lustig ha scritto:Ecco il log di hijackthis.
Virus? Da dove è passato?
MI pare di essere perfino esagerato quanto a protezione....almeno credo.
Come antivirus, uso "antivir" della HBEDV
A proposito di antivirus, sono alcuni giorni che non riesco a fare l'aggiornamento non si collega al sito della casa produttrice.
Grazie per le risposte.
Logfile of HijackThis v1.99.1
Scan saved at 17.48.02, on 09/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Programmi\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\System32\wfxsnt40.exe
C:\Programmi\Microsoft Hardware\Keyboard\speedkey.exe
C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
G:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\FreePOPs\freepopsd.exe
C:\Documents and Settings\GIAMPY\Menu Avvio\Programmi\Esecuzione
automatica\mouse32a.exe
G:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\C6 Messenger\TinMessenger.exe
C:\Programmi\Foxmail 5.0\Foxmail.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\GIAMPY\Desktop\SECURITY\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.virgilio.it/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.virgilio.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Collegamenti
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\windows\googletoolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Programmi\Microsoft
Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched]
C:\Programmi\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [gcasServ] "G:\Programmi\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - Startup: freepop.lnk = C:\Programmi\FreePOPs\freepopsd.exe
O4 - Startup: mouse32a.exe
O8 - Extra context menu item: &Google Search -
res://C:\WINDOWS\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .pdf: C:\Programmi\Internet
Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -
http://toolbar.google.com/data/GoogleActivate.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnme ... loader.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{564308F8-38DD-4025-9579-25D79C0BEE9B
}: NameServer = 85.37.17.6 151.99.125.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA56639D-86B7-489B-9978-AF607B20EDD8
}: NameServer = 151.99.125.2,151.99.250.2
O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\System32\catsrvut.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik
GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH,
Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner -
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation -
C:\WINDOWS\System32\WFXSVC.EXE