Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Controllo log HI-Jack e Malwarebytes Opzioni
andread81
Inviato: Thursday, August 29, 2019 11:03:16 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
Oggi Defender mi ha trovato e cancellato un trojan Win32/Kovter.G

Per scrupolo ho fatto una scansione con MB e Hijack, mi date un'occhiata?
Running processes:
Number | Path
1 C:\Program Files (x86)\Canon\MP Navigator EX 4.0\mpnex40.exe
1 C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
1 C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
1 C:\Program Files (x86)\IObit\Driver Booster\6.4.0\Pub\PreCare.exe
1 C:\Program Files (x86)\IObit\Driver Booster\6.4.0\Pub\PubMonitor.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
10 C:\Program Files\Mozilla Firefox\firefox.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.53.0_x64__8wekyb3d8bbwe\Calculator.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.24.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.901.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MpCmdRun.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
1 C:\Users\Andrea\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1 C:\Users\Andrea\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\SysWOW64\dllhost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\CompPkgSrv.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHDCPSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHeciSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxCUIService.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxEM.exe
1 C:\Windows\System32\ICEsoundService64.exe
1 C:\Windows\System32\MicrosoftEdgeCP.exe
1 C:\Windows\System32\MicrosoftEdgeSH.exe
8 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\Taskmgr.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\browser_broker.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
4 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\drivers\AdminService.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
73 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
1 C:\Windows\splwow64.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.bing.com/?pc=COS2&ptag=D081319-N0690A915F698E57&form=CONMHP&conlogo=CT3335818
O4 - HKCU\..\Run: [OneDrive] = C:\Users\Andrea\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU\..\StartupApproved\Run: [uTorrent] = C:\Users\Andrea\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED (2019/08/14)
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run32: [CLMLServer_For_P2G8] = C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (2019/08/14)
O4 - HKLM\..\StartupApproved\Run32: [CLVirtualDrive] = C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R (2019/08/14)
O4 - HKU\S-1-5-21-1833797135-2609001719-1943356627-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08292019185623216\..\Run: [OneDrive] = C:\Users\Andrea\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft) (User 'unknown: S-1-5-21-1833797135-2609001719-1943356627-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08292019185623216')
O4 - HKU\S-1-5-21-1833797135-2609001719-1943356627-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08292019185623216\..\Run: [uTorrent] = C:\Users\Andrea\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED (User 'unknown: S-1-5-21-1833797135-2609001719-1943356627-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08292019185623216')
O4 - HKU\S-1-5-21-1833797135-2609001719-1943356627-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08292019185623216\..\StartupApproved\Run: [uTorrent] = C:\Users\Andrea\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED (User 'unknown') (2019/08/14)
O4-32 - HKLM\..\Run: [CanonQuickMenu] = C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4-32 - HKLM\..\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O15 - Trusted Zone: *.localhost
O15 - Trusted Zone: http://webcompanion.com
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{44606e27-ebb3-4ff1-9454-408e9d898dee}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{44606e27-ebb3-4ff1-9454-408e9d898dee}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O21-32 - HKLM\..\ShellExecuteHooks: [{B5A7F190-DDA6-4420-B3BA-52453494E6CD}] - Groove GFS Stub Execution Hook - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub): Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub): Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder): Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder): Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark): Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O23 - Service R2: AtherosSvc - C:\Windows\System32\drivers\AdminService.exe
O23 - Service R2: ICEsound Service - (ICEsoundService) - C:\Windows\system32\ICEsoundService64.exe
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHDCPSvc.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxCUIService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHeciSvc.exe
O23 - Service S2: CyberLink Product - 2019/03/26 16:48:23 - (CLKMSVC10_99E320F5) - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe /svc
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe
O23 - Service S3: Microsoft Office Diagnostics Service - (odserv) - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service S3: Microsoft Office Groove Audit Service - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc


Mentre MB ha trovato questo:
Chiave di registro: 3
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Nessuna azione intrapresa, [204], [236865],1.0.12243
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Nessuna azione intrapresa, [204], [236865],1.0.12243
PUP.Optional.Conduit, HKU\S-1-5-21-1833797135-2609001719-1943356627-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Nessuna azione intrapresa, [204], [236865],1.0.12243

Valore di registro: 2
PUP.Optional.Conduit, HKU\S-1-5-21-1833797135-2609001719-1943356627-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Nessuna azione intrapresa, [204], [236865],1.0.12243
PUP.Optional.Conduit, HKU\S-1-5-21-1833797135-2609001719-1943356627-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Nessuna azione intrapresa, [204], [236865],1.0.12243

Dati di registro: 1
PUP.Optional.Conduit, HKU\S-1-5-21-1833797135-2609001719-1943356627-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Nessuna azione intrapresa, [204], [293058],1.0.12243


