il LORD
20-04-2016, 21:51
Buonasera,
pochi giorni fa mi sono stati sottratti oltre 700 euro tramite 4 operazioni non autorizzate, sul mio conto paypal. Sembra che mi verrà restituito tutto, ma vorrei capire come è successo e se ho ancora un dispositivo infetto.
Da una scansione con malwarebytes su un pc, sono stati eliminati una trentina di voci, qualcuno è in grado di leggere il log di MB e dirmi se tra queste c'è qualcosa che possa aver sottratto le password di paypal e facebook?
Ho paura di avere ancora qualcosa in giro (AVG non rileva nulla).
Grazie.
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/04/19 19:49:38 +0200</date>
<logfile>mbam-log-2016-04-19 (19-49-33).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.04.19.05</malware-database>
<rootkit-database>v2016.04.17.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>BLSAS-PC</hostname>
<ip>192.168.0.12</ip>
<osversion>Windows 10</osversion>
<arch>x64</arch>
<username>BL SAS</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>472228</objects>
<time>374</time>
<processes>0</processes>
<modules>0</modules>
<keys>11</keys>
<values>4</values>
<datas>0</datas>
<folders>4</folders>
<files>11</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{82D3DE1D-59AF-4C9F-9F6D-415E2DAA8A32}</path><vendor>PUP.Optional.Binkiland</vendor><action>delete-on-reboot</action><hash>6e437a36267394a2a66d089b13f1fe02</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Binkiland taro</path><vendor>PUP.Optional.Binkiland</vendor><action>delete-on-reboot</action><hash>f5bca10fc0d9a096bfc856c108fc20e0</hash></key>
<key><path>HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE</path><vendor>PUM.Optional.DisableChromeUpdates</vendor><action>success</action><hash>28892a866237af870535ea9fc63e6898</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork</path><vendor>PUP.Optional.APNToolBar.Gen</vendor><action>success</action><hash>d4ddd7d98d0c96a0ead4ec5529da59a7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}</path><vendor>PUP.Optional.SuperOptimizer</vendor><action>success</action><hash>624f1799cecba096c2574703df25c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}</path><vendor>PUP.Optional.SuperOptimizer</vendor><action>success</action><hash>cee30ea21d7cd1658e8c6ae0a95bde22</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{31064272}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>e5cca0105f3a34022b6b092f52b233cd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE</path><vendor>PUM.Optional.DisableChromeUpdates</vendor><action>success</action><hash>bcf5b0009900a096be7c1b6e15ef14ec</hash></key>
<key><path>HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}</path><vendor>PUP.Optional.SuperOptimizer</vendor><action>success</action><hash>b4fd139d58410f27e233ba90d72de51b</hash></key>
<key><path>HKU\S-1-5-21-1780730209-94543091-3333029319-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}</path><vendor>PUP.Optional.SuperOptimizer</vendor><action>success</action><hash>03aeefc1891052e49f76e06a7c8834cc</hash></key>
<key><path>HKU\S-1-5-21-1780730209-94543091-3333029319-1000\SOFTWARE\PRODUCTSETUP</path><vendor>PUP.Optional.ProductSetup</vendor><action>success</action><hash>882959570b8e60d6280c90afb74da858</hash></key>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{82D3DE1D-59AF-4C9F-9F6D-415E2DAA8A32}</path><valuename>Path</valuename><vendor>PUP.Optional.Binkiland</vendor><action>delete-on-reboot</action><valuedata>\Binkiland taro</valuedata><hash>6e437a36267394a2a66d089b13f1fe02</hash></value>
<value><path>HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE</path><valuename>DisableAutoUpdateChecksCheckboxValue</valuename><vendor>PUM.Optional.DisableChromeUpdates</vendor><action>success</action><valuedata>1</valuedata><hash>28892a866237af870535ea9fc63e6898</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE</path><valuename>DisableAutoUpdateChecksCheckboxValue</valuename><vendor>PUM.Optional.DisableChromeUpdates</vendor><action>success</action><valuedata>1</valuedata><hash>bcf5b0009900a096be7c1b6e15ef14ec</hash></value>
<value><path>HKU\S-1-5-21-1780730209-94543091-3333029319-1000\SOFTWARE\PRODUCTSETUP</path><valuename>tb</valuename><vendor>PUP.Optional.ProductSetup</vendor><action>success</action><valuedata>0Q2P2X1C1N1K0J2X2X1G1M1F2V</valuedata><hash>882959570b8e60d6280c90afb74da858</hash></value>
