log hijackthis

In questa sezione del forum si parla di sicurezza, soluzioni antivirus, firewall, problematiche relative a malware in generale

Moderatore: Staff forum IlSoftware.it

servo75
Messaggi: 9
Iscritto il: 18 apr 2014 21:46

log hijackthis

Messaggioda servo75 » 04 nov 2018 12:01

salve ragazzi!
mi ricordo che tempo fa esisteva uno spazio nel forum dove si poteva inserire il log di hijackthis e veniva esaminato in automatico... non riesco più a trovarlo. è stato eliminato?
eventualmente posso postarVi il log qua?

Avatar utente
MaxZ
Moderatore
Moderatore
Messaggi: 6638
Iscritto il: 02 mag 2004 13:24
Località: Piove di Sacco (PD)
Contatta:

Re: log hijackthis

Messaggioda MaxZ » 04 nov 2018 16:49

Puoi postarlo qui, ma che sistema operativo utilizzi?

servo75
Messaggi: 9
Iscritto il: 18 apr 2014 21:46

Re: log hijackthis

Messaggioda servo75 » 04 nov 2018 18:48

ciao grazie!
utilizzo windows 7... oltre ai problemi che troverete nel mio log, vorrei disinstallare Avira(non riesco nemmeno con il suo tool) e togliere key find dal mio browser(firefox); anche in questo caso, seguendo tutte le procedure trovate in rete, non mi hanno permesso di togliere questa noia... ho lanciato anche combofix e malwarebytes, ecco il log:

Codice: Seleziona tutto

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 05:32:52, on 29/12/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18347)

FIREFOX: 47.0.2 (x86 it)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
C:\Users\Utente\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.avira.net/#web/result?source=art&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.avira.net/#web/result?source=art&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.avira.net/#web/result?source=art&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Guida per l'accesso all'account Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{96E2BA0A-9B16-4AB1-B24B-1ECBB7FA1858}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\72.0.3595.2\elevation_service.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Utente\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11104 bytes

servo75
Messaggi: 9
Iscritto il: 18 apr 2014 21:46

Re: log hijackthis

Messaggioda servo75 » 09 nov 2018 19:27

salve ragazzi!
posso chiedere gentilmente se è possibile ripristinare la lettura del log in automatico come un tempo in modo da fare da solo senza rompere le scatole a nessuno e senza dover aspettare giorni e giorni per un'eventuale risposta?
grazie :angioletto:

Avatar utente
fax71ita
Junior Software
Junior Software
Messaggi: 141
Iscritto il: 22 giu 2015 23:09
Località: Torino

Re: log hijackthis

Messaggioda fax71ita » 09 nov 2018 21:22

Hai provato in modalità provvisoria per entrambi i problemi?
Immagine

Avatar utente
Dog_Hot
Active member
Active member
Messaggi: 61227
Iscritto il: 14 set 2003 12:12

Re: log hijackthis

Messaggioda Dog_Hot » 09 nov 2018 21:54

salve ragazzi!
posso chiedere gentilmente se è possibile ripristinare la lettura del log in automatico come un tempo in modo da fare da solo senza rompere le scatole a nessuno e senza dover aspettare giorni e giorni per un'eventuale risposta?
grazie :angioletto:
Hijackthis è vecchio e superato...ti consiglio di usare FreeFixer: viewtopic.php?f=10&t=82331
Immagine Software Guru
Immagine
Keep calm and love Windows 10.
Vincitore 2 Awards 1ª Ed.2005-Vincitore 2 Awards in Area Tecnica 1ª Ed.2005-
Vincitore 4 Awards 2ª Ed.2006-Vincitore 1ª Ed.Champions League2006-Vincitore 4 Awards 3ª Ed.2007