Che ho subito sposato in quarantena ed eliminato... La scansione completa di Defender dopo quanto sopra non ha rilevato minacce...
Sponsor
Inviato: Thursday, August 29, 2019 11:03:16 PM

 
giza
Inviato: Friday, August 30, 2019 8:40:55 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,614
andread81
Inviato: Friday, August 30, 2019 10:35:50 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
Ho fatto quanto mi ha suggerito Giza, dopo tutto il giro questo è quanto:
Running processes:
Number | Path
1 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
11 C:\Program Files\Mozilla Firefox\firefox.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.53.0_x64__8wekyb3d8bbwe\Calculator.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11909.1001.7.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
1 C:\Users\Andrea\Desktop\HiJackThis\HiJackThis.exe
1 C:\Users\Andrea\Downloads\adwcleaner_7.4.exe
2 C:\Windows\SysWOW64\notepad.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\CompPkgSrv.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHDCPSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHeciSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxCUIService.exe
1 C:\Windows\System32\ICEsoundService64.exe
1 C:\Windows\System32\MicrosoftEdgeCP.exe
1 C:\Windows\System32\MicrosoftEdgeSH.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\browser_broker.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
3 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\drivers\AdminService.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\notepad.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
68 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = www.google.com
O4 - HKCU\..\Run: [OneDrive] = C:\Users\Andrea\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU\..\RunOnce: [Delete Cached Standalone Update Binary] = C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Andrea\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Delete Cached Update Binary] = C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Andrea\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Uninstall 19.123.0624.0005\amd64] = C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrea\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\amd64"
O4 - HKCU\..\RunOnce: [Uninstall 19.123.0624.0005] = C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrea\AppData\Local\Microsoft\OneDrive\19.123.0624.0005"
O4 - HKCU\..\StartupApproved\Run: [uTorrent] = C:\Users\Andrea\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED (2019/08/14)
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run32: [CLMLServer_For_P2G8] = C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (2019/08/14)
O4 - HKLM\..\StartupApproved\Run32: [CLVirtualDrive] = C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R (2019/08/14)
O4-32 - HKLM\..\Run: [CanonQuickMenu] = C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4-32 - HKLM\..\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O15 - Trusted Zone: *.localhost
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{44606e27-ebb3-4ff1-9454-408e9d898dee}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{44606e27-ebb3-4ff1-9454-408e9d898dee}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O21-32 - HKLM\..\ShellExecuteHooks: [{B5A7F190-DDA6-4420-B3BA-52453494E6CD}] - Groove GFS Stub Execution Hook - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub): Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub): Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder): Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder): Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark): Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O23 - Service R2: AtherosSvc - C:\Windows\System32\drivers\AdminService.exe
O23 - Service R2: ICEsound Service - (ICEsoundService) - C:\Windows\system32\ICEsoundService64.exe
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHDCPSvc.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxCUIService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHeciSvc.exe
O23 - Service S2: CyberLink Product - 2019/03/26 16:48:23 - (CLKMSVC10_99E320F5) - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe /svc
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe
O23 - Service S3: Microsoft Office Diagnostics Service - (odserv) - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service S3: Microsoft Office Groove Audit Service - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc


Mal
ha trovato solo questo:
PUP.Optional.Conduit, C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O7X66LZM.DEFAULT\PREFS.JS

mentre in precedenza aveva evidenziato:
Chiave di registro: 3
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Nessuna azione intrapresa, [204], [236865],1.0.12243
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Nessuna azione intrapresa, [204], [236865],1.0.12243
PUP.Optional.Conduit, HKU\S-1-5-21-1833797135-2609001719-1943356627-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Nessuna azione intrapresa, [204], [236865],1.0.12243

Valore di registro: 2
PUP.Optional.Conduit, HKU\S-1-5-21-1833797135-2609001719-1943356627-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Nessuna azione intrapresa, [204], [236865],1.0.12243
PUP.Optional.Conduit, HKU\S-1-5-21-1833797135-2609001719-1943356627-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Nessuna azione intrapresa, [204], [236865],1.0.12243

Dati di registro: 1
PUP.Optional.Conduit, HKU\S-1-5-21-1833797135-2609001719-1943356627-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Nessuna azione intrapresa, [204], [293058],1.0.12243


Mentre ADW ha eliminato queste chiavi:
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2CEC6E3-A1F1-4C99-8FD1-13017A8C117C}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{226A9651-D284-4B32-A8B5-B351F537347E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2CEC6E3-A1F1-4C99-8FD1-13017A8C117C}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVER BOOSTER SKIPUAC (ANDREA)
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
cbbusto
Inviato: Saturday, August 31, 2019 6:29:36 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Problemi non se ne vedono, però ti consiglio di eliminare le voci in avvio inutili, lascia solo Defender.
Queste sono le voci da disativare:

O4 - HKCU\..\Run: [OneDrive] = C:\Users\Andrea\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU\..\StartupApproved\Run: [uTorrent] = C:\Users\Andrea\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED (2019/08/14)
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run32: [CLMLServer_For_P2G8] = C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (2019/08/14)
O4 - HKLM\..\StartupApproved\Run32: [CLVirtualDrive] = C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R (2019/08/14)
O4 - HKU\S-1-5-21-1833797135-2609001719-1943356627-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08292019185623216\..\Run: [OneDrive] = C:\Users\Andrea\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft) (User 'unknown: S-1-5-21-1833797135-2609001719-1943356627-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08292019185623216')
O4 - HKU\S-1-5-21-1833797135-2609001719-1943356627-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08292019185623216\..\Run: [uTorrent] = C:\Users\Andrea\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED (User 'unknown: S-1-5-21-1833797135-2609001719-1943356627-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08292019185623216')
O4 - HKU\S-1-5-21-1833797135-2609001719-1943356627-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08292019185623216\..\StartupApproved\Run: [uTorrent] = C:\Users\Andrea\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED (User 'unknown') (2019/08/14)
O4-32 - HKLM\..\Run: [CanonQuickMenu] = C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4-32 - HKLM\..\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
Fai anche una pulizia con Ccleaner compreso il Registro. Ciao

Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.