Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Infezione GOOGLE ???

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Infezione GOOGLE ???

Messaggioda tyger » mar ago 02, 2011 7:14 pm

Sono ancora una volta qui a chiedere l'aiuto di qualche anima buona ...... [V]
Navigando in Rete mi sono accorto che Google non mostra più le pagine dei risultati di ricerca.
Sono con Win7 64bit, IE9 e Firefox.
IE9, sul sito di Google, alla richiesta di ricerca si blocca.
Firefox visualizza il seguente messaggio "I nostri sistemi hanno rilevato un traffico insolito proveniente dalla rete del tuo computer....."
e mi chiede di inserire un 'captcha' al che mi da i risultati della ricerca.
Ho una piccola rete casalinga con desktop, due portatili e una PS3. Il problema si verifica anche se i portatili e la PS3 sono spenti.
E' un virus, un malware, uno spyware o cosa ????? [V] [V] [V]
Avatar utente
tyger
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: mar ago 05, 2008 5:09 pm
Località: Andora

Re: Infezione GOOGLE ???

Messaggioda zenith » mar ago 02, 2011 7:51 pm

tyger ha scritto:I nostri sistemi hanno rilevato un traffico insolito proveniente dalla rete del tuo computer

Non stai usando programmi come TOR per l'anonimato online vero? In questi casi succede sempre.
Per iniziare posta un log di HijackThis e lancia una scansione con Malwarebites e vediamo cosa risulta... L'antivirus è regolarmente aggiornato?
[ciao]
«Our philosophy at “New Scientist” is this: science is interesting, and if you don’t agree you can fu** off.»
Avatar utente
zenith
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2778
Iscritto il: lun ago 13, 2007 3:31 pm
Località: Mola di Bari

Re: Infezione GOOGLE ???

Messaggioda Seba:-) » mar ago 02, 2011 7:53 pm

Mi sa proprio che il tuo PC è infetto, è google che ti avverte dell'infezione, vedi se lo screenshot combacia con la tua situzione:
post573330.html
Grazie Zane!
Avatar utente
Seba:-)
Silver Member
Silver Member
 
Messaggi: 1739
Iscritto il: ven nov 07, 2008 7:16 pm


Re: Infezione GOOGLE ???

Messaggioda Berga95 » mar ago 02, 2011 8:00 pm

Per caso hai Fastweb? Potrebbe anche non essere un malware.
Non è morto ciò che in eterno può attendere - e col passare di strani eoni - anche la morte può morire.
~ H.P. Lovecraft
Avatar utente
Berga95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3342
Iscritto il: sab set 12, 2009 12:56 pm

Re: Infezione GOOGLE ???

Messaggioda mattpillon » mar ago 02, 2011 8:14 pm

a me cose del genere capitano quando navigo in umts, cioè sotto nat. ho sempre pensato che fosse causato dalle tante richieste provenienti dallo stesso ip, che fanno scattare un qualche meccanismo di protezione di google.
...................
Avatar utente
mattpillon
MLI Expert
MLI Expert
 
Messaggi: 2362
Iscritto il: gio gen 21, 2010 4:09 pm
Località: marche

Re: Infezione GOOGLE ???

Messaggioda tyger » mar ago 02, 2011 8:57 pm

Non stai usando programmi come TOR

Assolutamente no!
Per caso hai Fastweb?

Ho Fastweb, quindi navigo sotto NAT se non erro.
Ho Avast aggiornato ma non rileva niente.
Mi riservo di effettuare una scansione con Hijackthis e con Malwarebytes come consigliato da 'zenith'.
Avatar utente
tyger
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: mar ago 05, 2008 5:09 pm
Località: Andora

Re: Infezione GOOGLE ???

Messaggioda Berga95 » mar ago 02, 2011 9:13 pm

tyger ha scritto:
Per caso hai Fastweb?

Ho Fastweb, quindi navigo sotto NAT se non erro.

Potrebbe esserne la causa, ciò avviene anche con i portatili?
tyger ha scritto:Mi riservo di effettuare una scansione con Hijackthis e con Malwarebytes come consigliato da 'zenith'.

