fcp65
Comune mortale
Registrato: 26/09/14 17:18
Messaggi: 1
Residenza: Roma
|
 Inviato: 26 Set 2014 17:38 Oggetto: probabile Malware molto fastidioso (ho i LOG) |
 |
|
Salve a tutti.
Sono circa 20 giorni che ho un grosso problema sul mio PC desktop.
Utilizzo Windows 7 Ultimate.
Come antivirus ho MS Security Essentials e utilizzo spesso Malwarebytes Anti-Malware.
E' un po' difficile da spiegare ma ci provo.
Praticamente mentre ho una qualsiasi finestra aperta (Explorer, Word, Grafica, PokerStars, etc.) dopo circa una ventina di secondi mi sparisce il "controllo" su quella finestra e sono costretto a cliccare con il mouse all'interno di essa per riprenderlo, altrimenti - ad esempio in Word - rischio di scrivere a vuoto...
Tanto per farvi capire quanto possa essere fastidioso tutto ciò... vi dico che per scrivere queste parole (finora scritte) mi è già successo ben 4 volte...
Ho provveduto, in successione, ad eseguire la scansione con i seguenti software... ma senza risolvere nulla!!!
La scansione è stata eseguita anche in modalità provvisoria senza rete (con i primi due software).
Questi sono i LOG:
Malwarebytes Anti-Malware----->
Malwarebytes Anti-Malware
link
Scan Date: 22/09/2014
Scan Time: 15:19:44
Logfile: Malwarebytes Anti-Malware.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.09.22.02
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Hp
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325896
Time Elapsed: 10 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.Babylon.A, HKU\S-1-5-21-3427135282-2518342873-4139304083-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [08a27b7592e901351d829eec0af84ab6],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Claro.A, C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcillohgikpecbmgioknapdpcjofaafl_0.localstorage, Quarantined, [d8d28f61bebdfa3caed94eb86f94c838],
Physical Sectors: 0
(No malicious items detected)
(end)
Emisoft Anti-Malware----->
Emsisoft Anti-Malware - Versione 9.0
Ultimo aggiornamento: 22/09/2014 15:56:20
Account utente: Hp-PC\Hp
Impostazioni scansione:
Tipo scansione: Intelligente
Oggetti: Rootkits, Memoria, Tracce, C:\Windows\, C:\Program Files\
Rileva PUPs: On
Archivio scansioni: Off
Scansione ADS: On
Filtro estensione dei file: Off
Caching avanzato: On
Accesso diretto al disco: Off
Scansione avviata: 22/09/2014 15:57:04
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\7A931B0A5D8E8E947AFB2124E1562280 rilevati: Application.AdReg (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\BABSOLUTION rilevati: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\BABSOLUTION rilevati: Application.InstallAd (A)
Scansionati 149879
Rilevato 3
Fine scansione: 22/09/2014 16:32:00
Tempo scansione: 0:34:56
Key: HKEY_USERS\S-1-5-18\SOFTWARE\BABSOLUTION In quarantena Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\7A931B0A5D8E8E947AFB2124E1562280 In quarantena Application.AdReg (A)
In quarantena 2
Hitman Pro----->
| Codice: |
HitmanPro 3.7.9.225
www.hitmanpro.com
Computer name . . . . : HP-PC
Windows . . . . . . . : 6.1.1.7601.X86/2
User name . . . . . . : Hp-PC\Hp
UAC . . . . . . . . . : Disabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2014-09-22 16:42:27
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 16s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 1
Traces . . . . . . . : 28
Objects scanned . . . : 1.323.391
Files scanned . . . . : 35.806
Remnants scanned . . : 299.010 files / 988.575 keys
Malware _____________________________________________________________________
C:\ProgramData\InstallMate\{06E9438C-3003-4611-A4FA-7821DD0A617A}\_Setupx.dll -> Quarantined
Size . . . . . . . : 58.368 bytes
Age . . . . . . . : 602.2 days (2013-01-28 11:59:09)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 75585E46CDD212C0341EB2363B5DF105D3783407DAC4BC52946DE8E70791431A
> Kaspersky . . . . : not-a-virus:HEUR:Downloader.Win32.AdLoad.u
Fuzzy . . . . . . : 106.0
Potential Unwanted Programs _________________________________________________
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gaiilaahiahdejapggenmdmafpmbipje_0.localstorage (Delta Search) -> Deleted
HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\ (RegClean Pro) -> Deleted
