In ogni caso vi mostro la scansione con hjiackthis:
Logfile of Trend Micro
HijackThis v2.0.2
Scan saved at 23.10.18, on
30/11/2008
Platform: Windows XP SP3 (WinNT
5.01.2600)
MSIE: Internet Explorer v7.00
(7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\Programmi\Alwil
Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil
Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashD
isp.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerm
inatorShield.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Spamihilator\spamih
ilator.exe
C:\Programmi\Messenger\msmsgs.ex
e
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATnotes\ATnotes.exe
C:\Programmi\File
comuni\Acronis\Schedule2\schedul
2.exe
C:\Programmi\Adobe\Photoshop
Elements
4.0\PhotoshopElementsFileAgent.e
xe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\File
comuni\Apple\Mobile Device
Support\bin\AppleMobileDeviceSer
vice.exe
C:\Programmi\Nero\Nero8\Nero
BackItUp\NBService.exe
C:\Programmi\Raxco\PerfectDisk\P
DAgent.exe
C:\WINDOWS\system32\PSIService.e
xe
C:\Programmi\Sandboxie\SbieSvc.e
xe
C:\PROGRA~1\SPYWAR~1\sp_rsser.ex
e
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil
Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil
Software\Avast4\ashWebSv.exe
C:\Programmi\Raxco\PerfectDisk\P
DEngine.exe
C:\Programmi\Internet
Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Trend
Micro\HijackThis\HijackThis.exe
R0 -
HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
LinkId=69157
R1 -
HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL
=
LinkId=54896
R1 -
HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
LinkId=54896
R0 -
HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
LinkId=69157
R0 -
HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant
=
R0 -
HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName
= Collegamenti
R3 - URLSearchHook: Yahoo!
Toolbar con blocco Pop-Up -
{EF99BD32-C1FB-11D2-892F-0090271
D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link
Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6
BE0B3} -
C:\Programmi\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
(file missing)
O2 - BHO: Groove GFS Browser
Helper -
{72853161-30C5-4D22-B7F9-0BBC1D3
8A37E} -
C:\PROGRA~1\MICROS~2\Office12\GR
A8E1~1.DLL
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D
92D43} -
C:\Programmi\Java\jre1.6.0_06\bi
n\ssv.dll
O2 - BHO: Cooliris Plug-In for
Internet Explorer -
{EAEE5C74-6D0D-4aca-9232-0DA4A7B
866BA} - (no file)
O4 - HKLM\..\Run: [avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashD
isp.exe
O4 - HKLM\..\Run: [SmcService]
C:\PROGRA~1\Sygate\SPF\smc.exe
-startgui
O4 - HKLM\..\Run:
[SpywareTerminator]
"C:\PROGRA~1\SPYWAR~1\SpywareTer
minatorShield.exe"
O4 - HKLM\..\Run: [QuickTime
Task]
"C:\Programmi\QuickTime\qttask.e
xe" -atboottime
O4 - HKCU\..\Run: [Spamihilator]
"C:\Programmi\Spamihilator\spami
hilator.exe"
O4 - HKCU\..\Run: [MSMSGS]
"C:\Programmi\Messenger\msmsgs.e
xe" /background
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATnotes.exe]
C:\Programmi\ATnotes\ATnotes.exe
O4 - HKUS\S-1-5-19\..\Run:
[CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE
(User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run:
[CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE
(User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run:
[CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run:
[CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE
(User 'Default user')
O8 - Extra context menu item:
E&sporta in Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Offic
e12\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C6
08501} -
C:\Programmi\Java\jre1.6.0_06\bi
n\ssv.dll
O9 - Extra 'Tools' menuitem: Sun
Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C6
08501} -
C:\Programmi\Java\jre1.6.0_06\bi
n\ssv.dll
O9 - Extra button: Invia a
OneNote -
{2670000A-7350-4f3c-8081-5663EE0
C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ON
BttnIE.dll
O9 - Extra 'Tools' menuitem:
I&nvia a OneNote -
{2670000A-7350-4f3c-8081-5663EE0
C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ON
BttnIE.dll
O9 - Extra button: Launch
Cooliris -
{3437D640-C91A-458f-89F5-B9095EA
4C28B} -
C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571
A8263} -
C:\PROGRA~1\MICROS~2\Office12\RE
FIEBAR.DLL
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba384
96583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba384
96583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F7
95683} -
C:\Programmi\Messenger\msmsgs.ex
e
O9 - Extra 'Tools' menuitem:
Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F7
95683} -
C:\Programmi\Messenger\msmsgs.ex
e
O16 - DPF: CabBuilder -
oolbar/download/InstallerControl
.cab
O16 - DPF:
{0CCA191D-13A6-4E29-B746-314DEE6
97D83} (Facebook Photo Uploader
5 Control) -
ols/2008.10.10_v5.5.8/FacebookPh
otoUploader5.cab
O16 - DPF:
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29
F7F75} (CKAVWebScan Object) -
/partner/default/kavwebscan_unic
ode.cab
O16 - DPF:
{193C772A-87BE-4B19-A7BB-445B226
FE9A1} (ewidoOnlineScan Control)
-
OnlineScan.cab
O16 - DPF:
{20A60F0D-9AFA-4515-A0FD-83BD846
42501} (Checkers Class) -
nary/msgrchkr.cab56986.cab
O16 - DPF:
{30528230-99f7-4bb4-88d8-fa1d4f5
6a2ab} (YInstStarter Class) -
C:\Programmi\Yahoo!\Common\yinst
helper.dll
O16 - DPF:
{4F1E5B1A-2A80-42CA-8532-2D05CB9
59537} (MSN Photo Upload Tool) -
resources/MSNPUpld.cab
O16 - DPF:
{5D637FAD-E202-48D1-8F18-5B9C459
BD1E3} (Image Uploader Control)
-
ascripts/aurigma/ImageUploader5.