[^]
Seba:-) ha scritto:Mi sa proprio che il tuo PC è infetto, è google che ti avverte dell'infezione, vedi se lo screenshot combacia con la tua situzione:
post573330.html

Tempo fa avevo visto quella schermata -non ricordo dove- ma era differente da quella da te citata [^] Ti dice che dall'IP tal dei tali è stato rilevato un traffico anomalo e ti invita a fare una scansione con un qualsiasi sw antivirus.
Uno screen di tyger potrebbe confermare la mia tesi [:)]

Aspettiamo HijackThis [^]
Non è morto ciò che in eterno può attendere - e col passare di strani eoni - anche la morte può morire.
~ H.P. Lovecraft
Avatar utente
Berga95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3342
Iscritto il: sab set 12, 2009 12:56 pm

Re: Infezione GOOGLE ???

Messaggioda farbix89 » mar ago 02, 2011 9:21 pm

Questo capita soprattutto se gli altri utenti sotto NAT (e quindi sotto lo stesso IP) sono infetti (ne so qualcosina...che seccatura queste NAT [:p] )

Google in teoria rileva il traffico anomalo degli altri che usano lo stesso IP condiviso.

Una controllatina non fa male [^]
Avatar utente
farbix89
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 14093
Iscritto il: ven feb 13, 2009 10:09 pm

Re: Infezione GOOGLE ???

Messaggioda Sabbb » mar ago 02, 2011 9:41 pm

tyger ha scritto:
Sono con Win7 64bit .
Hijach This non serve allora. Fai una scansione con Hitman Pro (attenzione a scaricare la versione corretta =64 bit) e vedi un po cosa dice. (se riesci ad inserire un log nel forum ,gli amici ti aiuteranno più facilmente) [;)] [ciao]
Avatar utente
Sabbb
Utente inattivo
 
Messaggi: 4483
Iscritto il: sab set 04, 2010 11:19 am

Re: Infezione GOOGLE ???

Messaggioda musicafelicia » mer ago 03, 2011 12:06 am

Ciao a tutti,ho estremo bisogno del vostro aiuto,non riesco ad accedede a google book e mi esce la schermata di "traffico insolito della rete".Ho fatto la scansione con avast(aggiornato)e risulta tutto ok.

Questo è il di Hijach This

Grazie Mille!!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:00:18, on 03/08/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\TOSHIBA\Music\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arccosine.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/it.special-uninstall ... 0ItSkhGTkg"&"inst=NzctNjE4NTI1MjIyLUZMKzktUUlYMSs0LVgyMDEwKzItTElDKzc3LUZMMTArMS1TUDErMS1TVUQrMS1TMUkrMS1TVTMrMS1UVUcrMy1ERFQrMA"&"prod=90"&"ver=10.0.1390
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\Windows\SysWOW64\IcdSptSv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14607 bytes
Avatar utente
musicafelicia
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: mer ago 03, 2011 12:01 am

Re: Infezione GOOGLE ???

Messaggioda musicafelicia » mer ago 03, 2011 12:30 am

scusate questo è il file giusto,grazie ancora.

ps.ho una connessione telecom

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:32:55, on 03/08/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\TOSHIBA\Music\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arccosine.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/it.special-uninstall ... 0ItSkhGTkg"&"inst=NzctNjE4NTI1MjIyLUZMKzktUUlYMSs0LVgyMDEwKzItTElDKzc3LUZMMTArMS1TUDErMS1TVUQrMS1TMUkrMS1TVTMrMS1UVUcrMy1ERFQrMA"&"prod=90"&"ver=10.0.1390
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\Windows\SysWOW64\IcdSptSv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15162 bytes
Avatar utente
musicafelicia
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: mer ago 03, 2011 12:01 am

Re: Infezione GOOGLE ???

Messaggioda musicafelicia » mer ago 03, 2011 7:47 am

Buongiorno a tutti,se riuscite a dare un'occhiata al mio file log mi fareste un piacere,non riesco ad usare google book e sono inchiodata con il lavoro,grazie mille!
Avatar utente
musicafelicia
Neo Iscritto
Neo Iscritto
 
Messaggi: 3
Iscritto il: mer ago 03, 2011 12:01 am

Re: Infezione GOOGLE ???

