Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Virus con eBay ? Opzioni
enzino85
Inviato: Friday, February 01, 2013 9:35:46 PM

Rank: AiutAmico

Iscritto dal : 9/12/2008
Posts: 76
Quando mi connetto ad eBay mi appare una pagina con il messaggio :
Si e' verificata un attivita' sospetta. Il Suo account e' stato bloccato.
Poi una maschera per il reinserimento dei miei dati, compresa la carta di credito.
Allego il log HijackThis.
E' un virus oppure ....
Grazie.
************************************************************
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.20.53, on 01/02/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programmi\Sicurezza\SASCORE.EXE
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Programmi\ASUS\AAHM\1.00.12\aaHMSvc.exe
C:\Programmi\File comuni\AVerMedia\Service\AVerRemote.exe
C:\Programmi\File comuni\AVerMedia\Service\AVerScheduleService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\MAGIX Services\Database\bin\FABS.exe
C:\Programmi\Java\jre7\bin\jqs.exe
D:\Programmi\Utility\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\PSIService.exe
D:\Programmi\Diskutility\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Spyware Terminator\st_rsser.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Zune\ZuneBusEnum.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Programmi\ATI Multimedia\main\launchpd.exe
C:\Programmi\ATI Multimedia\main\ATIDtct.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Keyboard LEDs\KeyboardLeds.exe
D:\Programmi\Utility\AutoHideDesktopIcons\AutoHideDesktopIcons.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
D:\Programmi\Diskutility\totalcmd\TOTALCMD.EXE
D:\Programmi\Microsoft Office\Office12\WINWORD.EXE
C:\Programmi\Microsoft Silverlight\4.1.10329.0\agcp.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeSearchInstallRTM?clid=1040&ver=12&app=outlook.exe&p1=32&p2=5&p3=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Programmi\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Programmi\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [KeyboardLeds.exe] "C:\Programmi\Keyboard LEDs\KeyboardLeds.exe"
O4 - HKCU\..\Run: [AutoHideDesktopIcons] "D:\Programmi\Utility\AutoHideDesktopIcons\AutoHideDesktopIcons.exe" -bg
O4 - Global Startup: Collegamento a Connessione ADSL.bat.lnk = C:\Documents and Settings\All Users\Menu Avvio\Programmi\_Mia\All Mixer\Connessione ADSL.bat
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Shareiiit options - {38771E1F-85E0-4A3E-92D8-1D7E62C32719} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Programmi\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BA66152-A1CC-4104-9874-570B63BEEA3F}: NameServer = 85.37.17.5 85.38.28.77
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BA66152-A1CC-4104-9874-570B63BEEA3F}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Programmi\Sicurezza\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Programmi\Sicurezza\SASCORE.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Programmi\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Programmi\ASUS\AAHM\1.00.12\aaHMSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVerRemote - AVerMedia - C:\Programmi\File comuni\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Programmi\File comuni\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Programmi\File comuni\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmi\File comuni\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - D:\Programmi\Utility\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - D:\Programmi\Diskutility\Macrium\Reflect\ReflectService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Programmi\Spyware Terminator\st_rsser.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11384 bytes
Sponsor
Inviato: Friday, February 01, 2013 9:35:46 PM

 
enzino85
Inviato: Saturday, February 02, 2013 3:37:39 PM

Rank: AiutAmico

Iscritto dal : 9/12/2008
Posts: 76
Annullo la mia richiesta di aiuto !
Il problema si presentava solo se usavo Firefox.
Ho fatto un po' di pulizia ed ho risolto.
Un saluto a tutti.


cbbusto
Inviato: Saturday, February 02, 2013 5:18:40 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
enzino85 ha scritto:
Annullo la mia richiesta di aiuto !
Il problema si presentava solo se usavo Firefox.
Ho fatto un po' di pulizia ed ho risolto.
Un saluto a tutti.




Ciao enzino, ti conviene mettere RISOLTO nel titolo del topic, grazie. Speak to the hand
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.