View Full Version : Rilevato PUP.Optional.
Ciao a tutti
Ho fatto un test del pc con Malwarebytes Anti-Malware. Il programma ha trovato circa 380 voci "infette".
L'elemento nocivo è sempre lo stesso: PUP.Optional.AshampooRegistryCleaner
Ho fatto una scansione anche con AdwCleaner che pero non trova nulla.
Chi ha raggione? Il mio pc è pulito? (Avast non trova nulla).
Grazie,
Z3
Hai installato per caso questo software? https://www.ashampoo.com/en/usd/pin/0078/system-software/registry-cleaner
Grazie per la risposta!
No ho installato anni fa questo: https://www.ashampoo.com/en/usd/pin/3110/4-Burning-Software/Ashampoo-Burning-Studio-Elements
Ma non mi è stato mai rilevato come elemnto sospetto ed il programma è originale.
Come mai, c'è qualcosa di strano... :mbe: :mbe:
Grazie,
Z3
Prova a disinstallarlo, fai una pulizia generale e vedi se ritrova l'infezione.
Il programma l'ho installato nel pc da almeno 3 anni e non è mai stata rilevata nessuna infezione...
Adesso improvvisamente Malwarebytes Anti-Malware trova delle voci infette.
Avast e Adwcleaner non trovano nulla.
Com'è possibile?
Grazie,
Z3
Hai provato con hitmanpro, junkware removal tool e roguekiller?
Grazie ancora per la risposta, qui il Log di Junkware Removal Tool, che mi dici? Non mi pare ci sua nulla di sospetto, mi sbaglio? :mbe:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64
Ran by USER (Administrator) on 30/12/2016 at 15:38:26,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 18
Successfully deleted: C:\ProgramData\Start Menu\Programs\optimizer pro (Folder)
Successfully deleted: C:\Users\USER\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6IK590B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E7PR3FHQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENZ1UX0J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6RTYQRH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6IK590B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E7PR3FHQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENZ1UX0J (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6RTYQRH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/12/2016 at 15:46:47,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Probabilmente si tratta di un falso positivo collegato al quel programma ashampoo.
Ti ha eliminato delle cartelle, per il resto non sembra ci sia altro.
Prova a vedere che trova hitmanpro.
Ecco il Log di HitmanPro che mi dite di fare?
HitmanPro 3.7.15.281
www.hitmanpro.com
Computer name . . . . : USER-PC
Windows . . . . . . . : 6.1.1.7601.X64/8
User name . . . . . . : USER-PC\USER
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2017-01-02 15:10:31
Scan mode . . . . . . : Normal
Scan duration . . . . : 5m 57s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 10
Objects scanned . . . : 2.486.050
Files scanned . . . . : 79.494
Remnants scanned . . : 610.686 files / 1.795.870 keys
Suspicious files ____________________________________________________________
C:\Users\USER\AppData\Local\PunkBuster\BFP4F\pb\dll\wc002304.dll
Size . . . . . . . : 954.496 bytes
Age . . . . . . . : 1274.8 days (2013-07-07 19:53:21)
Entropy . . . . . : 7.6
SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\USER\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
Size . . . . . . . : 954.496 bytes
Age . . . . . . . : 1273.9 days (2013-07-08 16:44:33)
Entropy . . . . . : 7.6
SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\USER\AppData\Local\PunkBuster\BFP4F\pb\pbclold.dll
Size . . . . . . . : 954.496 bytes
Age . . . . . . . : 1274.8 days (2013-07-07 19:42:23)
Entropy . . . . . : 7.6
SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\USER\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys
Size . . . . . . . : 139.424 bytes
Age . . . . . . . : 1274.8 days (2013-07-07 19:43:08)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 2A97BC40220EE7B5383991EDB238A70B2D6A7881E54E465999E2EADD6A396029
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Potential Unwanted Programs _________________________________________________
HKU\S-1-5-21-1093930204-516985868-3014718368-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player)
HKU\S-1-5-21-1093930204-516985868-3014718368-1000\Software\Smartbar\ (Conduit)
Cookies _____________________________________________________________________
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Cookies\4RNVB1U7.txt
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Cookies\900Z054A.txt
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Cookies\HRC7KS1N.txt
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Cookies\Z06C5QIM.txt
A parte Punkbuster (è un anticheat per i giochi) e qualche cookie, ha trovato ed eliminato questo
HKU\S-1-5-21-1093930204-516985868-3014718368-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player)
HKU\S-1-5-21-1093930204-516985868-3014718368-1000\Software\Smartbar\ (Conduit)
Verifica di nuovo se trova quel pup.optional
OTTIMO!!!! Adesso non viene piu rilevato nulla!!! Molte grazie per l'aiuto! :)
Z3
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.