Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 2 su 2

Discussione: Sospetti di infezione

  1. 23-12-2010, 11:39 #1
    luca200
    luca200 non è in linea
    Utente di HTML.it L'avatar di luca200
    Registrato dal
    Apr 2002
    Messaggi
    4,120
    Invia un messaggio tramite ICQ a luca200

    Sospetti di infezione

    Buongiorno,

    da un paio di giorni ho il pc che si impalla in maniera sospetta dopo qualche ora dall'accensione.
    Ho fatto una scansione con hijackthis e quello sotto è il risultato. I luminari vedono qualcosa di losco?

    Grazie


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 0.42.08, on 23/12/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    C:\Programmi\Apache Group\Apache2\bin\Apache.exe
    C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
    C:\Programmi\isposure\IsposureAgent.exe
    C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
    C:\Programmi\Apache Group\Apache2\bin\Apache.exe
    C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
    C:\Programmi\isposure\IsposureAgent.exe
    C:\Programmi\LogMeIn\x86\RaMaint.exe
    C:\Programmi\LogMeIn\x86\LogMeIn.exe
    C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
    C:\Programmi\CDBurnerXP\NMSAccessU.exe
    C:\Programmi\PDF Complete\pdfsvc.exe
    c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\SMINST\Scheduler.exe
    C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
    C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
    C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Programmi\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe
    C:\Programmi\Creative\Shared Files\CTSched.exe
    C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
    C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
    C:\Programmi\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\program files\real\realplayer\update\realsched.exe
    C:\Programmi\Windows Live\Messenger\msnmsgr.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\Creative\Shared Files\CamTray.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Programmi\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Programmi\OpenOffice.org 3\program\soffice.exe
    C:\Programmi\OpenOffice.org 3\program\soffice.bin
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Programmi\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Programmi\RegCleaner\RegCleanr.exe
    C:\Programmi\Uniblue\RegistryBooster\rbmonitor.exe
    C:\Programmi\Uniblue\RegistryBooster\registryboost er.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Downloads\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Programmi\Skype\Toolbars\Shared\SkypeNames2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:8080/locale/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...smb&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...smb&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...smb&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\I E\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [PDF Complete] C:\Programmi\PDF Complete\pdfsty.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
    O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programmi\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
    O4 - HKLM\..\Run: [ApacheTomcatMonitor] "C:\Programmi\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe" //MS//Tomcat6
    O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Programmi\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ASUSWebStorage] C:\Programmi\ASUS\ASUS WebStorage\2.2.0.5beta\ASUSWSDashBoard.exe /S
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Programmi\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gianluca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [RegistryBooster] "C:\Programmi\Uniblue\RegistryBooster\launcher.exe " delay 20000
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programmi\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar Cerca - C:\Documents and Settings\All Users\Dati applicazioni\AOL\ieToolbar\resources\it-IT\local\search.html
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmi\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=74&bd=smb&pf=d esktop
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://extranet.unicredit.it/dana-c...erSetupSP1.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.unicredit.it/dana-c...etupClient.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{498A263B-B1F1-4283-A727-C9BDDC679C43}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    segue....
    Rispondi quotando Rispondi quotando
  2. 23-12-2010, 11:39 #2
    luca200
    luca200 non è in linea
    Utente di HTML.it L'avatar di luca200
    Registrato dal
    Apr 2002
    Messaggi
    4,120
    Invia un messaggio tramite ICQ a luca200
    ...ecco il seguito

    O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apache2 - Apache Software Foundation - C:\Programmi\Apache Group\Apache2\bin\Apache.exe
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Programmi\isposure\IsposureAgent.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
    O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Programmi\PDF Complete\pdfsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Programmi\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe

    --
    End of file - 13567 bytes
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.