Test PC-Test Flash Player -Windows Repair

servo75
Messaggi: 9
Iscritto il: 18 apr 2014 21:46

Re: log hijackthis

Messaggioda servo75 » 10 nov 2018 13:29

grazie ragazzi delle risposte...
in realtà, nell'attesa, alcuni problemi li ho già risolti(avira disinstallato completamente con Revo)...
hijackthis superato??? :confuso: mi ha sempre tolto tantissime rogne, però proverò FreeFixer e Vi farò sapere... grazie di nuovo!

servo75
Messaggi: 9
Iscritto il: 18 apr 2014 21:46

Re: log hijackthis

Messaggioda servo75 » 10 nov 2018 13:57

ho provato FreeFixer, ma come funzione?
devo cliccare su fix dopo la scansione? le stringhe in verdino le ha selezionate il programma e sono quelle da fixare? oppure devo cercare di capire e selezionare anche quelle con la casellina bianca?

Avatar utente
mattia33
Active Software Plus
Active Software Plus
Messaggi: 990
Iscritto il: 07 gen 2007 22:40
Località: Milano

Re: log hijackthis

Messaggioda mattia33 » 10 nov 2018 15:48

Mattia33

servo75
Messaggi: 9
Iscritto il: 18 apr 2014 21:46

Re: log hijackthis

Messaggioda servo75 » 11 nov 2018 21:40

grazie mattia33, articolo molto interessante... ho scaricato il nuovo hijackthis; mi aiutate a capire cosa eliminare?

Codice: Seleziona tutto

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.6

Platform: x64 Windows 7 (Home Premium), 6.1.7601.24263, Service Pack: 1
Time: 11.11.2018 - 21:37 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Utente (group: Administrator) on UTENTE-PC, FirstRun: yes

