Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiuto, beccato virus con win 10 Opzioni
ghenzi
Inviato: Tuesday, June 12, 2018 5:38:28 PM

Rank: AiutAmico

Iscritto dal : 10/31/2007
Posts: 1,338
Buonasera. Ieri facendo una scansione Malwarebytes, mi ha rilevato più di 200 minacce, ho fatto pulizia, riavviato, rfatto nuovamente una scansione e non ha rilevato nulla.
Oggi però, scansionando di nuovo, me ne ha trovate altre 8.
Questi sono i 2 report:

Commenta:
Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 11/06/18
Ora scansione: 14:18
File di log: 7e6159a8-6d71-11e8-81c8-14feb5b2af50.json
Amministratore: Sì

-Informazioni software-
Versione: 3.4.5.2467
Versione componenti: 1.0.342
Aggiorna versione pacchetto: 1.0.5434
Licenza: Free

-Informazioni sistema-
SO: Windows 10 (Build 17134.81)
CPU: x64
File system: NTFS
Utente:

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 423850
Minacce rilevate: 207
Minacce messe in quarantena: 207
Tempo impiegato: 19 min, 57 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 29
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PERPENDICULARITY\PERPENDICULARITY.EXE, In quarantena, [11376], [517318],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PERPENDICULARITY\PERPENDICULARITY.EXE, In quarantena, [11376], [517318],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PILOTED\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PILOTED\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PILOTED\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\USERS\DANDI\APPDATA\LOCAL\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\USERS\DANDI\APPDATA\LOCAL\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\WILFUL\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\WILFUL\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\USERS\DANDI\APPDATA\LOCAL\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\USERS\DANDI\APPDATA\LOCAL\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\INACCESSIBILITY\HARTUNG.EXE, In quarantena, [6054], [529917],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\WILFUL\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\WILFUL\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434

Modulo: 29
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PERPENDICULARITY\PERPENDICULARITY.EXE, In quarantena, [11376], [517318],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PERPENDICULARITY\PERPENDICULARITY.EXE, In quarantena, [11376], [517318],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PILOTED\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PILOTED\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PILOTED\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\USERS\DANDI\APPDATA\LOCAL\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\USERS\DANDI\APPDATA\LOCAL\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\WILFUL\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\WILFUL\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\USERS\DANDI\APPDATA\LOCAL\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\USERS\DANDI\APPDATA\LOCAL\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\INACCESSIBILITY\HARTUNG.EXE, In quarantena, [6054], [529917],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\WILFUL\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\WILFUL\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434

