupreg: nwiz [command] = C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet (HKLM) (2018/07/15)
O15 - Trusted Zone: http://*.Wondershare.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E23DFE7-F101-43BD-8C62-23DA572DC01D}: [NameServer] = 208.67.220.220 (Well-known DNS: Cisco OpenDNS)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E23DFE7-F101-43BD-8C62-23DA572DC01D}: [NameServer] = 208.67.222.222 (Well-known DNS: Cisco OpenDNS)
O18 - Protocol: WSIEChrome - {6D02ED5F-FD0D-4C4C- - (no file)
O21 - HKLM\..\ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmi\SUPERAntiSpyware\SASSEH.DLL
O21 - HKLM\..\ShellIconOverlayIdentifiers: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Programmi\AVAST Software\Avast\ashShell.dll
O22 - ScheduledTask: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - ScheduledTask: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - Task (Job): (Ready) Adobe Flash Player NPAPI Notifier.job - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe -check plugin
O22 - Task (Job): (Ready) Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (Job): (Ready) At1.job - C:\Programmi\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe /UA 8.0 /DDV 0x0800"
O22 - Task (Job): (Ready) At2.job - C:\Programmi\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe /UA 8.0 /DDV 0x0800"
O22 - Task (Job): (Ready) At3.job - C:\Programmi\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe /UA 8.0 /DDV 0x0800"
O22 - Task (Job): (Ready) At4.job - C:\Programmi\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe /UA 8.0 /DDV 0x0800"
O22 - Task (Job): (Ready) Avast Emergency Update.job - C:\Programmi\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task (Job): (Ready) CCleaner Update.job - C:\Programmi\CCleaner\CCUpdate.exe
O22 - Task (Job): (Ready) Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job - C:\WINDOWS\system32\xp_eos.exe -c
O22 - Task (Job): (Ready) Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job - C:\WINDOWS\system32\xp_eos.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Programmi\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: NVIDIA Driver Helper Service - (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service R2: NVIDIA Update Service Daemon - (nvUpdatusService) - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service R2: PDF24 - C:\Programmi\PDF24\pdf24.exe -service
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service S2: KMService - C:\WINDOWS\system32\srvany.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Disc Soft Lite Bus Service - C:\Programmi\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service S3: Gestione applicazione - (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs; "ServiceDll" = C:\WINDOWS\System32\appmgmts.dll (file missing)
O23 - Service S3: Microsoft SharePoint Workspace Audit Service - C:\Programmi\Microsoft Office\Office14\GROOVE.EXE /auditservice
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Office Source Engine - (ose) - C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Office Software Protection Platform - (osppsvc) - C:\Programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


--
End of file - Time spent: 4 sec. - 16866 bytes, CRC32: FFFFFFFF. Sign: 贞絍
 
Devi accedere o registrarti per poter rispondere.
Indietro
Alto Basso