<folder><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></folder>
<folder><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></folder>
<folder><path>C:\Users\BL SAS\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z</path><vendor>PUP.Optional.BundleInstaller</vendor><action>success</action><hash>674a8a268b0e1e18586c21ec16ed2bd5</hash></folder>
<folder><path>C:\Users\BL SAS\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z\Google Chrome Packages</path><vendor>PUP.Optional.BundleInstaller</vendor><action>success</action><hash>674a8a268b0e1e18586c21ec16ed2bd5</hash></folder>
<file><path>C:\Windows\System32\roboot64.exe</path><vendor>PUP.Optional.SysTweak</vendor><action>success</action><hash>169b624e2a6fae88dc1ebb6d16ecaf51</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\fiber.js</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\aowLC</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\dExtent</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\extent</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\hdat1</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\hdat2</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\sqlite3.dll</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\Users\BG Srl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage</path><vendor>PUP.Optional.IStartSurf.ShrtCln</vendor><action>success</action><hash>09a8337dc1d837ff9368a068867e20e0</hash></file>
<file><path>C:\Users\BG Srl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal</path><vendor>PUP.Optional.IStartSurf.ShrtCln</vendor><action>success</action><hash>e8c98a26f8a1bc7a64971eea6f95ca36</hash></file>
<file><path>C:\Users\BL SAS\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z\Google Chrome Packages\uninstaller.exe</path><vendor>PUP.Optional.BundleInstaller</vendor><action>success</action><hash>674a8a268b0e1e18586c21ec16ed2bd5</hash></file>
</items>
</mbam-log>
pochi giorni fa mi sono stati sottratti oltre 700 euro tramite 4 operazioni non autorizzate, sul mio conto paypal. Sembra che mi verrà restituito tutto, ma vorrei capire come è successo e se ho ancora un dispositivo infetto.
Da una scansione con malwarebytes su un pc, sono stati eliminati una trentina di voci, qualcuno è in grado di leggere il log di MB e dirmi se tra queste c'è qualcosa che possa aver sottratto le password di paypal e facebook?
Ho paura di avere ancora qualcosa in giro (AVG non rileva nulla).
Grazie.
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/04/19 19:49:38 +0200</date>
<logfile>mbam-log-2016-04-19 (19-49-33).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.04.19.05</malware-database>
<rootkit-database>v2016.04.17.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>BLSAS-PC</hostname>
<ip>192.168.0.12</ip>
<osversion>Windows 10</osversion>
<arch>x64</arch>
<username>BL SAS</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>472228</objects>
<time>374</time>
<processes>0</processes>
<modules>0</modules>
<keys>11</keys>
<values>4</values>
<datas>0</datas>
<folders>4</folders>
<files>11</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{82D3DE1D-59AF-4C9F-9F6D-415E2DAA8A32}</path><vendor>PUP.Optional.Binkiland</vendor><action>delete-on-reboot</action><hash>6e437a36267394a2a66d089b13f1fe02</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Binkiland taro</path><vendor>PUP.Optional.Binkiland</vendor><action>delete-on-reboot</action><hash>f5bca10fc0d9a096bfc856c108fc20e0</hash></key>
<key><path>HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE</path><vendor>PUM.Optional.DisableChromeUpdates</vendor><action>success</action><hash>28892a866237af870535ea9fc63e6898</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork</path><vendor>PUP.Optional.APNToolBar.Gen</vendor><action>success</action><hash>d4ddd7d98d0c96a0ead4ec5529da59a7</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\{1146AC44-2F03-4431-B4FD-889BC837521F}</path><vendor>PUP.Optional.SuperOptimizer</vendor><action>success</action><hash>624f1799cecba096c2574703df25c63a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}</path><vendor>PUP.Optional.SuperOptimizer</vendor><action>success</action><hash>cee30ea21d7cd1658e8c6ae0a95bde22</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{31064272}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>e5cca0105f3a34022b6b092f52b233cd</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE</path><vendor>PUM.Optional.DisableChromeUpdates</vendor><action>success</action><hash>bcf5b0009900a096be7c1b6e15ef14ec</hash></key>