Chrome: 70.0.3538.77
Firefox: 63.0.1.6877
Internet Explorer: 11.0.9600.19155
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1 C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
1 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
1 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
1 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
1 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
1 C:\Program Files (x86)\Nero\Update\NASvc.exe
1 C:\Program Files (x86)\PDF Architect\ConversionService.exe
1 C:\Program Files (x86)\PDF Architect\HelperService.exe
1 C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
1 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1 C:\Program Files\ESET\ESET Security\egui.exe
1 C:\Program Files\ESET\ESET Security\ekrn.exe
1 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
1 C:\Program Files\IDT\WDM\sttray64.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
5 C:\Program Files\Mozilla Firefox\firefox.exe
1 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1 C:\Program Files\Software Informer\softinfo.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
1 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
1 C:\Users\Utente\Desktop\HiJackThis.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\SysWOW64\svchost.exe
1 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
1 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\hpservice.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
13 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = https://search.avira.net/#web/result?source=art&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Search_URL] = https://search.avira.net/#web/result?source=art&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Bar] = http://search.certified-toolbar.com?si=66803&tid=6721&ver=5.5&ts=1379196000000.000008&tguid=66803-6721-1379252994867-F73C4624CD343B9DC9356B91FE12EAEF&st=chrome&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Page] = http://search.certified-toolbar.com?si=66803&tid=6721&ver=5.5&ts=1379196000000.000008&tguid=66803-6721-1379252994867-F73C4624CD343B9DC9356B91FE12EAEF&st=chrome&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Search: [Default_Search_URL] = http://search.certified-toolbar.com?si=66803&tid=6721&ver=5.5&ts=1379196000000.000008&tguid=66803-6721-1379252994867-F73C4624CD343B9DC9356B91FE12EAEF&st=chrome&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = https://search.avira.net/#web/result?source=art&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Search_URL] = https://search.avira.net/#web/result?source=art&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Search Page] = https://search.avira.net/#web/result?source=art&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://search.avira.net/#web/result?source=art&q=
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = https://search.avira.net/#web/result?source=art&q=
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Search_URL] = https://search.avira.net/#web/result?source=art&q=
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Search Bar] = http://search.certified-toolbar.com?si=66803&tid=6721&ver=5.5&ts=1379196000000.000008&tguid=66803-6721-1379252994867-F73C4624CD343B9DC9356B91FE12EAEF&st=chrome&q=
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Search Page] = https://search.avira.net/#web/result?source=art&q=
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://search.avira.net/#web/result?source=art&q=
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Search: [Default_Search_URL] = http://search.certified-toolbar.com?si=66803&tid=6721&ver=5.5&ts=1379196000000.000008&tguid=66803-6721-1379252994867-F73C4624CD343B9DC9356B91FE12EAEF&st=chrome&q=
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3A34589F-B66F-4C12-83B5-F380BDB9D70D}: [URL] = http://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=1e6c85ff00000000000000269e7b3363&r=423 - Search the web (Softonic)
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6FDE475A-D677-4927-A573-5A066A4F6EFE}: [SuggestionsURL,SuggestionsURLFallback] = http://sugg-ie.it.search.yahoo.com/os?market=it&appid=ie8&command={searchTerms} - (no name)
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EDCC9690-715D-44C5-9B2C-2686BA69C78B}: [SuggestionsURL_JSON] = http://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={searchTerms} - Ask Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EDCC9690-715D-44C5-9B2C-2686BA69C78B}: [URL] = http://www.search.ask.com/web?tpid=ATU4-SP&o=APN11391&pf=V7&p2=^BAY^YYYYYY^YY^IT&gct=&itbv=12.21.0.3796&apn_uid=7C0ED8C7-4314-47C8-9824-92D2547016F4&apn_ptnrs=^BAY&apn_dtid=^YYYYYY^YY^IT&apn_dbr=cr_32.0.1700.76&doi=2014-12-09&trgb=IE&q={searchTerms}&psv=&pt=tb - Ask Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: [SuggestionsURL_JSON] = http://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=66803&gid=66803-6721-1379252994867-F73C4624CD343B9DC9356B91FE12EAEF&dbCode=1&command={searchTerms} - Web Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: [TopResultURLFallback] = http://search.certified-toolbar.com?si=66803&st=bs&tid=6721&ver=5.5&ts=1379196000000.000008&tguid=66803-6721-1379252994867-F73C4624CD343B9DC9356B91FE12EAEF&q={searchTerms} - Web Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: [URL] = http://search.certified-toolbar.com?si=66803&st=bs&tid=6721&ver=5.5&ts=1379196000000.000008&tguid=66803-6721-1379252994867-F73C4624CD343B9DC9356B91FE12EAEF&q={searchTerms} - Web Search
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6FDE475A-D677-4927-A573-5A066A4F6EFE}: [URL] = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 - Yahoo!
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{C00E0BF8-48B6-4F81-999A-E5DC7825DC64}: [URL] = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1120&query={searchTerms}&invocationType=tb50hpcnnbie7-it-it - AOL Cerca
