Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

sospetta insinuazione trojan...

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

sospetta insinuazione trojan...

Postdi essed » 15/07/08 10:27

salve a tutti, spero mi possiate aiutare ancora una volta....
qui sotto illog di hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:22, on 2008-07-15
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Programmi\WinFax\WFXMOD32.EXE
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\sistray.EXE
C:\Programmi\Lexmark X5100 Series\lxbabmgr.exe
C:\Programmi\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Antamedia\Caffe\Server.exe
C:\Programmi\WinFax\WFXCTL32.EXE
C:\Programmi\Winamp\winamp.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\livecall.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\INTERN~1\IMPOST~1\Temp\LongX911.Exe
C:\WINDOWS\System32\dwwin.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
E:\download\virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Programmi\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: NOD32.lnk = C:\Programmi\Eset\nod32.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} (BLZPlayerAxCtrl Class) - http://visualizzamms.net.vodafone.it/mm ... tiveXs.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5140EE10-DFC4-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Image) - https://bdsbusinessweb.bancodisicilia.i ... J2kImg.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/233ebf4fde2 ... 601_it.cab
O16 - DPF: {572A663E-9756-4DAA-8F65-D97CEF308D64} (/Quercia TLQJ 2000-BDR) - https://bdsbusinessweb.bancodisicilia.i ... J2kBDR.cab
O16 - DPF: {59E6401A-A851-4E94-8DBA-40BD28BF4AA0} (/TlqJ 2000 LiberoBDR) - https://bdsbusinessweb.bancodisicilia.i ... Libero.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8905460484
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9389EFC0-3B78-482E-9974-6A365C571126} (/Quercia TLQJ 2000-TabF24) - https://bdsbusinessweb.bancodisicilia.i ... 2kTabF.cab
O16 - DPF: {A8680DA2-873A-11D4-928C-0050DAC7E112} (CTI_RECORDER) - http://fwbox.fastwebnet.it/webmail/comp ... plorer.cab
O16 - DPF: {AA0FB75C-C50E-47B6-B7E0-3B9C3FAA8AC4} (CamImage Class) - http://192.168.1.100/Comm/IPCamControl.cab
O16 - DPF: {B1738950-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-QCbi) - https://bdsbusinessweb.bancodisicilia.i ... J2kQCb.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CB572CC0-E5F9-11D3-B2C1-00105AE309D0} (/Quercia TLQJ 2000-QData) - https://bdsbusinessweb.bancodisicilia.i ... J2kQDt.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/ac ... inder2.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6CD73F-4246-4582-BFCE-A0AC341F9544}: NameServer = 62.211.69.150,212.48.4.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFA27DF-3492-4A06-9733-C61E4D66A21D}: NameServer = 62.211.69.150,212.48.4.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2C1FB77-9963-47C0-80CD-99D286902C78}: NameServer = 62.211.69.150,212.48.4.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE14F3BA-A6F4-463F-9D10-83DD7B61B2A5}: NameServer = 62.211.69.150,212.48.4.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programmi\Software Bluetooth\bin\btwdins.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE


grazie...
essed
Utente Junior
 
Post: 66
Iscritto il: 01/08/05 12:54

Sponsor
 

Re: sospetta insinuazione trojan...

Postdi SkunkWorks 68 » 15/07/08 11:07

Lascio la palla agli esperti di sezione,ma scusami se te lo faccio notare:Con il solo SP 1 di Windows XP in rete NON ci puoi stare(e anche se fai pulizia ti reinfetti subito).Adesso siamo al SP 3.
Ciao
"Quando ti svegli la mattina,pensa quale prezioso privilegio e’ essere vivi:respirare, pensare,provare gioia e amare"(Marco Aurelio).
Avatar utente
SkunkWorks 68
Utente Senior
 
Post: 2336
Iscritto il: 03/03/07 08:55

Re: sospetta insinuazione trojan...

Postdi essed » 15/07/08 11:25

grazie per l'interesse, ma non ho mai installato i servicepack perchè ho una lan e mi da problemi di incompatibilità...ho evitato fin'ora...
essed
Utente Junior
 
Post: 66
Iscritto il: 01/08/05 12:54

Re: sospetta insinuazione trojan...

Postdi Luke57 » 15/07/08 11:41

scarica Avgpfix da qui:
http://www.nod32.it/cgi-bin/mapdl.pl?tool=Agent.VP
e mettilo da parte.

scarica Ccleaner da qui
http://www.filehippo.com/download_cclea ... 62bffaa8c/
Non installare la toolbar di Yahoo durante la procedura di installazione,
,finita l'installazione, lascia le impostazioni di default del programma tranne che ,
cliccando su "Impostazioni">Avanzate" togli la spunta dalla casella
"Cancella file in windows temp solo se più vecchi di 48 ore"

Poi Apri hijackthis,premi "config", "misc tools", "open process manager", cerchi tra i processi presenti:
C:\DOCUME~1\INTERN~1\IMPOST~1\Temp\LongX911.Exe
lo evidenzi e premi kill process.
Torni alla pagina principale con back, premi "scan", cerchi e spunti le voci seguenti:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,

premi fix checked.

Avvia ccleaner e premi avvia pulizia

Poi da risorse del computer>strumenti>opzioni cartella>visualizzazione, metti la spunta a "visualizza file e cartelle nascosti">OK

Apri Avgpfix (basta lanciarlo, premere Start), individui il seguente file:
C:\WINDOWS\system32\secpol.exe
(premi ok per cancellare, dopo aver individuato il file)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: sospetta insinuazione trojan...