Chiave di registro: 89
PUP.Optional.Conduit, HKU\S-1-5-21-1931182577-1799832852-487072591-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In quarantena, [220], [236865],1.0.5434
PUP.Optional.Conduit, HKU\S-1-5-21-1931182577-1799832852-487072591-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In quarantena, [220], [236865],1.0.5434
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In quarantena, [220], [236865],1.0.5434
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In quarantena, [220], [236865],1.0.5434
PUP.Optional.Conduit, HKU\S-1-5-21-1931182577-1799832852-487072591-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In quarantena, [220], [236865],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\thwart, In quarantena, [11376], [517318],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{15C4D389-8A89-43F3-AACA-8DDDF23A1F34}, In quarantena, [11376], [517318],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{15C4D389-8A89-43F3-AACA-8DDDF23A1F34}, In quarantena, [11376], [517318],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\thwartthwart, In quarantena, [11376], [517318],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3A6B3CD1-2CCD-4C40-B990-439437229A72}, In quarantena, [11376], [517318],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{3A6B3CD1-2CCD-4C40-B990-439437229A72}, In quarantena, [11376], [517318],1.0.5434
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\thwart, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15C4D389-8A89-43F3-AACA-8DDDF23A1F34}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{15C4D389-8A89-43F3-AACA-8DDDF23A1F34}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\thwartthwart, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A6B3CD1-2CCD-4C40-B990-439437229A72}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A6B3CD1-2CCD-4C40-B990-439437229A72}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\capa, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1F5C4385-39C7-4FA6-8F58-F16FCC111B99}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{1F5C4385-39C7-4FA6-8F58-F16FCC111B99}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\capacapa, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E106A543-8933-4814-B457-2F31F88D8429}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E106A543-8933-4814-B457-2F31F88D8429}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\capa, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F5C4385-39C7-4FA6-8F58-F16FCC111B99}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F5C4385-39C7-4FA6-8F58-F16FCC111B99}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\capacapa, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E106A543-8933-4814-B457-2F31F88D8429}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E106A543-8933-4814-B457-2F31F88D8429}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\sargent-tourniquets, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{41E634FE-274D-43B5-805E-9927A158DD30}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{41E634FE-274D-43B5-805E-9927A158DD30}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\sargent-tourniquetssargent-tourniquets, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CBD46F36-EB14-42C6-AC78-8A883AC587AD}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{CBD46F36-EB14-42C6-AC78-8A883AC587AD}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\sargent-tourniquets, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41E634FE-274D-43B5-805E-9927A158DD30}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{41E634FE-274D-43B5-805E-9927A158DD30}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\sargent-tourniquetssargent-tourniquets, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBD46F36-EB14-42C6-AC78-8A883AC587AD}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBD46F36-EB14-42C6-AC78-8A883AC587AD}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\italtel_limericks, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DE596A75-98EF-432E-AE58-BC6042F62C26}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{DE596A75-98EF-432E-AE58-BC6042F62C26}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\italtel_limericksitaltel_limericks, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{637CFFBB-8C79-4BA4-B94C-8C0F675328A4}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{637CFFBB-8C79-4BA4-B94C-8C0F675328A4}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\italtel_limericks, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE596A75-98EF-432E-AE58-BC6042F62C26}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE596A75-98EF-432E-AE58-BC6042F62C26}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\italtel_limericksitaltel_limericks, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{637CFFBB-8C79-4BA4-B94C-8C0F675328A4}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{637CFFBB-8C79-4BA4-B94C-8C0F675328A4}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\phaedra closures, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{00CE767E-D2DE-41AE-8A35-B235E32C96D0}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{00CE767E-D2DE-41AE-8A35-B235E32C96D0}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\phaedra closuresphaedra closures, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F7F689E6-9218-4639-827F-50CDA6EF09F7}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F7F689E6-9218-4639-827F-50CDA6EF09F7}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\phaedra closures, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00CE767E-D2DE-41AE-8A35-B235E32C96D0}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00CE767E-D2DE-41AE-8A35-B235E32C96D0}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\phaedra closuresphaedra closures, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7F689E6-9218-4639-827F-50CDA6EF09F7}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7F689E6-9218-4639-827F-50CDA6EF09F7}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\boudoir doorways bulwark, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{730EF5B5-CD1A-42ED-8B8C-22A968E8768C}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{730EF5B5-CD1A-42ED-8B8C-22A968E8768C}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\boudoir doorways bulwarkboudoir doorways bulwark, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1EFBEC4C-0291-464A-8C31-ACB5EE998458}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{1EFBEC4C-0291-464A-8C31-ACB5EE998458}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boudoir doorways bulwark, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{730EF5B5-CD1A-42ED-8B8C-22A968E8768C}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{730EF5B5-CD1A-42ED-8B8C-22A968E8768C}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boudoir doorways bulwarkboudoir doorways bulwark, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EFBEC4C-0291-464A-8C31-ACB5EE998458}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1EFBEC4C-0291-464A-8C31-ACB5EE998458}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\infinity_therm, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A54A46FD-7884-4480-A215-7D5F15047E02}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{A54A46FD-7884-4480-A215-7D5F15047E02}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\infinity_therminfinity_therm, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E6136D35-C242-4F22-9BDA-C726B2DFD342}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E6136D35-C242-4F22-9BDA-C726B2DFD342}, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\infinity_therm, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A54A46FD-7884-4480-A215-7D5F15047E02}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A54A46FD-7884-4480-A215-7D5F15047E02}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\infinity_therminfinity_therm, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6136D35-C242-4F22-9BDA-C726B2DFD342}, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6136D35-C242-4F22-9BDA-C726B2DFD342}, In quarantena, [11376], [-1],0.0.0

