Ciao a tutti, mi dite per favore se c'è qualcosa che non va? PC Lenovo con Windows 8 64 bit
Devo eliminare i file rilevati da Malware?
Grazie mille!!!
LOG DI Malware byte:
Versione database: v2013.08.22.10
Windows 8 x64 NTFS
23/08/2013 10.25.17
MBAM-log-2013-08-23 (11-32-12).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 409994
Tempo impiegato: 58 minuti, 42 secondi
Processi rilevati in memoria: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1748 -> Nessuna azione intrapresa.
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
Cartelle rilevate: 1
C:\Program Files (x86)\RegClean Pro (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
File rilevati: 32
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\TraditionalCn_rcp_zh-tw.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\Chinese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\CleanSchedule.exe (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\Danish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\Dutch_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\eng_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\Finnish_rcp_fi.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\French_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\German_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\greek_rcp_el.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\install_left_image.bmp (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\isxdl.dll (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\Italian_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\Japanese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\korean_rcp_ko.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\Norwegian_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\polish_rcp_pl.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\portugese_rcp_pt.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\Portuguese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\RCPUninstall.exe (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\RegCleanPro.dll (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\russian_rcp_ru.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\Spanish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\Swedish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\turkish_rcp_tr.ini (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\unins000.dat (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\unins000.exe (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\unins000.msg (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Program Files (x86)\RegClean Pro\xmllite.dll (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
C:\Windows\Tasks\RegClean Pro_DEFAULT.job (PUP.Optional.RegCleanPro.A) -> Nessuna azione intrapresa.
(fine)
HijackThis:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17.13.59, on 23/08/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
FIREFOX: 22.0 (it)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\windows\syswow64\wwahost.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Vincenzo\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @oem17.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Radio Control Service (BcmBtRSupport) - Unknown owner - C:\windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\windows\system32\srvany.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Activation Service (McAWFwk) - Unknown owner - c:\PROGRA~1\mcafee\msc\mcawfwk.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9523 bytes
Registrazione