Messaggioda zenith » mer ago 03, 2011 9:51 am

Ciao e benvenuta [ciao]
Nel log fixerei queste voci...
Codice: Seleziona tutto
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

Qual è il problema che riscontri con Goolge Books esattamente?
«Our philosophy at “New Scientist” is this: science is interesting, and if you don’t agree you can fu** off.»
Avatar utente
zenith
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2778
Iscritto il: lun ago 13, 2007 3:31 pm
Località: Mola di Bari

Re: Infezione GOOGLE ???

Messaggioda sondlive07 » mer ago 03, 2011 10:33 am

per quello che capisco io hai troppe cose in avvio di windows, cose inutili che rallentano l'avvio del sistema operativo e che vanno secondo me rallentano e basta.....

per quanto riguarda le infezioni secondo me qualcosa di sospetto ci puo anche essere ma non ne sono convinto, aspetta il consiglio di persone competenti
Se fossi uno scultore ti scolpirei... Se fossi un cantautore ti canterei... Se fossi un pittore ti dipingerei... Ma sono solo un trombettista! [:)]
Avatar utente
sondlive07
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2446
Iscritto il: mar feb 02, 2010 8:52 pm
Località: casa mia

Re: Infezione GOOGLE ???

Messaggioda tyger » mer ago 03, 2011 5:43 pm

Ho riprovato, oggi, la ricerca Google con IE e con Firefox e tutto funziona. [boh]
Berga95 ha scritto:
Tempo fa avevo visto quella schermata -non ricordo dove...

oggi quella schermata non la vedo più, però ricordo che non alludeva a uno specifico IP.
Posto,comunque, il log di HiJackThis che vedo da me molto strano in quelle voci del file 'hosts' che non dovrebbero esserci.
In "...sytem32/drivers/etc/" il file, intanto, si chiama "hosts.new" e quelle voci apparentemente non si vedono,
anche se HiJackThis me le segnala... [uhm]
Grazie per l'attenzione e l'interessamento... [grazie] [grazie] [grazie]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:07, on 03/08/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\EXPERTool\TBPANEL.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
I:\Software\Virus\Trojan_Bagle\Troyan_Bagle_Nuovo\MegaLab.it_H_i_J_a_C_k_T_h_I_s.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 64.46.38.43 http://www.google.com
O1 - Hosts: 178.17.165.3 http://www.google.com
O1 - Hosts: 64.46.38.43 http://www.google.com.au
O1 - Hosts: 178.17.165.3 http://www.google.com.au
O1 - Hosts: 64.46.38.43 http://www.google.be
O1 - Hosts: 178.17.165.3 http://www.google.be
O1 - Hosts: 64.46.38.43 http://www.google.com.br
O1 - Hosts: 178.17.165.3 http://www.google.com.br
O1 - Hosts: 64.46.38.43 http://www.google.ca
O1 - Hosts: 178.17.165.3 http://www.google.ca
O1 - Hosts: 64.46.38.43 http://www.google.ch
O1 - Hosts: 178.17.165.3 http://www.google.ch
O1 - Hosts: 64.46.38.43 http://www.google.de
O1 - Hosts: 178.17.165.3 http://www.google.de
O1 - Hosts: 64.46.38.43 http://www.google.dk
O1 - Hosts: 178.17.165.3 http://www.google.dk
O1 - Hosts: 64.46.38.43 http://www.google.fr
O1 - Hosts: 178.17.165.3 http://www.google.fr
O1 - Hosts: 64.46.38.43 http://www.google.ie
O1 - Hosts: 178.17.165.3 http://www.google.ie
O1 - Hosts: 64.46.38.43 http://www.google.it
O1 - Hosts: 178.17.165.3 http://www.google.it
O1 - Hosts: 64.46.38.43 http://www.google.co.jp
O1 - Hosts: 178.17.165.3 http://www.google.co.jp
O1 - Hosts: 64.46.38.43 http://www.google.nl
O1 - Hosts: 178.17.165.3 http://www.google.nl
O1 - Hosts: 64.46.38.43 http://www.google.no
O1 - Hosts: 178.17.165.3 http://www.google.no
O1 - Hosts: 64.46.38.43 http://www.google.co.nz
O1 - Hosts: 178.17.165.3 http://www.google.co.nz
O1 - Hosts: 64.46.38.43 http://www.google.pl
O1 - Hosts: 178.17.165.3 http://www.google.pl
O1 - Hosts: 64.46.38.43 http://www.google.se
O1 - Hosts: 178.17.165.3 http://www.google.se
O1 - Hosts: 64.46.38.43 http://www.google.co.uk
O1 - Hosts: 178.17.165.3 http://www.google.co.uk
O1 - Hosts: 64.46.38.43 http://www.google.co.za
O1 - Hosts: 178.17.165.3 http://www.google.co.za
O1 - Hosts: 64.46.38.43 http://www.bing.com
O1 - Hosts: 178.17.165.3 http://www.bing.com
O1 - Hosts: 64.46.38.43 search.yahoo.com
O1 - Hosts: 178.17.165.3 search.yahoo.com
O1 - Hosts: 64.46.38.43 uk.search.yahoo.com
O1 - Hosts: 178.17.165.3 uk.search.yahoo.com
O1 - Hosts: 64.46.38.43 ca.search.yahoo.com
O1 - Hosts: 178.17.165.3 ca.search.yahoo.com
O1 - Hosts: 64.46.38.43 de.search.yahoo.com
O1 - Hosts: 178.17.165.3 de.search.yahoo.com
O1 - Hosts: 64.46.38.43 fr.search.yahoo.com
O1 - Hosts: 178.17.165.3 fr.search.yahoo.com
O1 - Hosts: 64.46.38.43 au.search.yahoo.com
O1 - Hosts: 178.17.165.3 au.search.yahoo.com
O1 - Hosts: 64.46.38.43 http://www.google-analytics.com
O1 - Hosts: 178.17.165.3 http://www.google-analytics.com
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit (mi-raysat_3dsmax2011_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceISD - Wacom Technology, Corp. - C:\Program Files\Tablet\ISD\ISD_Tablet.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11902 bytes
Avatar utente
tyger
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: mar ago 05, 2008 5:09 pm
Località: Andora