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{D71D461C-C390-4DEE-952D-A69A0D8CF453}: [URL] = http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930 - Kelkoo
O2 - HKLM\..\BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - HKLM\..\BHO: DealsFindErPro - {86efdfb2-9b30-4374-b0e4-266be20048d7} - (no file)
O2 - HKLM\..\BHO: KingCoaupounn - {367D303E-64FF-A762-129B-DF2E6217C5A9} - (no file)
O2 - HKLM\..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - HKLM\..\BHO: dealsteer - {52331648-bef6-4ad0-86b6-68ea5e0d9b9c} - (no file)
O2-32 - HKLM\..\BHO: (no name) - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - (no file)
O2-32 - HKLM\..\BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2-32 - HKLM\..\BHO: Guida per l'accesso all'account Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2-32 - HKLM\..\BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2-32 - HKLM\..\BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3-32 - HKLM\..\Toolbar: (no name) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - (no file)
O3-32 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3-32 - HKLM\..\Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKLM\..\Run: [SmartMenu] = C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
O4 - HKLM\..\Run: [SysTrayApp] = C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [egui] = C:\Program Files\ESET\ESET Security\ecmds.exe /launch /hide
O4 - MSConfig\startupreg: Magic Desktop for HP notification [command] = C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (HKLM) (2018/11/05)
O4 - MSConfig\startupreg: PosService [command] = C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (HKLM) (2018/11/06) (file missing)
O4 - MSConfig\startupreg: SUPERAntiSpyware [command] = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (HKCU) (2018/11/06)
O4 - MSConfig\startupreg: StartCCC [command] = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun (HKLM) (2018/11/05)
O4 - MSConfig\startupreg: SynTPEnh [command] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (HKLM) (2018/11/06)
O4-32 - HKLM\..\Run: [HP Software Update] = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4-32 - HKLM\..\Run: [HPCam_Menu] = c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4-32 - HKLM\..\Run: [PosService] = C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (file missing)
O4-32 - HKLM\..\Run: [QlbCtrl.exe] = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4-32 - HKLM\..\Run: [TkBellExe] = C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe -osboot
O4-32 - HKLM\..\Run: [UpdatePRCShortCut] = C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4-32 - HKLM\..\Run: [WirelessAssistant] = C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci blog - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Pubblica su un &blog in Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{96E2BA0A-9B16-4AB1-B24B-1ECBB7FA1858}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{96E2BA0A-9B16-4AB1-B24B-1ECBB7FA1858}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{96E2BA0A-9B16-4AB1-B24B-1ECBB7FA1858}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{96E2BA0A-9B16-4AB1-B24B-1ECBB7FA1858}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O18 - HKLM\Software\Classes\Protocols\Handler\livecall: [CLSID] = {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - HKLM\Software\Classes\Protocols\Handler\msnim: [CLSID] = {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - HKLM\Software\Classes\Protocols\Handler\wlpg: [CLSID] = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ SkyDrive1: UpToDateOverlayHandler Class - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - C:\Users\Utente\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ SkyDrive2: SyncingOverlayHandler Class - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - C:\Users\Utente\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ SkyDrive3: ErrorOverlayHandler Class - {BBACC218-34EA-4666-9D7A-C78F2274A524} - C:\Users\Utente\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ SkyDrive1: UpToDateOverlayHandler Class - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - C:\Users\Utente\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ SkyDrive2: SyncingOverlayHandler Class - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - C:\Users\Utente\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ SkyDrive3: ErrorOverlayHandler Class - {BBACC218-34EA-4666-9D7A-C78F2274A524} - C:\Users\Utente\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
O22 - Task (.job): (Not scheduled) DSite.job - C:\Users\Utente\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE (file missing) /Check
O22 - Task (.job): (Not scheduled) FreeFixer background scan.job - C:\Program Files\FreeFixer\freefixer.exe -bgscan
O22 - Task (.job): (Not scheduled) SUPERAntiSpyware Scheduled Task 1942e3b0-3e21-4a73-9b15-b181052ef2db.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:1942e3b0-3e21-4a73-9b15-b181052ef2db
O22 - Task (.job): (Not scheduled) SUPERAntiSpyware Scheduled Task 2113ee47-0a67-4111-8a67-2167bdd3c803.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:2113ee47-0a67-4111-8a67-2167bdd3c803
O22 - Task (.job): (Ready) Bonanza.job - C:\Users\Utente\AppData\Roaming\Bonanza\UPDATE~1\UPDATE~1.EXE (file missing) /Check
O22 - Task (.job): (Ready) FacebookUpdateTaskUserS-1-5-21-3345509956-1831788962-3063613370-1000Core.job - C:\Users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
O22 - Task (.job): (Ready) FacebookUpdateTaskUserS-1-5-21-3345509956-1831788962-3063613370-1000UA.job - C:\Users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
O22 - Task (.job): (Ready) Update Bonanza.job - C:\Users\Utente\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE (file missing) /Check
