Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Controllo LOg Malwarebyte Opzioni
booble
Inviato: Sunday, January 16, 2022 9:37:06 AM
Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 52
Grazie , solo per un chekup ! :)

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 16/01/22
Ora scansione: 08:32
File di log: 6c115c8c-769e-11ec-9b5d-ac220b1dedc8.json

-Informazioni software-
Versione: 4.5.0.152
Versione componenti: 1.0.1538
Aggiorna versione pacchetto: 1.0.49873
Licenza: Periodo di prova

-Informazioni sistema-
SO: Windows 10 (Build 19043.1165)
CPU: x64
File system: NTFS
Utente: DESKTOP-I7LVQQ7\Kundalini

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 335980
Minacce rilevate: 45
Minacce messe in quarantena: 0
Tempo impiegato: 8 min, 32 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Analisi euristica: Attivata
PUP: Rilevare
PUM (modifica potenzialmente indesiderata): Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 10
PUP.Optional.GarbageCleaner, HKU\S-1-5-21-1641062853-3667648398-1858719796-1001\SOFTWARE\WOW6432NODE\GCleaner, Nessuna azione intrapresa, 1264, 676886, 1.0.49873, , ame, , ,
PUP.Optional.DriverPack, HKU\S-1-5-21-1641062853-3667648398-1858719796-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\drp.su, Nessuna azione intrapresa, 652, 472299, 1.0.49873, , ame, , ,
PUP.Optional.DriverMax, HKU\S-1-5-21-1641062853-3667648398-1858719796-1001\SOFTWARE\INNOVATIVE SOLUTIONS\DriverMax, Nessuna azione intrapresa, 3480, 811919, 1.0.49873, , ame, , ,
PUP.Optional.DriverMax, HKLM\SOFTWARE\CLASSES\.dmx-info, Nessuna azione intrapresa, 3480, 811914, 1.0.49873, , ame, , ,
PUP.Optional.DriverMax, HKLM\SOFTWARE\CLASSES\dmx-info-file, Nessuna azione intrapresa, 3480, 811915, 1.0.49873, , ame, , ,
PUP.Optional.DriverMax, HKLM\SOFTWARE\CLASSES\innodmx, Nessuna azione intrapresa, 3480, 811916, 1.0.49873, , ame, , ,
PUP.Optional.DriverMax, HKLM\SOFTWARE\WOW6432NODE\INNOVATIVE SOLUTIONS\DriverMax, Nessuna azione intrapresa, 3480, 811917, 1.0.49873, , ame, , ,
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\KMS_VL_ALL, Nessuna azione intrapresa, 1334, 812204, , , , , ,
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BC252548-1010-4833-BB57-9FAD0ADA1278}, Nessuna azione intrapresa, 1334, 812204, , , , , ,
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{BC252548-1010-4833-BB57-9FAD0ADA1278}, Nessuna azione intrapresa, 1334, 812204, , , , , ,

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 4
PUP.Optional.DriverMax, C:\USERS\KUNDALINI\APPDATA\LOCAL\INNOVATIVE SOLUTIONS\DRIVERMAX, Nessuna azione intrapresa, 3480, 812461, 1.0.49873, , ame, , ,
PUP.Optional.DriverMax, C:\USERS\KUNDALINI\APPDATA\ROAMING\INNOVATIVE SOLUTIONS\DRIVERMAX, Nessuna azione intrapresa, 3480, 812462, 1.0.49873, , ame, , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HowToRemove, Nessuna azione intrapresa, 956, 542290, , , , , ,
PUP.Optional.WinYahoo.TskLnk, C:\USERS\KUNDALINI\APPDATA\LOCAL\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}, Nessuna azione intrapresa, 956, 542290, 1.0.49873, , ame, , ,