HKLM\SOFTWARE\Microsoft\Tracing\RegCleanPro_RASAPI32\ (RegClean Pro) -> Deleted
HKLM\SOFTWARE\Microsoft\Tracing\RegCleanPro_RASMANCS\ (RegClean Pro) -> Deleted
HKU\.DEFAULT\Software\AskToolbar\ (AskBar) -> Deleted
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} (Claro)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}\ (Babylon) -> Deleted
HKU\S-1-5-18\Software\AskToolbar\ (AskBar) -> PendingDelete
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} (Claro)
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}\ (Babylon) -> PendingDelete
HKU\S-1-5-21-3427135282-2518342873-4139304083-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
HKU\S-1-5-21-3427135282-2518342873-4139304083-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find) -> Deleted
HKU\S-1-5-21-3427135282-2518342873-4139304083-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find) -> Deleted
Cookies _____________________________________________________________________
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Cookies:ing.112.2o7.net
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Cookies\H1B6681Z.txt
C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Cookies\K2VTLB4P.txt
|
HijackThis----->
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:13:19, on 22/09/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\mixer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTraffic Monitor\iTrafficMon.exe
C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TP-LINK\Utility di configurazione Wireless TP-LINK\TWCU.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ORBCRH1G\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = link
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = link
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = link
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = link
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = link
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = link
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTraffic Monitor] C:\Program Files\iTraffic Monitor\iTrafficMon.exe
O4 - HKLM\..\Run: [ACMLIGHTCU] C:\ssclitmp\AcmLight\ACMLIGHTcu.exe -e
O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hp\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [iTraffic Monitor] C:\Program Files\iTraffic Monitor\iTrafficMon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-3427135282-2518342873-4139304083-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3427135282-2518342873-4139304083-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utility di configurazione Wireless TP-LINK.lnk = C:\Program Files\TP-LINK\Utility di configurazione Wireless TP-LINK\TWCU.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - link
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - link
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B7DF5BA-F2ED-4982-A441-3220B68354D5}: NameServer = 94.198.96.34,46.4.70.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{83BBB599-663D-4245-A857-F66CEFE34F1A}: NameServer = 94.198.96.34,46.4.70.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC769E14-7DF7-4673-B02D-0CD37D6B73A0}: NameServer = 94.198.96.34,46.4.70.20
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Emsisoft Protection Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: ACMLIGHT - Unknown owner - C:\ssclitmp\AcmLight\Acmlight.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
--
End of file - 8731 bytes
GMER----->
GMER 2.1.19357 - link
Rootkit quick scan 2014-09-22 18:20:54
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320418AS rev.HP34 298,09GB
Running: gmer.exe; Driver: C:\Users\Hp\AppData\Local\Temp\pxldipoc.sys
---- System - GMER 2.1 ----
Code \??\C:\Windows\system32\drivers\hitmanpro37.sys ZwAllocateVirtualMemory [0xA7BCC562]
Code \??\C:\Windows\system32\drivers\hitmanpro37.sys NtAllocateVirtualMemory
---- Threads - GMER 2.1 ----
Thread System [4:4352] B6E94CB0
---- EOF - GMER 2.1 ----
----->
Inoltre ho anche utilizzato ESET Smart Security, ma non mi ha rilasciato il LOG (o non lo trovo io...).
Grazie MILLE a chi potesse aiutarmi...  |
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