Postdi essed » 15/07/08 23:31

ora ci siamo???
grazie comunque per l'aiuto!
notte


Logfile of HijackThis v1.99.1
Scan saved at 00:29, on 2008-07-16
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\sistray.EXE
C:\Programmi\Lexmark X5100 Series\lxbabmgr.exe
C:\Programmi\Lexmark X5100 Series\lxbabmon.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Programmi\WinFax\WFXMOD32.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Winamp\winamp.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\WinFax\WFXCTL32.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\explorer.exe
C:\Antamedia\Caffe\Server.exe
E:\download\virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Programmi\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Caffe-Server] C:\Antamedia\Caffe\Server.exe
O4 - Startup: NOD32.lnk = C:\Programmi\Eset\Install\setup.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {04365000-DFC6-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Quercia) - https://bdsbusinessweb.bancodisicilia.i ... J2kQrc.cab
O16 - DPF: {0E64B286-F91C-442D-8B6D-0D78433AA93D} (BLZPlayerAxCtrl Class) - http://visualizzamms.net.vodafone.it/mm ... tiveXs.cab
O16 - DPF: {13083D70-37BD-11D4-B315-00508B6D3B87} (/Quercia TLQJ 2000-QF24) - https://bdsbusinessweb.bancodisicilia.i ... qJ2kQF.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {2A5C1DD0-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Other) - https://bdsbusinessweb.bancodisicilia.i ... J2kOth.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5140EE10-DFC4-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Image) - https://bdsbusinessweb.bancodisicilia.i ... J2kImg.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/233ebf4fde2 ... 601_it.cab
O16 - DPF: {572A663E-9756-4DAA-8F65-D97CEF308D64} (/Quercia TLQJ 2000-BDR) - https://bdsbusinessweb.bancodisicilia.i ... J2kBDR.cab
O16 - DPF: {59E6401A-A851-4E94-8DBA-40BD28BF4AA0} (/TlqJ 2000 LiberoBDR) - https://bdsbusinessweb.bancodisicilia.i ... Libero.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8905460484
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9389EFC0-3B78-482E-9974-6A365C571126} (/Quercia TLQJ 2000-TabF24) - https://bdsbusinessweb.bancodisicilia.i ... 2kTabF.cab
O16 - DPF: {A8680DA2-873A-11D4-928C-0050DAC7E112} (CTI_RECORDER) - http://fwbox.fastwebnet.it/webmail/comp ... plorer.cab
O16 - DPF: {AA0FB75C-C50E-47B6-B7E0-3B9C3FAA8AC4} (CamImage Class) - http://192.168.1.100/Comm/IPCamControl.cab
O16 - DPF: {B1738950-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-QCbi) - https://bdsbusinessweb.bancodisicilia.i ... J2kQCb.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CB572CC0-E5F9-11D3-B2C1-00105AE309D0} (/Quercia TLQJ 2000-QData) - https://bdsbusinessweb.bancodisicilia.i ... J2kQDt.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_11110.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/ac ... inder2.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6CD73F-4246-4582-BFCE-A0AC341F9544}: NameServer = 62.211.69.150,212.48.4.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFA27DF-3492-4A06-9733-C61E4D66A21D}: NameServer = 62.211.69.150,212.48.4.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2C1FB77-9963-47C0-80CD-99D286902C78}: NameServer = 62.211.69.150,212.48.4.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE14F3BA-A6F4-463F-9D10-83DD7B61B2A5}: NameServer = 62.211.69.150,212.48.4.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programmi\Software Bluetooth\bin\btwdins.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
essed
Utente Junior
 
Post: 66
Iscritto il: 01/08/05 12:54

Re: sospetta insinuazione trojan...

Postdi SkunkWorks 68 » 16/07/08 10:25

essed ha scritto:grazie per l'interesse, ma non ho mai installato i servicepack perchè ho una lan e mi da problemi di incompatibilità...ho evitato fin'ora...

Mi sembra molto strano :eeh: ,boh.
Ciao
"Quando ti svegli la mattina,pensa quale prezioso privilegio e’ essere vivi:respirare, pensare,provare gioia e amare"(Marco Aurelio).
Avatar utente
SkunkWorks 68
Utente Senior
 
Post: 2336
Iscritto il: 03/03/07 08:55

Re: sospetta insinuazione trojan...

Postdi essed » 16/07/08 23:06

SkunkWorks 68 ha scritto:
essed ha scritto:grazie per l'interesse, ma non ho mai installato i servicepack perchè ho una lan e mi da problemi di incompatibilità...ho evitato fin'ora...

Mi sembra molto strano :eeh: ,boh.
Ciao


...ok, allora, se vogliamo essere più specifici, uno dei programmi (il più importante) che uso nel contesto della gestione della lan, probabilmente giudicato troppo invasivo (dall'aggiornamento service pack 2 in poi) mi è totalmente sballato (per usare un termine tecnico)...
sinceramente dopo il primo esperimento a rischio, nei tempi che furono, non ho più provato, e magari ad oggi il programmatore, tra i vari upgrade, avrà anche trovato una valida soluzione...
se è così necessario alla mia incolumità lo installerò! giuro!
invece per il log, qualcuno mi sa dire qualcosa...?
grazie...
essed
Utente Junior
 
Post: 66
Iscritto il: 01/08/05 12:54

Re: sospetta insinuazione trojan...

Postdi Luke57 » 17/07/08 08:55

Ciao, il report sembra a posto.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "sospetta insinuazione trojan...":

trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27

Chi c’è in linea

Visitano il forum: Nessuno e 7 ospiti