File: 30
Legit.MisusedLegit, C:\USERS\KUNDALINI\APPDATA\LOCALLOW\uS0wV5wY9qH3\mozglue.dll, Nessuna azione intrapresa, 3680, 965519, 1.0.49873, , ame, , EAE9273F8CDCF9321C6C37C244773139, A0C6630D4012AE0311FF40F4F06911BCF1A23F7A4762CE219B8DFFA012D188CC
Legit.MisusedLegit, C:\USERS\KUNDALINI\APPDATA\LOCALLOW\uS0wV5wY9qH3\freebl3.dll, Nessuna azione intrapresa, 3680, 965515, 1.0.49873, , ame, , 60ACD24430204AD2DC7F148B8CFE9BDC, 9876C53134DBBEC4DCCA67581F53638EBA3FEA3A15491AA3CF2526B71032DA97
Legit.MisusedLegit, C:\USERS\KUNDALINI\APPDATA\LOCALLOW\uS0wV5wY9qH3\softokn3.dll, Nessuna azione intrapresa, 3680, 965521, 1.0.49873, , ame, , 4E8DF049F3459FA94AB6AD387F3561AC, 25A4DAE37120426AB060EBB39B7030B3E7C1093CC34B0877F223B6843B651871
Legit.MisusedLegit, C:\USERS\KUNDALINI\APPDATA\LOCALLOW\uS0wV5wY9qH3\nss3.dll, Nessuna azione intrapresa, 3680, 965520, 1.0.49873, , ame, , 02CC7B8EE30056D5912DE54F1BDFC219, 1989526553FD1E1E49B0FEA8036822CA062D3D39C4CAB4A37846173D0F1753D5
PUP.Optional.WinYahoo.TskLnk, C:\USERS\KUNDALINI\APPDATA\ROAMING\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, Nessuna azione intrapresa, 956, 542290, , , , , 148CEBD166C25A06D630A9CF69A065A6, DEEDEB38991CEE739C15F8C142C83087A2010BE1E1A2CF332344201E834CC11F
PUP.Optional.WinYahoo.TskLnk, C:\USERS\KUNDALINI\APPDATA\LOCAL\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HOWTOREMOVE\HOWTOREMOVE.HTML, Nessuna azione intrapresa, 956, 542290, 1.0.49873, , ame, , 92A56BD431B8EC678C73844C916017CA, 47BFA64B49B9ABF0C2DCA4F400E0137E1C29211CE6ED4196EDE1560149D13FF2
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HowToRemove\chromium-min.jpg, Nessuna azione intrapresa, 956, 542290, , , , , 63BC75E5CF5CBA301C0A333A493C1E6C, AECF7E9F8EA60035CF8E255B99ADDBC4739C357BC9773273B682B06073AE2BBC
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HowToRemove\control panel-min-min.JPG, Nessuna azione intrapresa, 956, 542290, , , , , D3317C08A7FD5C68AF7607B56365D7EF, E0DF11EDFC606871F3FA3E825D0A346D895CF2246372E1919F3F6B6F823855EA
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HowToRemove\down.png, Nessuna azione intrapresa, 956, 542290, , , , , BD28C167E200A3B28D65FAD11067F767, 782AEE35F1473A0818E85C7888276AB1A92A2C6650420A6914C11D4A87017959
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HowToRemove\ff menu.JPG, Nessuna azione intrapresa, 956, 542290, , , , , 0ACF64A62398FD3E28C0F776E080E02E, A7E228427AFE421EE317EECF714464E5ED346B2032C98F4076B01EB61D92F11F
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HowToRemove\ff search engine-min.png, Nessuna azione intrapresa, 956, 542290, , , , , 98167327578F423AD62775F9C0DA1C08, 95E4B167F0173DB00F6BCDDE9864CC2E5DDED171506F8AB8E7B9F7863D913680
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HowToRemove\hp-min ff.png, Nessuna azione intrapresa, 956, 542290, , , , , AFE6FD269F10B4FB4055028CE2E0F70C, F0403DEBED00E906EE26EFE1463A63347D5B7CD6EB60BB38AE0E3C3460F71693
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HowToRemove\hp-min ie.png, Nessuna azione intrapresa, 956, 542290, , , , , C76F780F7CDEDA6D63A72E00719EAE53, 0A53A6F7C61B73B40061A401ED4C5D1E520C1D1DEC270617C5C25C8EE64A95C6
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HowToRemove\search engine.gif, Nessuna azione intrapresa, 956, 542290, , , , , D2665D24334093AFB3D3E64E22346AC4, E5CA26785BDB836C3C234A67E991BF1C70D4E87CAA75EC43747619E64DECAA57
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HowToRemove\setup pages.gif, Nessuna azione intrapresa, 956, 542290, , , , , D8957AB88B51AC3D91DB06AC96369BE4, 6BB5388E49AAB90AB7C85A736EAABDEB9A78CDCCA4D7A4138B00DBC1C657C8D5