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTask - C:\Windows\system32\Wat\WatAdminSvc.exe /run (Microsoft)
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - C:\Windows\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\compattelrunner.exe -maintenance (Microsoft)
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: Adobe Flash Player NPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe -check plugin
O22 - Task: Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task: Bonanza - C:\Users\Utente\AppData\Roaming\Bonanza\UPDATE~1\UPDATE~1.EXE /Check (file missing)
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CLMLSvc - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
O22 - Task: CapSchedInst - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe
O22 - Task: CapSvcInst - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe
O22 - Task: CapUninst - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe
O22 - Task: DVDAgent - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
O22 - Task: FacebookUpdateTaskUserS-1-5-21-3345509956-1831788962-3063613370-1000Core - C:\Users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
O22 - Task: FacebookUpdateTaskUserS-1-5-21-3345509956-1831788962-3063613370-1000UA - C:\Users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
O22 - Task: FreeFixer background scan - C:\Program Files\FreeFixer\freefixer.exe -bgscan
O22 - Task: GoforFilesUpdate - C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (file missing)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: RMCreator - C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe
O22 - Task: RealPlayerRealUpgradeLogonTaskS-1-5-21-3345509956-1831788962-3063613370-1000 - C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
O22 - Task: RealPlayerRealUpgradeScheduledTaskS-1-5-21-3345509956-1831788962-3063613370-1000 - C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
O22 - Task: RecoveryCDWin7 - C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe RecoveryCDWin7 ShowMessageTask
O22 - Task: Registration - C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe Registration ShowMessageTask2D
O22 - Task: RunAsStdUser - C:\Program Files (x86)\Desk 365\desk365.exe /autorun (file missing)
O22 - Task: SUPERAntiSpyware Scheduled Task 1942e3b0-3e21-4a73-9b15-b181052ef2db - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:1942e3b0-3e21-4a73-9b15-b181052ef2db
O22 - Task: SUPERAntiSpyware Scheduled Task 2113ee47-0a67-4111-8a67-2167bdd3c803 - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:2113ee47-0a67-4111-8a67-2167bdd3c803
O22 - Task: SoftwareInformerService - C:\Program Files\Software Informer\softinfo.exe -service
O22 - Task: TVAgent - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
O22 - Task: Update Bonanza - C:\Users\Utente\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE /Check (file missing)
O22 - Task: \Games\UpdateCheck_S-1-5-21-3345509956-1831788962-3063613370-1000 - {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} - C:\Windows\System32\gameux.dll
O22 - Task: \Hewlett-Packard\HP Assistant\PC Health Analysis - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis
O22 - Task: \Hewlett-Packard\HP Assistant\PC Tuneup - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L TuneupTimer
O22 - Task: \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file)
O23 - Service R2: AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Andrea ST Filters Service - (AESTFilters) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
O23 - Service R2: Audio Service - (STacSV) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
O23 - Service R2: Cyberlink RichVideo Service(CRVS) - (RichVideo) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: EPSON V3 Service4(01) - (EPSON_PM_RPCV4_01) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service R2: EPSON V5 Service4(01) - (EPSON_EB_RPCV4_01) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service R2: ESET Service - (ekrn) - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service R2: Easybits Shared Services for Windows - (ezSharedSvc) - C:\Windows\SysWow64\svchost.exe -k netsvcs; "ServiceDll" = C:\Windows\System32\ezsvc7.dll (file missing)
O23 - Service R2: HP Health Check Service - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service R2: HP Service - (hpsrv) - C:\Windows\system32\Hpservice.exe
O23 - Service R2: LightScribeService Direct Disc Labeling Service - (LightScribeService) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: Nero Update - (NAUpdate) - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service R2: PDF Architect Helper Service - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service R2: PDF Architect Service - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service R2: RealNetworks Downloader Resolver Service - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service R2: Windows Live ID Sign-in Assistant - (wlidsvc) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
O23 - Service R3: Com4QLBEx - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service R3: ESET Firewall Helper - (ekrnEpfw) - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service R3: hpqwmiex - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service S2: Pos Service - (PowerOffer Service) - C:\Users\Utente\AppData\Local\PosService\Pos.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Software Upd - (SoftwareUpd) - C:\Users\Utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: GameConsoleService - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service S3: Microsoft Office Diagnostics Service - (odserv) - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Windows Live Family Safety Service - (fsssvc) - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe


--
End of file - Time spent: 18,6 sec. - 51564 bytes, CRC32: FFFFFFFF. Sign: 엞纯

Luke57
Active member
Active member
Messaggi: 981
Iscritto il: 04 feb 2005 13:17

Re: log hijackthis

Messaggioda Luke57 » 13 nov 2018 17:57

Ciao, cancella tutte le voci contrassegnate nel log con le lettere da R0 a R4, tranne la seguente:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/

Poi cancella le voci seguenti:
O2 - HKLM\..\BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - HKLM\..\BHO: DealsFindErPro - {86efdfb2-9b30-4374-b0e4-266be20048d7} - (no file)
O2 - HKLM\..\BHO: KingCoaupounn - {367D303E-64FF-A762-129B-DF2E6217C5A9} - (no file)
O2 - HKLM\..\BHO: dealsteer - {52331648-bef6-4ad0-86b6-68ea5e0d9b9c} - (no file)
O2-32 - HKLM\..\BHO: (no name) - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - (no file)
O2-32 - HKLM\..\BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3-32 - HKLM\..\Toolbar: (no name) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - (no file)
O3-32 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - MSConfig\startupreg: PosService [command] = C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (HKLM) (2018/11/06) (file missing)
O4-32 - HKLM\..\Run: [PosService] = C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (file missing)
O22 - Task (.job): (Not scheduled) DSite.job - C:\Users\Utente\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE (file missing) /Check
O22 - Task (.job): (Ready) Update Bonanza.job - C:\Users\Utente\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE (file missing) /Check
O23 - Service S2: Pos Service - (PowerOffer Service) - C:\Users\Utente\AppData\Local\PosService\Pos.exe
O23 - Service S2: Software Upd - (SoftwareUpd) - C:\Users\Utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe

Poi segui questa guida per rimuovere poweroffer:
https://www.ilsoftware.it/articoli.asp? ... Offer_9856

Riesegui hijackthis e posta nuovo log

servo75
Messaggi: 9
Iscritto il: 18 apr 2014 21:46

Re: log hijackthis

Messaggioda servo75 » 13 nov 2018 22:44

wow wow wow!!!
grazie Luke57 :adoro:
ecco il log:

Codice: Seleziona tutto

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.6

Platform: x64 Windows 7 (Home Premium), 6.1.7601.24263, Service Pack: 1
Time: 13.11.2018 - 22:45 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Utente (group: Administrator) on UTENTE-PC, FirstRun: yes

