Analisi log malware antibytes per l'esclusione di falsi positivi

cover

Posso richiedervi un consiglio circa la segnalazione di alcuni malware da parte di malware antibytes prima di procedere alla rimozione degli stessi?

cover

Posso richiedervi un consiglio circa la segnalazione di alcuni malware da parte di malware antibytes prima di procedere alla rimozione degli stessi?

megthebest

spara...

ah fai un bel pasaggio anche con adwcleaner e combofix che è meglio

cover

Ho già cancellato tutto quello che mi segnalava. Era robbaccia causata da quello che ha installato il tecnico.

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes : Free Anti-Malware

Versione database: v2014.01.06.07

Windows 8 x64 NTFS

Internet Explorer 11.0.9600.16476

Paolo :: NOTEBOOK [amministratore]

07/01/2014 17:31:06

MBAM-log-2014-01-07 (20-37-22).txt

Tipo di scansione: Scansione completa (C:|)

Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM

Opzioni di scansione disattivate: P2P

Elementi esaminati: 354040

Tempo impiegato: 1 ore, 6 minuti, 36 secondi

Processi rilevati in memoria: 0

(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0

(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0

(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0

(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0

(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 2

C:UsersUtenteAppDataRoamingOpenCandy (PUP.Optional.OpenCandy) -> Nessuna azione intrapresa.

C:UsersUtenteAppDataRoamingOpenCandy

cover

incollo pure quello di hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:48:06, on 08/01/2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.16384)

Boot mode: Normal

Running processes:

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program Files (x86)Mozilla Firefoxfirefox.exe

C:UsersPaoloAppDataRoaminguTorrentuTorrent.exe

C:Program Files (x86)Trend MicroHiJackThisHiJackThis.exe

C:WindowsSysWOW64DllHost.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = Bing

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = MSN Italia: Hotmail, Messenger, Skype, Windows Live, Outlook, internet explorer 10

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = MSN Italia: Hotmail, Messenger, Skype, Windows Live, Outlook, internet explorer 10

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = Bing

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = Bing

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = MSN Italia: Hotmail, Messenger, Skype, Windows Live, Outlook, internet explorer 10

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64lank.htm

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:Program Files (x86)Microsoft OfficeOffice15OCHelper.dll

O2 - BHO: Java? Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7inssv.dll

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:PROGRA~2MICROS~1Office15GROOVEEX.DLL

O2 - BHO: Java? Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7injp2ssv.dll

O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

O4 - HKCU..Run: [uTorrent] "C:UsersPaoloAppDataRoaminguTorrentuTorrent.exe" /MINIMIZED

O4 - Global Startup: WinZip Quick Pick.lnk = C:Program Files (x86)WinZipWZQKPICK.EXE

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:PROGRA~1MICROS~1Office15EXCEL.EXE/3000

O8 - Extra context menu item: I&nvia a OneNote - res://C:PROGRA~1MICROS~1Office15ONBttnIE.dll/105

O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice15ONBttnIE.dll

O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice15ONBttnIE.dll

O9 - Extra button: Lync - Chiamata con un clic - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:Program Files (x86)Microsoft OfficeOffice15OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync - Chiamata con un clic - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:Program Files (x86)Microsoft OfficeOffice15OCHelper.dll

O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice15ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice15ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLMSystemCCSServicesTcpip..{A17128D7-8C8C-4250-9E87-9B3218CA9FC7}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLMSystemCCSServicesTcpip..{B403CE52-8F4A-4CE3-8D81-9C7220B8DAD8}: NameServer = 8.8.8.8,8.8.4.4

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:Program Files (x86)Microsoft OfficeOffice15MSOSB.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE15MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)

O23 - Service: @oem5.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:Windowssystem32BtwRSupportService.exe (file missing)

O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)

O23 - Service: @%SystemRoot%system32ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:Windowssystem32IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)

O23 - Service: @C:Program Files (x86)NeroUpdateNASvc.exe,-200 (NAUpdate) - Nero AG - C:Program Files (x86)NeroUpdateNASvc.exe

O23 - Service: @%SystemRoot%System32 etlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)

O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: Service KMSELDI - Unknown owner - C:Program FilesKMSpicoService_KMS.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe

O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)

O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)

O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)

O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%Windows DefenderMpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:Program Files (x86)Windows DefenderNisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%Windows DefenderMpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:Program Files (x86)Windows DefenderMsMpEng.exe (file missing)

O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

--

End of file - 8115 bytes