Analisi log malware antibytes per l'esclusione di falsi positivi

[cover]

Posso richiedervi un consiglio circa la segnalazione di alcuni malware da parte di malware antibytes prima di procedere alla rimozione degli stessi?

[megthebest]

spara...

ah fai un bel pasaggio anche con adwcleaner e combofix che è meglio

[cover]

Ho già cancellato tutto quello che mi segnalava. Era robbaccia causata da quello che ha installato il tecnico.

 

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes : Free Anti-Malware

 

Versione database: v2014.01.06.07

 

Windows 8 x64 NTFS

Internet Explorer 11.0.9600.16476

Paolo :: NOTEBOOK [amministratore]

 

07/01/2014 17:31:06

MBAM-log-2014-01-07 (20-37-22).txt

 

Tipo di scansione: Scansione completa (C:|)

Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM

Opzioni di scansione disattivate: P2P

Elementi esaminati: 354040

Tempo impiegato: 1 ore, 6 minuti, 36 secondi

 

Processi rilevati in memoria: 0

(non sono stati rilevati elementi nocivi)

 

Moduli di memoria rilevati: 0

(non sono stati rilevati elementi nocivi)

 

Chiavi di registro rilevate: 0

(non sono stati rilevati elementi nocivi)

 

Valori di registro rilevati: 0

(non sono stati rilevati elementi nocivi)

 

Voci rilevate nei dati di registro: 0

(non sono stati rilevati elementi nocivi)

 

Cartelle rilevate: 2

C:UsersUtenteAppDataRoamingOpenCandy (PUP.Optional.OpenCandy) -> Nessuna azione intrapresa.

C:UsersUtenteAppDataRoamingOpenCandy

[cover]

incollo pure quello di hijackthis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:48:06, on 08/01/2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.16384)

Boot mode: Normal

 

Running processes:

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program Files (x86)Mozilla Firefoxfirefox.exe

C:UsersPaoloAppDataRoaminguTorrentuTorrent.exe

C:Program Files (x86)Trend MicroHiJackThisHiJackThis.exe

C:WindowsSysWOW64DllHost.exe

 

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = Bing

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = MSN Italia: Hotmail, Messenger, Skype, Windows Live, Outlook, internet explorer 10

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = MSN Italia: Hotmail, Messenger, Skype, Windows Live, Outlook, internet explorer 10

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = Bing

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = Bing

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = MSN Italia: Hotmail, Messenger, Skype, Windows Live, Outlook, internet explorer 10

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64lank.htm

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:Program Files (x86)Microsoft OfficeOffice15OCHelper.dll

O2 - BHO: Java? Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7inssv.dll

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:PROGRA~2MICROS~1Office15GROOVEEX.DLL

O2 - BHO: Java? Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7injp2ssv.dll

O4 - HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

O4 - HKCU..Run: [uTorrent] "C:UsersPaoloAppDataRoaminguTorrentuTorrent.exe" /MINIMIZED

O4 - Global Startup: WinZip Quick Pick.lnk = C:Program Files (x86)WinZipWZQKPICK.EXE

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:PROGRA~1MICROS~1Office15EXCEL.EXE/3000

O8 - Extra context menu item: I&nvia a OneNote - res://C:PROGRA~1MICROS~1Office15ONBttnIE.dll/105

O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice15ONBttnIE.dll

O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice15ONBttnIE.dll

O9 - Extra button: Lync - Chiamata con un clic - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:Program Files (x86)Microsoft OfficeOffice15OCHelper.dll

O9 - Extra 'Tools' menuitem: Lync - Chiamata con un clic - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:Program Files (x86)Microsoft OfficeOffice15OCHelper.dll

O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice15ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice15ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLMSystemCCSServicesTcpip..{A17128D7-8C8C-4250-9E87-9B3218CA9FC7}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLMSystemCCSServicesTcpip..{B403CE52-8F4A-4CE3-8D81-9C7220B8DAD8}: NameServer = 8.8.8.8,8.8.4.4

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:Program Files (x86)Microsoft OfficeOffice15MSOSB.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE15MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)

O23 - Service: @oem5.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:Windowssystem32BtwRSupportService.exe (file missing)

O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)

O23 - Service: @%SystemRoot%system32ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:Windowssystem32IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)

O23 - Service: @C:Program Files (x86)NeroUpdateNASvc.exe,-200 (NAUpdate) - Nero AG - C:Program Files (x86)NeroUpdateNASvc.exe

O23 - Service: @%SystemRoot%System32 etlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)

O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: Service KMSELDI - Unknown owner - C:Program FilesKMSpicoService_KMS.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe

O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)

O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)

O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)

O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%Windows DefenderMpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:Program Files (x86)Windows DefenderNisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%Windows DefenderMpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:Program Files (x86)Windows DefenderMsMpEng.exe (file missing)

O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

 

--

End of file - 8115 bytes