cab
O16 - DPF:
{5D86DDB5-BDF9-441B-9E9E-D4730F4
EE499} (BDSCANONLINE Control) -
resources/scan8/oscan8.cab
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33
E833C} (WUWebControl Class) -
windowsupdate/v6/V5Controls/en/x
86/client/wuweb_site.cab?1193699
724437
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91
D2FC3} (MUWebControl Class) -
microsoftupdate/v6/V5Controls/en
/x86/client/muweb_site.cab?12018
72809468
O16 - DPF:
{8AD9C840-044E-11D1-B3E9-00805F4
99D93} (Java Runtime Environment
1.6.0) -
CDL/jre/6u6-b90/jinstall-6u6-win
dows-i586-jc.cab?AuthParam=12113
66978_2f9fac0d133bf0e8a85aeace78
62d872&GroupName=JSC&BHost=javad
l.sun.com&FilePath=/ESD42/JSCDL/
jre/6u6-b90/jinstall-6u6-windows
-i586-jc.cab&File=jinstall-6u6-w
indows-i586-jc.cab
O16 - DPF:
{C3F79A2B-B9B4-4A66-B012-3EE4647
5B072} (MessengerStatsClient
Class) -
nary/MessengerStatsPAClient.cab5
6907.cab
O18 - Protocol: grooveLocalGWS -
{88FED34C-F0CA-4636-A375-3CB6248
B04CD} -
C:\PROGRA~1\MICROS~2\Office12\GR
99D3~1.DLL
O23 - Service: Acronis
Scheduler2 Service (AcrSch2Svc)
- Acronis - C:\Programmi\File
comuni\Acronis\Schedule2\schedul
2.exe
O23 - Service: Adobe Active File
Monitor V4
(AdobeActiveFileMonitor4.0) -
Unknown owner -
C:\Programmi\Adobe\Photoshop
Elements
4.0\PhotoshopElementsFileAgent.e
xe
O23 - Service: Notebook Manager
Service (anbmService) - OSA
Technologies Inc. -
C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile
Device - Apple, Inc. -
C:\Programmi\File
comuni\Apple\Mobile Device
Support\bin\AppleMobileDeviceSer
vice.exe
O23 - Service: avast! iAVS4
Control Service (aswUpdSv) -
ALWIL Software -
C:\Programmi\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus
- ALWIL Software -
C:\Programmi\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail
Scanner - ALWIL Software -
C:\Programmi\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web
Scanner - ALWIL Software -
C:\Programmi\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: BCL easyPDF SDK 5
Loader (bepldr) - Unknown owner
- C:\Programmi\File comuni\BCL
Technologies\easyPDF
5\bepldr.exe
O23 - Service: InstallDriver
Table Manager (IDriverT) -
Macrovision Corporation -
C:\Programmi\File
comuni\InstallShield\Driver\11\I
ntel 32\IDriverT.exe
O23 - Service: Servizio iPod
(iPod Service) - Apple Inc. -
C:\Programmi\iPod\bin\iPodServic
e.exe
O23 - Service: Nero BackItUp
Scheduler 3 - Nero AG -
C:\Programmi\Nero\Nero8\Nero
BackItUp\NBService.exe
O23 - Service: NMIndexingService
- Nero AG - C:\Programmi\File
comuni\Nero\Lib\NMIndexingServic
e.exe
O23 - Service: PCLEPCI -
Pinnacle Systems GmbH -
C:\WINDOWS\system32\drivers\pcle
pci.sys
O23 - Service: PDAgent - Raxco
Software, Inc. -
C:\Programmi\Raxco\PerfectDisk\P
DAgent.exe
O23 - Service: PDEngine - Raxco
Software, Inc. -
C:\Programmi\Raxco\PerfectDisk\P
DEngine.exe
O23 - Service: ProtexisLicensing
- Unknown owner -
C:\WINDOWS\system32\PSIService.e
xe
O23 - Service: Sandboxie Service
(SbieSvc) - tzuk -
C:\Programmi\Sandboxie\SbieSvc.e
xe
O23 - Service: Sygate Personal
Firewall Pro (SmcService) -
Sygate Technologies, Inc. -
C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: Spyware
Terminator Realtime Shield
Service (sp_rssrv) - Crawler.com
-
C:\PROGRA~1\SPYWAR~1\sp_rsser.ex
e
--
End of file - 9667 bytes
PcPrimiPassi.it FORUM: SICUREZZA INFORMATICA: Infezioni informatiche e Sicurezza informatica in generale
Topic: Post n° 85.217 - Postato: 29/Novembre/2008 alle 18:59
Topic Attivi
Lista Membri
Calendario
Cerca
Aiuto
Registrati
Login