Valore di registro: 16
PUP.Optional.Conduit, HKU\S-1-5-21-1931182577-1799832852-487072591-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In quarantena, [220], [236865],1.0.5434
PUP.Optional.Conduit, HKU\S-1-5-21-1931182577-1799832852-487072591-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, In quarantena, [220], [236865],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Grise, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Acolytes, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-1931182577-1799832852-487072591-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Diversifies, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-1931182577-1799832852-487072591-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Idly, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-1931182577-1799832852-487072591-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|meditative, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Termine, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Conventionality, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-1931182577-1799832852-487072591-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Radian, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-1931182577-1799832852-487072591-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Rimmer, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic, HKU\S-1-5-21-1931182577-1799832852-487072591-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hartung, In quarantena, [6054], [529917],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Reissues, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Finalists, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-1931182577-1799832852-487072591-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Medway, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, HKU\S-1-5-21-1931182577-1799832852-487072591-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Polystyrene, In quarantena, [11376], [529985],1.0.5434

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 44
PUP.Optional.Conduit, C:\USERS\DANDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HP6K9OYK.DEFAULT-1486051557634\PREFS.JS, Sostituito, [220], [301520],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\thwart, In quarantena, [11376], [517318],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\thwartthwart, In quarantena, [11376], [517318],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PERPENDICULARITY\PERPENDICULARITY.EXE, In quarantena, [11376], [517318],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\thwart, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\thwartthwart, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\capa, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\capacapa, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\USERS\DANDI\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\drenched.lnk, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\capa, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\capacapa, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\sargent-tourniquets, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\sargent-tourniquetssargent-tourniquets, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\USERS\DANDI\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\drencheddrenched.lnk, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PILOTED\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\sargent-tourniquets, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\sargent-tourniquetssargent-tourniquets, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\italtel_limericks, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\italtel_limericksitaltel_limericks, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\USERS\DANDI\APPDATA\LOCAL\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\italtel_limericks, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\italtel_limericksitaltel_limericks, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\phaedra closures, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\phaedra closuresphaedra closures, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\WILFUL\CREEPY.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\phaedra closures, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\phaedra closuresphaedra closures, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\boudoir doorways bulwark, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\boudoir doorways bulwarkboudoir doorways bulwark, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\USERS\DANDI\APPDATA\LOCAL\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\boudoir doorways bulwark, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\boudoir doorways bulwarkboudoir doorways bulwark, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic, C:\PROGRAM FILES (X86)\INACCESSIBILITY\HARTUNG.EXE, In quarantena, [6054], [529917],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\infinity_therm, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\infinity_therminfinity_therm, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\WILFUL\GRAYSCALE.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\infinity_therm, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\infinity_therminfinity_therm, In quarantena, [11376], [-1],0.0.0
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\FORM.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\FORM\GRAYSCALE.DLL, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PILOTED\CREEPY.DLL, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\PROGRAM FILES (X86)\PILOTED\PILOTED.EXE, In quarantena, [11376], [529985],1.0.5434
Adware.DotDo.Generic.TskLnk, C:\WINDOWS\KLAPPER.EXE, In quarantena, [11376], [529985],1.0.5434

Settore fisico: 0
(Nessun elemento nocivo rilevato)


(end)


Commenta:
Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 12/06/18
Ora scansione: 15:15
File di log: be53f56c-6e42-11e8-8349-14feb5b2af50.json
Amministratore: Sì

-Informazioni software-
Versione: 3.4.5.2467
Versione componenti: 1.0.342
Aggiorna versione pacchetto: 1.0.5450
Licenza: Free

-Informazioni sistema-
SO: Windows 10 (Build 17134.81)
CPU: x64
File system: NTFS
Utente:

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 423814
Minacce rilevate: 8
Minacce messe in quarantena: 8
Tempo impiegato: 32 min, 24 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 1
Adware.DotDo.DotPrx, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, In quarantena, [4850], [-1],0.0.0

Valore di registro: 6
Adware.DotDo.DotPrx, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In quarantena, [4850], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\S-1-5-21-1931182577-1799832852-487072591-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In quarantena, [4850], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\S-1-5-21-1931182577-1799832852-487072591-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In quarantena, [4850], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\S-1-5-21-1931182577-1799832852-487072591-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In quarantena, [4850], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\S-1-5-21-1931182577-1799832852-487072591-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, In quarantena, [4850], [-1],0.0.0
Adware.DotDo.DotPrx, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, In quarantena, [4850], [-1],0.0.0

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 1
Adware.DotDo.DotPrx, C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE, In quarantena, [4850], [530644],1.0.5450

Settore fisico: 0
(Nessun elemento nocivo rilevato)


(end)


Come posso risolvere? Grazie
Sponsor
Inviato: Tuesday, June 12, 2018 5:38:28 PM

 
ghenzi
Inviato: Tuesday, June 12, 2018 5:46:01 PM

Rank: AiutAmico

Iscritto dal : 10/31/2007
Posts: 1,338
Ecco pure il log di HijackThis:
Commenta:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:41:17, on 12/06/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Leverage\technology.exe
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Users\Dandi\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleFirefoxHost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
C:\Users\Dandi\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll
O2 - BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IDProtect Monitor] "C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe autostart
O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Dandi\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe"
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Dandi\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Dandi\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKCU\..\Run: [FBackup 6 Tray Agent] "C:\Program Files (x86)\Softland\FBackup 6\bTray.exe"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\Program Files\Microsoft Office\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll/105
O8 - Extra context menu item: Scarica con Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{9f210b73-7dbc-4e5d-ba2f-1996a9815746}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Digital Wave Update Service (DigitalWave.Update.Service) - Digital Wave Ltd. - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
O23 - Service: Disc Soft Ultra Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Ultra\DiscSoftBusServiceUltra.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FBackup 6 Service (FBackup6Srv) - Softland - C:\Program Files (x86)\Softland\FBackup 6\bService.exe
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hercules® DJ Control MP3 (HerculesDJControlMP3) - Guillemot Corporation ® - C:\Program Files\DJHERCULESMIX\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: KMS-R@1n - Unknown owner - C:\Windows\KMS-R@1n.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Serviio - Unknown owner - C:\Program Files\Serviio\bin\ServiioService.exe
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Mobile Broadband Service (WMCoreService) - Ericsson AB - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 14663 bytes


Grazie ancora
cbbusto
Inviato: Tuesday, June 12, 2018 7:04:14 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Dove sei andato a prendere tutte quelle porcherie? Nella prima scansione di mbam tutte le minacce riguardano programmi installati, tutti adware e pop e dovresti eliminarli,
Questi programmi si trovano in C:\PROGRAM FILES (X86), cercali ed eliminali se ci sono ancora.
GRAYSCALE.EXE, PERPENDICULARITY\PERPENDICULARITY.EXE, PILOTED\CREEPY.EXE, WILFUL\CREEPY.EXE, INACCESSIBILITY\HARTUNG.EXE,
Poi disattiva tutti i programmi che hai in Avvio automatico, dovrebbe rimanere solo Defender che comunque non si vede.
Poi fai una scansione con Adwcleaner e con Jrt:

Scarica Adwcleaner sul desktop: http://www.bleepingcomputer.com/download/adwcleaner/
Per il download cliccare su: Download now
Chiudi tutti i browser (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Analisi".
Finita la scansione clicca su "Pulizia"
Conferma con OK le varie finestre che ti compariranno.
Riavvia il pc e uscirà il log con le eliminazioni.
Postalo qui.
ADW crea un backup dei files e delle impostazioni eliminati, si trova in "C:\AdwCleaner\Quarantine" in modo da consentire l'eventuale ripristino di dati erroneamente cancellati.
Per il ripristino, aprire il programma>Strumenti>Gestione quarantena>Ripristino.