Re: Infezione GOOGLE ???

Messaggioda Hpmezzo » mer ago 03, 2011 6:01 pm

O1 - Hosts: 178.17.165.3 de.search.yahoo.com
O1 - Hosts: 64.46.38.43 fr.search.yahoo.com
O1 - Hosts: 178.17.165.3 fr.search.yahoo.com
O1 - Hosts: 64.46.38.43 au.search.yahoo.com

Modifica nel file HOSTS...
Le connessioni (ad esempio le ricerche effettuate con Google o Yahoo potrebbero essere dirottate verso siti "non attendibili".)
Azioni caldamente consigliate:
Prova ad effettuare una scansione con Analyze Process Scan e posta il log della scansione (questo ci aiuterà a identificare i processi in esecuzione e calcola MD5 per scoprirne di più sul processo).
Analyze Process Scan :
http://myhost300.altervista.org/Downloa ... ad/APS.rar
Prova ad aggiustare il file HOSTS con questa utilità Analyze HOSTS Controller:
http://www.myhost300.altervista.org/Dow ... roller.exe
Mi piacerebbe tanto essere un hacker...Non per entrare nei sistemi informatici ma per entrare nel tuo cuore e non uscirne più! [Hpmezzo]
Avatar utente
Hpmezzo
Bronze Member
Bronze Member
 
Messaggi: 541
Iscritto il: sab giu 21, 2008 2:05 pm

Re: Infezione GOOGLE ???

Messaggioda tyger » gio ago 04, 2011 5:45 pm

Hpmezzo scrive:
Modifica nel file HOSTS...

Nel file Hosts c'è di certo qualcosa che non và.
Le righe che mi sagnala HiJackThis, se entro nel file, non si vedono;
inoltre lo stesso HiJackThis, prima di inziare la scansione mi dà questo messaggio:
For some reasonyour system denied write access to the Hosts file.
If any hijacked domains are in this file, HiJackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself.

e quindi anch'esso non riesce a fixarle.
Posto il log della scansione con APS e Analyze HOSTS Controller segnala col RoolBack "0 file copiati e nient'altro.