Chrome: 70.0.3538.77
Firefox: 63.0.1.6877
Internet Explorer: 11.0.9600.19155
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1 C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
1 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
1 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
1 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
1 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
1 C:\Program Files (x86)\Nero\Update\NASvc.exe
1 C:\Program Files (x86)\PDF Architect\ConversionService.exe
1 C:\Program Files (x86)\PDF Architect\HelperService.exe
1 C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
1 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1 C:\Program Files\ESET\ESET Security\egui.exe
1 C:\Program Files\ESET\ESET Security\ekrn.exe
1 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
1 C:\Program Files\IDT\WDM\sttray64.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
6 C:\Program Files\Mozilla Firefox\firefox.exe
1 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1 C:\Program Files\Software Informer\softinfo.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
1 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
1 C:\Users\Utente\Desktop\HiJackThis.exe
1 C:\Windows\SysWOW64\svchost.exe
1 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
1 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\hpservice.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\sppsvc.exe
13 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wuauclt.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/
O2 - HKLM\..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2-32 - HKLM\..\BHO: Guida per l'accesso all'account Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2-32 - HKLM\..\BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2-32 - HKLM\..\BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O3-32 - HKLM\..\Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKLM\..\Run: [SmartMenu] = C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
O4 - HKLM\..\Run: [SysTrayApp] = C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [egui] = C:\Program Files\ESET\ESET Security\ecmds.exe /launch /hide
O4 - MSConfig\startupreg: Magic Desktop for HP notification [command] = C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (HKLM) (2018/11/05)
O4 - MSConfig\startupreg: SUPERAntiSpyware [command] = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (HKCU) (2018/11/06)
O4 - MSConfig\startupreg: StartCCC [command] = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun (HKLM) (2018/11/05)
O4 - MSConfig\startupreg: SynTPEnh [command] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (HKLM) (2018/11/06)
O4-32 - HKLM\..\Run: [HP Software Update] = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4-32 - HKLM\..\Run: [HPCam_Menu] = c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4-32 - HKLM\..\Run: [QlbCtrl.exe] = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4-32 - HKLM\..\Run: [TkBellExe] = C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe -osboot
O4-32 - HKLM\..\Run: [UpdatePRCShortCut] = C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4-32 - HKLM\..\Run: [WirelessAssistant] = C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci blog - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Pubblica su un &blog in Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{96E2BA0A-9B16-4AB1-B24B-1ECBB7FA1858}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{96E2BA0A-9B16-4AB1-B24B-1ECBB7FA1858}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{96E2BA0A-9B16-4AB1-B24B-1ECBB7FA1858}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{96E2BA0A-9B16-4AB1-B24B-1ECBB7FA1858}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O18 - HKLM\Software\Classes\Protocols\Handler\livecall: [CLSID] = {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - HKLM\Software\Classes\Protocols\Handler\msnim: [CLSID] = {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - HKLM\Software\Classes\Protocols\Handler\wlpg: [CLSID] = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ SkyDrive1: UpToDateOverlayHandler Class - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - C:\Users\Utente\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ SkyDrive2: SyncingOverlayHandler Class - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - C:\Users\Utente\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ SkyDrive3: ErrorOverlayHandler Class - {BBACC218-34EA-4666-9D7A-C78F2274A524} - C:\Users\Utente\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ SkyDrive1: UpToDateOverlayHandler Class - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - C:\Users\Utente\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ SkyDrive2: SyncingOverlayHandler Class - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - C:\Users\Utente\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ SkyDrive3: ErrorOverlayHandler Class - {BBACC218-34EA-4666-9D7A-C78F2274A524} - C:\Users\Utente\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
O22 - Task (.job): (Not scheduled) FreeFixer background scan.job - C:\Program Files\FreeFixer\freefixer.exe -bgscan
O22 - Task (.job): (Not scheduled) SUPERAntiSpyware Scheduled Task 1942e3b0-3e21-4a73-9b15-b181052ef2db.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:1942e3b0-3e21-4a73-9b15-b181052ef2db
O22 - Task (.job): (Not scheduled) SUPERAntiSpyware Scheduled Task 2113ee47-0a67-4111-8a67-2167bdd3c803.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:2113ee47-0a67-4111-8a67-2167bdd3c803
O22 - Task (.job): (Ready) FacebookUpdateTaskUserS-1-5-21-3345509956-1831788962-3063613370-1000Core.job - C:\Users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
O22 - Task (.job): (Ready) FacebookUpdateTaskUserS-1-5-21-3345509956-1831788962-3063613370-1000UA.job - C:\Users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