<key><path>HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}</path><vendor>PUP.Optional.SuperOptimizer</vendor><action>success</action><hash>b4fd139d58410f27e233ba90d72de51b</hash></key>
<key><path>HKU\S-1-5-21-1780730209-94543091-3333029319-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}</path><vendor>PUP.Optional.SuperOptimizer</vendor><action>success</action><hash>03aeefc1891052e49f76e06a7c8834cc</hash></key>
<key><path>HKU\S-1-5-21-1780730209-94543091-3333029319-1000\SOFTWARE\PRODUCTSETUP</path><vendor>PUP.Optional.ProductSetup</vendor><action>success</action><hash>882959570b8e60d6280c90afb74da858</hash></key>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{82D3DE1D-59AF-4C9F-9F6D-415E2DAA8A32}</path><valuename>Path</valuename><vendor>PUP.Optional.Binkiland</vendor><action>delete-on-reboot</action><valuedata>\Binkiland taro</valuedata><hash>6e437a36267394a2a66d089b13f1fe02</hash></value>
<value><path>HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE</path><valuename>DisableAutoUpdateChecksCheckboxValue</valuename><vendor>PUM.Optional.DisableChromeUpdates</vendor><action>success</action><valuedata>1</valuedata><hash>28892a866237af870535ea9fc63e6898</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE</path><valuename>DisableAutoUpdateChecksCheckboxValue</valuename><vendor>PUM.Optional.DisableChromeUpdates</vendor><action>success</action><valuedata>1</valuedata><hash>bcf5b0009900a096be7c1b6e15ef14ec</hash></value>
<value><path>HKU\S-1-5-21-1780730209-94543091-3333029319-1000\SOFTWARE\PRODUCTSETUP</path><valuename>tb</valuename><vendor>PUP.Optional.ProductSetup</vendor><action>success</action><valuedata>0Q2P2X1C1N1K0J2X2X1G1M1F2V</valuedata><hash>882959570b8e60d6280c90afb74da858</hash></value>
<folder><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></folder>
<folder><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></folder>
<folder><path>C:\Users\BL SAS\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z</path><vendor>PUP.Optional.BundleInstaller</vendor><action>success</action><hash>674a8a268b0e1e18586c21ec16ed2bd5</hash></folder>
<folder><path>C:\Users\BL SAS\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z\Google Chrome Packages</path><vendor>PUP.Optional.BundleInstaller</vendor><action>success</action><hash>674a8a268b0e1e18586c21ec16ed2bd5</hash></folder>
<file><path>C:\Windows\System32\roboot64.exe</path><vendor>PUP.Optional.SysTweak</vendor><action>success</action><hash>169b624e2a6fae88dc1ebb6d16ecaf51</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\fiber.js</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\aowLC</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\dExtent</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\extent</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\hdat1</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\hdat2</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\ProgramData\{D7073FC4-8785-EE42-3603-9EC0E6814D4E}\1.9.3.1\sqlite3.dll</path><vendor>PUP.Optional.Fiber.AppFlsh</vendor><action>success</action><hash>1d94fbb5cecb56e09cfac973778cdb25</hash></file>
<file><path>C:\Users\BG Srl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage</path><vendor>PUP.Optional.IStartSurf.ShrtCln</vendor><action>success</action><hash>09a8337dc1d837ff9368a068867e20e0</hash></file>
<file><path>C:\Users\BG Srl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal</path><vendor>PUP.Optional.IStartSurf.ShrtCln</vendor><action>success</action><hash>e8c98a26f8a1bc7a64971eea6f95ca36</hash></file>
<file><path>C:\Users\BL SAS\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z\Google Chrome Packages\uninstaller.exe</path><vendor>PUP.Optional.BundleInstaller</vendor><action>success</action><hash>674a8a268b0e1e18586c21ec16ed2bd5</hash></file>
</items>
</mbam-log>