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HowToRemove\sp-min.png, Nessuna azione intrapresa, 956, 542290, , , , , C4A8846B0AAC9BEF78F6A001514ECFF5, 4E9A05BDB43137235913F0BBB1F21C35DF34E62D33F2A4F4FC9C0F15FA1346E3
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HowToRemove\start-min.jpg, Nessuna azione intrapresa, 956, 542290, , , , , 7A52610FBA6935C9ACF2A2F38CA86F6A, 677001B0CFD9F6C824E422C5EBBC5C042ABB0CF156990064DD3170CF6F3379C8
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\HowToRemove\up.png, Nessuna azione intrapresa, 956, 542290, , , , , 45B1D3F523A38E29419DC26AE6BDD253, 892E25F7363B1C4EFA5FFACD5F4CDADD01833F49EF5CEF335676D84DA871EBA0
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\canecirit, Nessuna azione intrapresa, 956, 542290, , , , , DBC66A23EE25949E68778EB816342AB5, 6401A6A972C7646F84F59BC3CBD5BBF52E6AFEEB3B2A67CFBD8D62C59E28D03C
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\celolicat, Nessuna azione intrapresa, 956, 542290, , , , , F185E864B0F3532A799B8576CA2D75EC, B0EF04F5D81E56F85843CD9D28EB1EDC229FE2DAF56A8D9DAA6518660E59164A
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\uninst.exe, Nessuna azione intrapresa, 956, 542290, , , , , 4ED777A5428F68EFA0A9D84FEB06D056, 59EE7AA430827FED2DCE7D0765AA95560094D864A811AB3611E30EA1B2CB4293
PUP.Optional.WinYahoo.TskLnk, C:\Users\Kundalini\AppData\Local\{9F6DA931-BBC5-C589-D65D-E061F2351CF9}\uninstp.dat, Nessuna azione intrapresa, 956, 542290, , , , , 3A8C80C60507B431FC41FDB520DF4613, 8D64C8795405AF3A51694B3FD49896BA71F7910B7ECEA58D460E277969F1E2AB
HackTool.KMS, C:\WINDOWS\SYSTEM32\TASKS\KMS_VL_ALL, Nessuna azione intrapresa, 1334, 812204, 1.0.49873, , ame, , 536492AF5EAC26129D40831F315E0054, 391253A856F8709EC8B5EBE40FEF84B323AD1EF66FBE41F40302A0CACDA0DEB3
Trojan.Dropper, C:\USERS\KUNDALINI\APPDATA\ROAMING\MIRC\DOWNLOADS\ARCHIVES\BANDICAM.V4.5.6.1647-GBM.RAR, Nessuna azione intrapresa, 548, 648276, 1.0.49873, 7F55563CA333AE800A501B86, dds, 01600204, A62B37CB279375A421A07942A936028D, E8FA2764C66461D84D1E5E4C97AF051D9E8FC2F77A470C8F1E6D1C37CD3BE716
PUP.Optional.BundleInstaller, C:\USERS\KUNDALINI\DOWNLOADS\UTORRENT.EXE, Nessuna azione intrapresa, 510, 875791, 1.0.49873, , ame, , C7D8BE7EEF6EF338B9D43013A8C103F1, 639D692C2F72E28A4991C5C2BB5E69BC3420B2DF63EA2112A6CD73EF83415BB1
PUP.Optional.DriverMax, C:\USERS\KUNDALINI\DOWNLOADS\DRIVERMAX.EXE, Nessuna azione intrapresa, 3480, 812463, 1.0.49873, , ame, , 11AD53A9529A5BCB20F68F93D90E5300, 983F85849877BCA42F3F374F5618E71B2BBE973FBB600885045BC4F3B9106004
Adware.DownloadAssistant, C:\USERS\KUNDALINI\DOWNLOADS\CCCAM-IPK-VIX_703213918.ZIP, Nessuna azione intrapresa, 748, 1013780, 1.0.49873, 8509A66CCC0725DA071D908E, dds, 01600204, 8D030B48D427F92100D0033E46C05A33, E7E109325BE7042E3DCA11F0B0C9F986F5C5432CE51136BD959A63F68F02BFC3
Trojan.Injector, C:\PROGRAM FILES (X86)\WONDERSHARE\PDFELEMENT 6 PRO\PATCH.EXE, Nessuna azione intrapresa, 727, 589852, 1.0.49873, , ame, , 2F44945298B78C7227187EFB7F746E3D, 0BF97B07F1D26DA87B9377879F0C195BEA374080E5BA9428861195D71D9BB18C
RiskWare.Tool.CK, C:\USERS\KUNDALINI\DOCUMENTS\VUZE DOWNLOADS\DRIVEREASY PROFESSIONAL V4.9.15.21942.RAR, Nessuna azione intrapresa, 7048, 297065, 1.0.49873, FC92510CB29BC7F0F2414FD3, dds, 01600204, F7EA6875141779F72385FD62175DA71B, B7771C597DF00E6416BC0610735EF8611F83B8E0C688C2FFAB4088789A320CD2
Spyware.PasswordStealer, C:\USERS\KUNDALINI\DOCUMENTS\VUZE DOWNLOADS\GREENPASS_GENERATOR.ZIP, Nessuna azione intrapresa, 537, 989827, 1.0.49873, 53E6B28C2CB3342DFF49366A, dds, 01600204, D5CAC4F9D13B21D4A75DA7C7A0DA42F6, 76FE5E77D54D5D033C5B7639015C43C798D6C4FE838E0E9FABBCE107210125DB

