|
|||||||
|
|
|
 |
|
|
Strumenti |
19-11-2010, 21:42
|
#1 |
|
Member
Iscritto dal: Jul 2009
Messaggi: 287
|
Probabile infezione?!
Sera!
Mi è venuto questo dubbio verificando un' insolita lentezza nella navigazione in Internet. Dopo aver scansionato con Malwarebytes' Anti-Malware e con Avira AntiVir Personal, ho notato un nuovo processo girare nel mio pc: Skypya.exe. Ho cercato dettagli su google ma non trovo nulla. In conclusione vi posto questo screen: [che nervoso, non mi fa caricare il jpg da nessun sito, neanche tramite questo forum, è strano però che solo oggi sia così lento il mio modem] .. E il log di Hijackthis: Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 19.41.24, on 19/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Avira\AntiVir Desktop\sched.exe C:\Programmi\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Teo\Dati applicazioni\Microsoft\Windows\shell.exe C:\Programmi\Avira\AntiVir Desktop\avshadow.exe C:\DOCUME~1\Teo\IMPOST~1\Temp\dwm.exe C:\Programmi\Avira\AntiVir Desktop\avgnt.exe C:\Programmi\Lingoes\Lingoes.exe C:\Programmi\PrintScreen\PrintScreen.exe C:\Programmi\Winamp\winamp.exe C:\Documents and Settings\Teo\Dati applicazioni\Microsoft\svchost.exe C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\Programmi\DAEMON Tools Net\DTNetSrv.exe C:\Programmi\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Teo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Teo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Teo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Teo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Teo\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\Skypya.exe C:\Documents and Settings\Teo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\msiexec.exe C:\Programmi\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.netlog.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT2582604 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://it.netlog.com/ie8services/view=welcomePage R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fornito da Netlog R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F3 - REG:win.ini: load=C:\DOCUME~1\Teo\IMPOST~1\Temp\dwm.exe O1 - Hosts: 74.208.105.171 gs.apple.com O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min /ns O4 - HKLM\..\Run: [svchost] C:\Documents and Settings\Teo\Dati applicazioni\Microsoft\svchost.exe O4 - HKCU\..\Run: [Lingoes] C:\Programmi\Lingoes\Lingoes.exe -minimize O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Programmi\PrintScreen\PrintScreen.exe /nosplash O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\install\WinUpdatr.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\install\WinUpdatr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: TransBar.lnk = C:\Programmi\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: Winamp.lnk = C:\Programmi\Winamp\winamp.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: DTNetService - DT Soft Ltd - C:\Programmi\DAEMON Tools Net\DTNetSrv.exe O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7724 bytes 
Ultima modifica di TeoFirefox : 19-11-2010 alle 21:50. |
|
|
20-11-2010, 09:53
|
#2 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Per il controllo del log di HJT esiste un 3D dedicato http://www.hwupgrade.it/forum/showthread.php?t=937676, allegalo nel rispetto delle modalità indicate.
__________________
Try again and you will be luckier.
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 01:35.
