Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 3 1 2 3 ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 29
  1. 04-02-2011, 12:54 #1
    lucasspd
    lucasspd non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2007
    Messaggi
    503

    Controllo hijakthis provabile virus

    Salve,

    Vi invio hijakthis per un Vostro controllo. Ho rallentamento internet.

    Mi sembra che ci sia qualcosa su hijak che non va...


    Hijak appena scaricato e installato da internet, sottostante la scansiona:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11.30.55, on 04/02/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20733)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    C:\Programmi\Bonjour\mDNSResponder.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\RamBooster 2.0\Rambooster.exe
    C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Programmi\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService. exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Programmi\PopTray\PopTray.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
    O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RamBooster] C:\Programmi\RamBooster 2.0\Rambooster.exe
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: PopTray.lnk = C:\Programmi\PopTray\PopTray.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BF23BDC4-2E02-45D9-A6A9-142F5E8E142E}: NameServer = 151.99.125.1,151.99.0.100
    Rispondi quotando Rispondi quotando
  2. 04-02-2011, 12:57 #2
    lucasspd
    lucasspd non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2007
    Messaggi
    503
    2 parte di hijak:

    O18 - Protocol: bw+0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {79E39F50-31A8-4AB4-AAAD-881AF6E01732} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    Rispondi quotando Rispondi quotando
  3. 04-02-2011, 12:58 #3
    lucasspd
    lucasspd non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2007
    Messaggi
    503
    3 parte hijak


    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService. exe

    --
    End of file - 19239 bytes
    Rispondi quotando Rispondi quotando
  4. 05-02-2011, 09:07 #4
    lucasspd
    lucasspd non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2007
    Messaggi
    503
    Nessuno sa dirmi se tutto è apposto ???
    Rispondi quotando Rispondi quotando
  5. 05-02-2011, 19:45 #5
    lucasspd
    lucasspd non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2007
    Messaggi
    503
    Nessuno mi aiuta......?
    Rispondi quotando Rispondi quotando
  6. 05-02-2011, 21:13 #6
    lucasspd
    lucasspd non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2007
    Messaggi
    503

    Malwarebytes mi rileva 5 malv.

    Ho fatto una scansione con malwarebytes e mi rileva quanto segue:


    Voci infette nei dati di registro:
    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Inte rnet Explorer\Control Panel\HomePage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Int ernet Explorer\Control Panel\HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\In ternet Explorer\control panel\HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> No action taken.

    Cartelle infette:
    (Non sono stati rilevati elementi nocivi)

    File infetti:
    c:\documents and settings\administrator\documenti\programmi 2007\tirecalc01.exe (Spyware.Passwords) -> No action taken.


    Per favore ditemi se devo eliminare queste voci infette....
    Rispondi quotando Rispondi quotando
  7. 10-02-2011, 19:21 #7
    lucasspd
    lucasspd non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2007
    Messaggi
    503
    nessuna ripsposta..... ha però...
    Rispondi quotando Rispondi quotando
  8. 10-02-2011, 19:21 #8
    lucasspd
    lucasspd non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2007
    Messaggi
    503
    ha però.... nessuna risposta....
    Rispondi quotando Rispondi quotando
  9. 10-02-2011, 20:36 #9
    Habanero
    Habanero non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di Habanero
    Registrato dal
    Jun 2001
    Messaggi
    9,782
    lucasspd per favore non aprire più discussioni sullo stesso argomento... ho unito i due thread...

    Abbi pazienza e vedrai che qualcuno ti aiuterà.
    Leggi il REGOLAMENTO!

    E' molto complicato, un mucchio di input e output, una quantità di informazioni, un mucchio di elementi da considerare, ho una quantità di elementi da tener presente...
    Drugo
    Rispondi quotando Rispondi quotando
  10. 11-02-2011, 00:35 #10
    SkinBonno
    SkinBonno non è in linea
    Utente di HTML.it L'avatar di SkinBonno
    Registrato dal
    Dec 2007
    residenza
    Bologna
    Messaggi
    1,139
    Elimina quanto rilevato da malwarebytes.
    Da hijack non risulta nulla di anomalo.. proviamo a vedere se c'è qualcosa.

    Scarica Combofix usando Internet Explorer e salvalo sul desktop. Quando lo salvi, rinominalo in abc.exe. Disconnettiti da internet, disattiva l'antivirus. Avvia Combofix (abc.exe) e attendi la fine della scansione.
    Non eseguire nessuna operazione mentre Combofix analizza il pc, non muovere nemmeno il mouse, potresti bloccare la scansione.
    Finita la scansione il pc si dovrebbe riavviare e in C: dovresti avere un rapporto Combofix.txt. Carica questo rapporto su Wikisend e riporta sul forum il link che otterrai.

    N.B. Nel caso non riesci a fare partire combofix, da start-->esegui copia e incolla questa riga di comando comprese le virgolette e dai invio:

    "%userprofile%\desktop\abc.exe" /killall

    La scansione dovrebbe partire in automatico.
    La vita è fatta a scale, c'è chi scende e c'è chi cade.

    Se avrei studiato, avessi imparato. [Cit. Leone di Lernia ]
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.