Malwarebytes Anti-Malware
www.malwarebytes.org

Data scansione: 06/12/2015
Ora scansione: 11.25
File di log: Malwarebyte log.txt
Amministratore: Sė

Versione: 2.2.0.1024
Database malware: v2015.12.06.02
Database rootkit: v2015.11.26.01
Licenza: Periodo di prova
Protezione da malware: Attivata
Protezione da siti web nocivi: Attivata
Auto-protezione: Disattivata

SO: Windows 8
CPU: x64
File system: NTFS
Utente: Roberto

Tipo di scansione: Ricerca elementi nocivi
Risultati: Completata
Elementi analizzati: 338942
Tempo impiegato: 12 min, 56 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Euristiche: Attivata
PUP: Attivata
PUM: Attivata

Processi: 0
(Nessun elemento nocivo rilevato)

Moduli: 1
Trojan.Proxy, C:\Users\Roberto\AppData\Local\gectafl.dll, Elimina al riavvio, [a4363c65513a7bbbd787991d000112ee], 

Chiavi di registro: 19
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 

Valori di registro: 2
Trojan.Proxy, HKU\S-1-5-21-626076182-1482156565-3366870657-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gectafl, rundll32.exe "C:\Users\Roberto\AppData\Local\gectafl.dll",gectafl, In quarantena, [a4363c65513a7bbbd787991d000112ee]
Trojan.Tofsee, HKU\S-1-5-21-626076182-1482156565-3366870657-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|USJmedia, C:\Users\Roberto\AppData\Local\USJmedia\161716.exe, In quarantena, [d6049f02b1da979f8ec65e0e768e6a96]

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Cartelle: 0
(Nessun elemento nocivo rilevato)

File: 23
Trojan.Proxy, C:\Users\Roberto\AppData\Local\gectafl.dll, Elimina al riavvio, [a4363c65513a7bbbd787991d000112ee], 
Trojan.Tofsee, C:\Users\Roberto\AppData\Local\USJmedia\161716.exe, In quarantena, [d6049f02b1da979f8ec65e0e768e6a96], 
Trojan.Yakes, C:\Users\Roberto\AppData\Roaming\Fazala.exe, In quarantena, [96441c857e0dfd3925f59b0305fca35d], 
Trojan.Tofsee, C:\Users\Roberto\AppData\Local\Temp\161016.exe, In quarantena, [4f8b2d743358251196be3a329074ba46], 
Trojan.Tofsee, C:\Users\Roberto\AppData\Local\Temp\161716.exe, In quarantena, [be1cfaa72e5da591bc9894d8b351b34d], 
Ransom.CryptoWall, C:\Users\Roberto\AppData\Local\Temp\24EB.tmp, In quarantena, [2ab0b7ea315aee48c7b46e48f90843bd], 
Ransom.CryptoWall, C:\Users\Roberto\AppData\Local\Temp\24EC.tmp, In quarantena, [d00a267bd9b22d097b005e58659cf50b], 
Ransom.CryptoWall, C:\Users\Roberto\AppData\Local\Temp\33A1.tmp, In quarantena, [0bcfb1f0fd8e43f3e09b09ad936e3dc3], 
Ransom.CryptoWall, C:\Users\Roberto\AppData\Local\Temp\a, In quarantena, [7f5be2bf9bf077bfb2c99f172bd6d729], 
Ransom.CryptoWall, C:\Users\Roberto\AppData\Local\Temp\a.exe, In quarantena, [c01a8b1623688ea8b0cbe2d4ea173ac6], 
Trojan.Downloader.BLO, C:\Users\Roberto\AppData\Local\Temp\ddl.exe, In quarantena, [20baf1b00c7f53e32650064c01001be5], 
Trojan.Yakes, C:\Users\Roberto\AppData\Local\Temp\nskA36C.tmp\newnew.exe, In quarantena, [6b6f2f726229a294f4266d31eb16827e], 
Trojan.Yakes, C:\Users\Roberto\AppData\Local\Temp\nsqBFA4.tmp\newnew.exe, In quarantena, [efeb5f423952ae888c8e1b8337ca9b65], 
PUP.Optional.OpenCandy, C:\Users\Roberto\AppData\Local\Temp\HYD718.tmp.1444214335\HTA\install.1444214335.zip, In quarantena, [e9f18c1583085cdacc21c2473fc33dc3], 
PUP.Optional.OpenCandy, C:\Users\Roberto\AppData\Local\Temp\HYD718.tmp.1444214335\HTA\3rdparty\OCComSDK.dll, In quarantena, [5783633ed0bbbe7811dcd633986a27d9], 
Ransom.CryptoWall, C:\Users\Roberto\AppData\Local\Temp\24eb.tmp.56934.gzquar, In quarantena, [59817a27434801355c1f9125669bdf21], 
Ransom.CryptoWall, C:\Users\Roberto\AppData\Local\Temp\24ec.tmp.142760.gzquar, In quarantena, [2dad6b365e2d171f91ea0fa7738e7d83], 
Ransom.CryptoWall, C:\Users\Roberto\AppData\Local\Temp\33a1.tmp.140287.gzquar, In quarantena, [8a508d14ff8cb284ea912f8705fcf808], 
Ransom.CryptoWall, C:\Users\Roberto\AppData\Local\Temp\a.142793.gzquar, In quarantena, [dbff544dee9d74c288f3b303ff02c43c], 
Ransom.CryptoWall, C:\Users\Roberto\AppData\Local\Temp\a.exe.57836.gzquar, In quarantena, [7565247dbbd0280e8cef6a4ccb369d63], 
Trojan.Downloader.BLO, C:\Users\Roberto\AppData\Local\Temp\ddl.exe.145495.gzquar, In quarantena, [8159d2cf7f0c6bcbf284e46e56ab13ed], 
Trojan.Yakes, C:\Users\Roberto\AppData\Local\Temp\nskA36C.tmp\newnew.exe.152976.gzquar, In quarantena, [7a60f7aaaddecb6b14060c9230d108f8], 
Trojan.Yakes, C:\Users\Roberto\AppData\Local\Temp\nsqBFA4.tmp\newnew.exe.168129.gzquar, In quarantena, [24b67a27355665d1fe1c613dc140e41c], 

Settori fisici: 0
(Nessun elemento nocivo rilevato)


(end)