O22 - Task (.job): (Ready) Update Bonanza.job - C:\Users\Utente\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE (file missing) /Check
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTask - C:\Windows\system32\Wat\WatAdminSvc.exe /run (Microsoft)
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - C:\Windows\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\compattelrunner.exe -maintenance (Microsoft)
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: Adobe Flash Player NPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe -check plugin
O22 - Task: Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task: Bonanza - C:\Users\Utente\AppData\Roaming\Bonanza\UPDATE~1\UPDATE~1.EXE /Check (file missing)
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: CLMLSvc - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
O22 - Task: CapSchedInst - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe
O22 - Task: CapSvcInst - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe
O22 - Task: CapUninst - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe
O22 - Task: DVDAgent - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
O22 - Task: FacebookUpdateTaskUserS-1-5-21-3345509956-1831788962-3063613370-1000Core - C:\Users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
O22 - Task: FacebookUpdateTaskUserS-1-5-21-3345509956-1831788962-3063613370-1000UA - C:\Users\Utente\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
O22 - Task: FreeFixer background scan - C:\Program Files\FreeFixer\freefixer.exe -bgscan
O22 - Task: GoforFilesUpdate - C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (file missing)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: RMCreator - C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe
O22 - Task: RealPlayerRealUpgradeLogonTaskS-1-5-21-3345509956-1831788962-3063613370-1000 - C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck
O22 - Task: RealPlayerRealUpgradeScheduledTaskS-1-5-21-3345509956-1831788962-3063613370-1000 - C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck
O22 - Task: RecoveryCDWin7 - C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe RecoveryCDWin7 ShowMessageTask
O22 - Task: Registration - C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe Registration ShowMessageTask2D
O22 - Task: RunAsStdUser - C:\Program Files (x86)\Desk 365\desk365.exe /autorun (file missing)
O22 - Task: SUPERAntiSpyware Scheduled Task 1942e3b0-3e21-4a73-9b15-b181052ef2db - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:1942e3b0-3e21-4a73-9b15-b181052ef2db
O22 - Task: SUPERAntiSpyware Scheduled Task 2113ee47-0a67-4111-8a67-2167bdd3c803 - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:2113ee47-0a67-4111-8a67-2167bdd3c803
O22 - Task: SoftwareInformerService - C:\Program Files\Software Informer\softinfo.exe -service
O22 - Task: TVAgent - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
O22 - Task: Update Bonanza - C:\Users\Utente\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE /Check (file missing)
O22 - Task: \Games\UpdateCheck_S-1-5-21-3345509956-1831788962-3063613370-1000 - {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} - C:\Windows\System32\gameux.dll
O22 - Task: \Hewlett-Packard\HP Assistant\PC Health Analysis - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis
O22 - Task: \Hewlett-Packard\HP Assistant\PC Tuneup - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L TuneupTimer
O22 - Task: \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file)
O23 - Service R2: AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Andrea ST Filters Service - (AESTFilters) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
O23 - Service R2: Audio Service - (STacSV) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
O23 - Service R2: Cyberlink RichVideo Service(CRVS) - (RichVideo) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: EPSON V3 Service4(01) - (EPSON_PM_RPCV4_01) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service R2: EPSON V5 Service4(01) - (EPSON_EB_RPCV4_01) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service R2: ESET Service - (ekrn) - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service R2: Easybits Shared Services for Windows - (ezSharedSvc) - C:\Windows\SysWow64\svchost.exe -k netsvcs; "ServiceDll" = C:\Windows\System32\ezsvc7.dll (file missing)
O23 - Service R2: HP Health Check Service - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service R2: HP Service - (hpsrv) - C:\Windows\system32\Hpservice.exe
O23 - Service R2: LightScribeService Direct Disc Labeling Service - (LightScribeService) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: Nero Update - (NAUpdate) - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service R2: PDF Architect Helper Service - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service R2: PDF Architect Service - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service R2: RealNetworks Downloader Resolver Service - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service R2: Windows Live ID Sign-in Assistant - (wlidsvc) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
O23 - Service R3: Com4QLBEx - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service R3: ESET Firewall Helper - (ekrnEpfw) - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service R3: hpqwmiex - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: GameConsoleService - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service S3: Microsoft Office Diagnostics Service - (odserv) - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Windows Live Family Safety Service - (fsssvc) - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe


--
End of file - Time spent: 19,5 sec. - 38244 bytes, CRC32: FFFFFFFF. Sign: 风灱

Luke57
Active member
Active member
Messaggi: 981
Iscritto il: 04 feb 2005 13:17

Re: log hijackthis

Messaggioda Luke57 » 14 nov 2018 11:55

Cio, adesso sembra a posto.Ci sono sempre problemi?