Tipo S.O : WIN_7
Data : 04\08\2011
================================================================
Percorso : ExecutablePath
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\csrss.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\csrss.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\wininit.exe
Hash : B5C5DCAD3899512020D135600129D665
================================================================
================================================================
Percorso : C:\Windows\system32\winlogon.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\services.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\lsass.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\lsm.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\system32\nvvsvc.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\System32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\System32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
Hash : 30255581011C2BCDDE9F4873868839BA
================================================================
================================================================
Percorso : C:\Windows\system32\nvvsvc.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\SYSTEM32\WISPTIS.EXE
Hash : -1
================================================================
================================================================
Percorso : C:\Program Files\AVAST Software\Avast\AvastSvc.exe
Hash : 20757C632ACA98B73FB022C5B87F3753
================================================================
================================================================
Percorso : C:\Windows\System32\spoolsv.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
Hash : ABDD5AD016AFFD34AD40E944CE94BF59
================================================================
================================================================
Percorso : C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
Hash : 1992C2A1867D95AA3A0802539358D162
================================================================
================================================================
Percorso : C:\Windows\system32\taskhost.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\SYSTEM32\WISPTIS.EXE
Hash : -1
================================================================
================================================================
Percorso : C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
Hash : 2DC0C4DE960A20BC2840D72E7B98A144
================================================================
================================================================
Percorso : C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
Hash : 2DC64A3446C8C6E020E781456B46573D
================================================================
================================================================
Percorso : C:\Windows\system32\Dwm.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\Explorer.EXE
Hash : AC4C51EB24AA95B77F705AB159189E24
================================================================
================================================================
Percorso : C:\ProgramData\DatacardService\DCService.exe
Hash : CC8B5C964B777F4EC3E89F13B4B5FF0F
================================================================
================================================================
Percorso : C:\ProgramData\DatacardService\DCSHelper.exe
Hash : 64F7F3EAC45A39609A2DC77FF01BC2A1
================================================================
================================================================
Percorso : C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
Hash : 0AF89452A8CE3928168F4E5B2208C68B
================================================================
================================================================
Percorso : C:\Program Files\Microsoft LifeCam\MSCamS64.exe
Hash : A592A054D78750B4D73ABAA4C94DECDF
================================================================
================================================================
Percorso : C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
Hash : 48074A880062F14FDA9ACFCD20D35DB1
================================================================
================================================================
Percorso : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Hash : E911095B4E3A6256F5137689C8D96EF9
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Program Files\Tablet\ISD\ISD_Tablet.exe
Hash : 403ACE4481E11C153C82BFAA1074F996
================================================================
================================================================
Percorso : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Hash : 7E47C328FC4768CB8BEAFBCFAFA70362
================================================================
================================================================
Percorso : C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
Hash : 3D8C1A39AF2A53535BFFC0950DFC081B
================================================================
================================================================
Percorso : C:\Program Files\Tablet\ISD\ISD_Tablet.exe
Hash : 403ACE4481E11C153C82BFAA1074F996
================================================================
================================================================
Percorso : C:\Program Files\Tablet\CalibrationAssistant.exe
Hash : 647491A1448CAA532C20ADEBAD7C5687
================================================================
================================================================
Percorso : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
Hash : 70A176BF2ED362862944C371838262F8
================================================================
================================================================
Percorso : C:\Program Files\Microsoft IntelliPoint\ipoint.exe
Hash : 0080231EC57D26B380F630CC790DAB85
================================================================
================================================================
Percorso : C:\Program Files\ASUS\EeeNoteSync\EeeNoteSync.exe
Hash : 37D10B78704400AF3C791A0F22E38789
================================================================
================================================================
Percorso : C:\Program Files (x86)\EXPERTool\TBPANEL.exe
Hash : E289F991D355BEE11B6AA2C07A3D758A
================================================================
================================================================
Percorso : C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
Hash : 51C8885B6A00904C0252704C9FB0F43A
================================================================
================================================================
Percorso : C:\Program Files\AVAST Software\Avast\AvastUI.exe
Hash : C8EEF1197422A9165363C3A6B41F94EB
================================================================
================================================================
Percorso : C:\Windows\system32\SearchIndexer.exe
Hash : 622D95520182F6D3D05310D5810CA8B3
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Program Files\Windows Media Player\wmpnetwk.exe
Hash : A9F3BFC9345F49614D5859EC95B9E994
================================================================
================================================================
Percorso : C:\Windows\system32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\System32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
Hash : A8B7F3818AB65695E3A0BB3279F6DCE6
================================================================
================================================================
Percorso : C:\Windows\system32\DllHost.exe
Hash : A63DC5C2EA944E6657203E0C8EDEAF61
================================================================
================================================================
Percorso : C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
Hash : C7DE4414D5F6F9373F913CB86262D512
================================================================
================================================================
Percorso : C:\Windows\System32\svchost.exe
Hash : 54A47F6B5E09A77E61649109C6A08866
================================================================
================================================================
Percorso : C:\Windows\system32\wuauclt.exe
Hash : -1
================================================================
================================================================
Percorso : C:\APS\Scan.exe
Hash : 3735B86F44B525CF8B52C5D8F365157C
================================================================
================================================================
Percorso : C:\Windows\SysWOW64\cmd.exe
Hash : AD7B9C14083B52BC532FBA5948342B98
================================================================
================================================================
Percorso : C:\Windows\system32\conhost.exe
Hash : -1
================================================================
================================================================
Percorso : C:\Windows\SysWOW64\Wbem\WMIC.exe
Hash : A03CF3838775E0801A0894C8BACD2E56
================================================================
================================================================
Percorso : C:\Windows\system32\wbem\wmiprvse.exe
Hash : 4FB491AC8D46AAF22BA8BC5C73DABEF7
================================================================
Avatar utente
tyger
Aficionado
Aficionado
 