Scarica Junkware Removal Tool sul desktop.
http://junkware-removal-tool.it.uptodown.com/download
Il download dovrebbe partire entro 5 secondi
Disattiva temporaneamente l'antivirus per evitare potenziali conflitti.
Doppio click su JRT
Lo strumento si aprirà e avvierà la scansione del sistema.
Devi avere pazienza in quanto questo tool può richiedere del tempo per completare la scansione .
Al termine, un log (JRT.txt) viene salvato sul desktop e si aprirà automaticamente.
Postalo qui.

Poi pulisci il registro con il seguente software:
Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso da internet.
Il programma è compatibile con tutti i S.O. windows compreso win 10.
Dovresti essere a posto.
Stai molto attento a programmi che installi, se non li conosci lascia perdere.
Ciao


ghenzi
Inviato: Tuesday, June 12, 2018 7:38:05 PM

Rank: AiutAmico

Iscritto dal : 10/31/2007
Posts: 1,338
Grazie ora faccio tutto, la scansione con adwcleaner l'avevo fatta ma non avevo trovato nulla, e quei programmi li volevo eliminare con iobit, ma non erano in elenco.
L'altra sera avevo bisigno di IMGBURN sono andato sul sito ufficiale ed ho scaricato l'installer, ho avviato l'installazione, alla fine mi ha riportato la classica finestra installazione successyfull, ma non si era installato nessun programma sul pc, a quel punto insospettito ho fatto le varie scansioni, prima con adwcleaner che non ha rilevato minacce, poi con Malwarebytes.

Ecco il log di AdwCleaner:

Commenta:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build: 06-05-2018
# Database: 2018-06-11.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-12-2018
# Duration: 00:00:04
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1241 octets] - [13/04/2018 18:57:37]
AdwCleaner[S01].txt - [1241 octets] - [04/05/2018 23:55:49]
AdwCleaner[S02].txt - [1774 octets] - [25/05/2018 21:32:46]
AdwCleaner[C02].txt - [1767 octets] - [25/05/2018 21:33:35]
AdwCleaner[S03].txt - [1362 octets] - [26/05/2018 10:52:29]
AdwCleaner[C03].txt - [1449 octets] - [26/05/2018 10:53:53]
AdwCleaner[S04].txt - [1607 octets] - [11/06/2018 01:07:38]
AdwCleaner[S05].txt - [1668 octets] - [12/06/2018 19:51:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C05].txt ##########


Log di Junkware:
Commenta:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by Dandi (Administrator) on 12/06/2018 at 20:02:36,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 7

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Dandi\AppData\Roaming\Mozilla\Firefox\Profiles\hp6k9oyk.default-1486051557634\extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi (File)
Successfully deleted: C:\Users\Dandi\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Dandi (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Dandi.job (Task)
Successfully deleted: C:\WINDOWS\SysWOW64\REN82DF.tmp (File)
Successfully deleted: C:\WINDOWS\SysWOW64\REND67D.tmp (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/06/2018 at 20:08:28,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cbbusto
Inviato: Tuesday, June 12, 2018 10:51:18 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Malwarebytes nella prima scansione aveva eliminato tutto, infatti nella seconda ha trovato ben poco solo alcune voci di registro.
Adwcleaner non ha trovato nulla, qualcosa ha eliminato Jrt.
Pulisci il registro col sw che ti ho indicato e soprattutto disattiva tutte le voci in Avvio automatico.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.