Settore fisico: 1
Rootkit.Pitou.c.MBR, 0, Nessuna azione intrapresa, 16934, 514127, 0.0.0, , ame, , ,

WMI: 0
(Nessun elemento nocivo rilevato)


(end)
Sponsor
Inviato: Sunday, January 16, 2022 9:37:06 AM

 
wolfestein
Inviato: Sunday, January 16, 2022 4:08:06 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,126
Che problemi hai?
Fai anche una scansione con HijackThis e metti il log.
http://software.aiutamici.com/software?ID=11175
booble
Inviato: Sunday, January 16, 2022 6:19:10 PM
Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 52
Ho installato qualche "programma strano" e non vorrei che fosse un spyware o simili...
GrazieApplause


Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Pro), 10.0.19043.1165 (ReleaseId: 2009), Service Pack: 0
Time: 16.01.2022 - 08:15 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Kundalini (group: Administrator) on DESKTOP-I7LVQQ7, FirstRun: yes

Chrome: 97.0.4692.71
Firefox: 96.0.1.8048
Internet Explorer: 11.0.19041.906
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\Power Translator 15\LogoMedia TranslateDotNet Server.exe
1 C:\Program Files (x86)\WinRAR\WinRAR.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
11 C:\Program Files\Mozilla Firefox\firefox.exe
2 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
1 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21090.10008.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21113.36.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21102.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21111.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCopyAccelerator.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
1 C:\Users\Kundalini\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\CompPkgSrv.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
10 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
2 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
83 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-c78031797b0599b6
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{bce42d98-b1cd-493f-a64c-107aae7521be}: [SuggestionsURL] = '{{CYA_IE_SUGGEST_URL}}' - Bing Search Engine
O1 - Hosts.ICS: 192.168.137.1 DESKTOP-I7LVQQ7.mshome.net # 2026 11 6 21 17 58 59 446
O1 - Hosts.ICS: 192.168.137.148 LGwebOSTV.mshome.net # 2021 11 1 29 17 58 59 446
O2 - HKLM\..\BHO: (no name) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - (no file)
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.62\BHO\ie_to_edge_bho_64.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.62\BHO\ie_to_edge_bho.dll
O2-32 - HKLM\..\BHO: LEC - {4A241D35-F7EB-401b-8C5B-A904A50F280E} - C:\Program Files (x86)\Power Translator 15\Applications\LEC IE Translation Extension.dll
O3-32 - HKLM\..\Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files (x86)\Power Translator 15\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (2020/01/10)
O4 - User Startup: C:\Users\Kundalini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Invia a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr
O9 - Button: HKLM\..\{22CC3EBD-C286-43aa-B8E6-06B115F74162}: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Button: HKLM\..\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}: (no name) - (no file)
O9 - Tools menu item: HKLM\..\{22CC3EBD-C286-43aa-B8E6-06B115F74162}: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9-32 - Button: HKLM\..\{22CC3EBD-C286-43aa-B8E6-06B115F74162}: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9-32 - Tools menu item: HKLM\..\{22CC3EBD-C286-43aa-B8E6-06B115F74162}: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7d20f66e-9d09-483f-91b6-ea3d24a96b3b}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7d20f66e-9d09-483f-91b6-ea3d24a96b3b}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistant - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV20:{} (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantAllUsersRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV20:{} /AllUsersRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantCalendarRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV20:{} /CalendarRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantWakeupRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV20:{} /WakeupRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot - C:\WINDOWS\system32\MusNotification.exe EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Microsoft)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-1641062853-3667648398-1858719796-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: ATK Package 36D18D69AFC3 - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe -CancelShutdown
O22 - Task: ATK Package A22126881260 - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: G2MUpdateTask-S-1-5-21-1641062853-3667648398-1858719796-1001 - C:\Users\Kundalini\AppData\Local\GoToMeeting\19228\g2mupdate.exe (file missing)
O22 - Task: G2MUploadTask-S-1-5-21-1641062853-3667648398-1858719796-1001 - C:\Users\Kundalini\AppData\Local\GoToMeeting\19228\g2mupload.exe (file missing)
O22 - Task: GarminUpdaterTask - C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: KMS_VL_ALL - C:\office2019\Microsoft.Office.Prof.Plus.VL.2019-1810.B.11001.20074-64bit-GBM\MOFFProPVL2019-(Build 16.0.11001.20074) 64 Bit\Attivatori\Attivatore 2\KMS_VL_ALL.cmd (file missing)
O22 - Task: OneDrive Reporting Task-S-1-5-21-1641062853-3667648398-1858719796-1001 - C:\Users\Kundalini\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: RTKCPL - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O22 - Task: RtHDVBg - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
O22 - Task: RtHDVBg_ListenToDevice - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /AECBYLISTENTOSTATUS
O22 - Task: UnHackMe Task Scheduler - C:\Program Files (x86)\UnHackMe\hackmon.exe $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Setup\EOSNotify - C:\WINDOWS\system32\EOSNotify.exe (file missing)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\AC Power Install - C:\WINDOWS\system32\usoclient.exe StartInstall (Microsoft)
O22 - Task: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: LEC TranslateDotNet Server - C:\Program Files (x86)\Power Translator 15\LogoMedia TranslateDotNet Server.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\97.0.4692.71\elevation_service.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc


--
End of file - Time spent: 17,6 sec. - 25670 bytes, CRC32: FFFFFFFF. Sign: 咸
wolfestein
Inviato: Monday, January 17, 2022 4:40:24 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,126
Nel log di Hijack non vedo anomalie tranne due No File che puoi fixare.
O9 - Button: HKLM\..\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}: (no name) - (no file
O2 - HKLM\..\BHO: (no name) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - (no file)
Mentre in Malwarebytes c'è la voce sospetta Pitou(possibile trojan) fai una scansione con Spy Hunter https://spyhunter.it.malavida.com/ e dopo segui questa guida per rimuoverlo
booble
Inviato: Monday, January 17, 2022 5:11:33 PM
Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 52
wolfestein ha scritto:
Nel log di Hijack non vedo anomalie tranne due No File che puoi fixare.
O9 - Button: HKLM\..\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}: (no name) - (no file
O2 - HKLM\..\BHO: (no name) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - (no file)
Mentre in Malwarebytes c'è la voce sospetta Pitou(possibile trojan) fai una scansione con Spy Hunter https://spyhunter.it.malavida.com/ e dopo segui questa guida per rimuoverlo


gRAZIE A tUTTI!!
cbbusto
Inviato: Monday, January 17, 2022 5:29:51 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,899
Fixa ed elimina le seguenti righe:
O1 - Hosts.ICS: 192.168.137.1 DESKTOP-I7LVQQ7.mshome.net # 2026 11 6 21 17 58 59 446
O1 - Hosts.ICS: 192.168.137.148 LGwebOSTV.mshome.net # 2021 11 1 29 17 58 59 446
O3-32 - HKLM\..\Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files (x86)\Power Translator 15\Applications\LEC IE Translation Extension.dll
O4 - User Startup: C:\Users\Kundalini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Invia a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr

Fai le seguenti pulizie:
ADWclraner lo scarichi da qui: https://it.malwarebytes.com/adwcleaner/
Scarica la versione gratuita e poi aggiornalo

scarica J.R.T. da qui: https://www.bleepingcomputer.com/download/junkware-removal-tool/
Avvialo clicca su un tasto e lascia fare, elimina automaticamente ciò che trova e rilascia il log

poi pulizia registro:

Per una pulizia profonda del registro, usa Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso.
Il programma è compatibile con tutti i S.O. windows compreso win 10.
ciao
wolfestein
Inviato: Monday, January 17, 2022 9:45:03 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,126
Grazie del supporto cbb.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.