Messaggi: 74
Iscritto il: mar ago 05, 2008 5:09 pm
Località: Andora

Re: Infezione GOOGLE ???

Messaggioda GHENZ » gio ago 04, 2011 7:11 pm

Non capisco niente in sicureza pero quell messaggio non esce se HiJackThis si esegue come Amministratore.Avast pure blocca hijackthis tramite Protezione di comportamento se sono spuntate tutte le voci nelle impostazoni avanzate
Live your Dream and don't run after the money
Avatar utente
GHENZ
Senior Member
Senior Member
 
Messaggi: 156
Iscritto il: sab gen 15, 2011 12:19 pm

Re: Infezione GOOGLE ???

Messaggioda zenith » gio ago 04, 2011 8:07 pm

Sabbb ha scritto:
tyger ha scritto:
Sono con Win7 64bit .
Hijach This non serve allora. Fai una scansione con Hitman Pro (attenzione a scaricare la versione corretta =64 bit) e vedi un po cosa dice. (se riesci ad inserire un log nel forum ,gli amici ti aiuteranno più facilmente) [;)] [ciao]

Ciao tyger. Come segnala giustamente Sabbb, correggendo la mia svista iniziale, Hijackthis non è pienamente compatibile con Win7 64bit. E' probabile quindi che i messaggi di errore siano legati a questo.
Nel frattempo aspetta che qualcuno traduca il log che hai postato, e lancia la scansione proposta da Sabbb.
C'è un problema con il file hosts, questo è chiaro, ma se dici che aprendolo non visualizzi quelle voci, e se Hthis non è compatibile non mi lancerei a fixare.
«Our philosophy at “New Scientist” is this: science is interesting, and if you don’t agree you can fu** off.»
Avatar utente
zenith
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2778
Iscritto il: lun ago 13, 2007 3:31 pm
Località: Mola di Bari

Re: Infezione GOOGLE ???

Messaggioda Hpmezzo » ven ago 05, 2011 8:10 am

Devi eseguire APS come amministratore .. Intando sto controllando gli hash...
Mi piacerebbe tanto essere un hacker...Non per entrare nei sistemi informatici ma per entrare nel tuo cuore e non uscirne più! [Hpmezzo]
Avatar utente
Hpmezzo
Bronze Member
Bronze Member
 
Messaggi: 541
Iscritto il: sab giu 21, 2008 2:05 pm

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 10 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising