|
|||||||
|
|
|
 |
|
|
Strumenti |
21-12-2016, 13:33
|
#1 |
|
Member
Iscritto dal: Feb 2004
Messaggi: 167
|
Rilevato PUP.Optional.
Ciao a tutti
Ho fatto un test del pc con Malwarebytes Anti-Malware. Il programma ha trovato circa 380 voci "infette". L'elemento nocivo è sempre lo stesso: PUP.Optional.AshampooRegistryCleaner Ho fatto una scansione anche con AdwCleaner che pero non trova nulla. Chi ha raggione? Il mio pc è pulito? (Avast non trova nulla). Grazie, Z3 |
|
|
|
21-12-2016, 14:42
|
#2 |
|
Senior Member
Iscritto dal: Apr 2015
Messaggi: 10200
|
Hai installato per caso questo software? https://www.ashampoo.com/en/usd/pin/...gistry-cleaner
|
|
|
|
|
22-12-2016, 10:50
|
#3 |
|
Member
Iscritto dal: Feb 2004
Messaggi: 167
|
Grazie per la risposta!
No ho installato anni fa questo: https://www.ashampoo.com/en/usd/pin/...tudio-Elements Ma non mi è stato mai rilevato come elemnto sospetto ed il programma è originale. Come mai, c'è qualcosa di strano...  Grazie, Z3 |
|
|
|
|
22-12-2016, 16:38
|
#4 |
|
Senior Member
Iscritto dal: Apr 2015
Messaggi: 10200
|
Prova a disinstallarlo, fai una pulizia generale e vedi se ritrova l'infezione.
|
|
|
|
|
23-12-2016, 08:01
|
#5 |
|
Member
Iscritto dal: Feb 2004
Messaggi: 167
|
Il programma l'ho installato nel pc da almeno 3 anni e non è mai stata rilevata nessuna infezione...
Adesso improvvisamente Malwarebytes Anti-Malware trova delle voci infette. Avast e Adwcleaner non trovano nulla. Com'è possibile? Grazie, Z3 |
|
|
|
|
27-12-2016, 16:37
|
#6 |
|
Senior Member
Iscritto dal: Apr 2015
Messaggi: 10200
|
Hai provato con hitmanpro, junkware removal tool e roguekiller?
|
|
|
|
|
30-12-2016, 14:50
|
#7 |
|
Member
Iscritto dal: Feb 2004
Messaggi: 167
|
Grazie ancora per la risposta, qui il Log di Junkware Removal Tool, che mi dici? Non mi pare ci sua nulla di sospetto, mi sbaglio?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 7 Professional x64 Ran by USER (Administrator) on 30/12/2016 at 15:38:26,58 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 18 Successfully deleted: C:\ProgramData\Start Menu\Programs\optimizer pro (Folder) Successfully deleted: C:\Users\USER\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6IK590B (Temporary Internet Files Folder) Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E7PR3FHQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENZ1UX0J (Temporary Internet Files Folder) Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6RTYQRH (Temporary Internet Files Folder) Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6IK590B (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E7PR3FHQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENZ1UX0J (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6RTYQRH (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30/12/2016 at 15:46:47,39 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|
|
|
02-01-2017, 12:39
|
#9 |
|
Senior Member
Iscritto dal: Apr 2015
Messaggi: 10200
|
Ti ha eliminato delle cartelle, per il resto non sembra ci sia altro.
Prova a vedere che trova hitmanpro. |
|
|
|
|
02-01-2017, 15:08
|
#10 |
|
Member
Iscritto dal: Feb 2004
Messaggi: 167
|
Ecco il Log di HitmanPro che mi dite di fare?
Codice:
HitmanPro 3.7.15.281
www.hitmanpro.com
Computer name . . . . : USER-PC
Windows . . . . . . . : 6.1.1.7601.X64/8
User name . . . . . . : USER-PC\USER
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2017-01-02 15:10:31
Scan mode . . . . . . : Normal
Scan duration . . . . : 5m 57s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 10
Objects scanned . . . : 2.486.050
Files scanned . . . . : 79.494
Remnants scanned . . : 610.686 files / 1.795.870 keys
Suspicious files ____________________________________________________________
C:\Users\USER\AppData\Local\PunkBuster\BFP4F\pb\dll\wc002304.dll
Size . . . . . . . : 954.496 bytes
Age . . . . . . . : 1274.8 days (2013-07-07 19:53:21)
Entropy . . . . . : 7.6
SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\USER\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
Size . . . . . . . : 954.496 bytes
Age . . . . . . . : 1273.9 days (2013-07-08 16:44:33)
Entropy . . . . . : 7.6
SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\USER\AppData\Local\PunkBuster\BFP4F\pb\pbclold.dll
Size . . . . . . . : 954.496 bytes
Age . . . . . . . : 1274.8 days (2013-07-07 19:42:23)
Entropy . . . . . : 7.6
SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\USER\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys
Size . . . . . . . : 139.424 bytes
Age . . . . . . . : 1274.8 days (2013-07-07 19:43:08)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 2A97BC40220EE7B5383991EDB238A70B2D6A7881E54E465999E2EADD6A396029
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Potential Unwanted Programs _________________________________________________
HKU\S-1-5-21-1093930204-516985868-3014718368-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player)
HKU\S-1-5-21-1093930204-516985868-3014718368-1000\Software\Smartbar\ (Conduit)
Cookies _____________________________________________________________________
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Cookies\4RNVB1U7.txt
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Cookies\900Z054A.txt
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Cookies\HRC7KS1N.txt
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Cookies\Z06C5QIM.txt
|
|
|
|
|
04-01-2017, 12:49
|
#11 | |
|
Senior Member
Iscritto dal: Apr 2015
Messaggi: 10200
|
A parte Punkbuster (è un anticheat per i giochi) e qualche cookie, ha trovato ed eliminato questo
Quote:
|
|
|
|
|
|
05-01-2017, 17:33
|
#12 |
|
Member
Iscritto dal: Feb 2004
Messaggi: 167
|
OTTIMO!!!! Adesso non viene piu rilevato nulla!!! Molte grazie per l'aiuto!
 Z3 |
|
|
|
|
05-01-2017, 17:49
|
#13 |
|
Senior Member
Iscritto dal: Apr 2015
Messaggi: 10200
|
Felice per te
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 16:01.
