Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Sono spiato? Cosa mi sta succedendo? Opzioni
piero
Inviato: Sunday, January 10, 2010 4:19:09 PM
Rank: Member

Iscritto dal : 12/25/2000
Posts: 15
Salve,
da un po' di tempo ho notato che se faccio doppio clic su "connessioni di rete" c'è un alto traffico in entrata ed in uscita pur non avendo particolari programmi in esecuzione, nè peer to peer nè torrent, per ora ho dato la colpa all'antivirus GDATA. Oggi però una mia amica mi ha detto che una mia email che le ho inviato dava come luogo di provenienza Reggio Emilia mentre io abito a Ragusa, per cui mi sto preoccupando. Avete qualche idea? Il sistema operativo è Windows XP Professional SP3 ed utilizzo una connessione adsl flat di Alice. Sono connesso al router WI-FI Sitecom tramite cavo di rete e per la connessione WI-FI è impostata la password. Grazie
Sponsor
Inviato: Sunday, January 10, 2010 4:19:09 PM

 
monsee
Inviato: Sunday, January 10, 2010 6:03:54 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
La tua amica, seppure in piena buonafede, potrebbe anche essersi sbagliata...
Da quel che riporti, è assai difficile ipotizzar che tu venga "spiato".
Tuttavia, se vuoi avviare un piccolo controllo, ti suggerisco di scaricar, da Aiutamici, HijackThis, lanciarlo in scansione (in Modalità Normale, per ottenerne il LOG) e poi venire qui a postare il LOG che ti risulterà dalla scansione. Gli esperti potran valutarlo e dirti se risulta qualcosa di sospetto.
piero
Inviato: Sunday, January 10, 2010 8:09:54 PM
Rank: Member

Iscritto dal : 12/25/2000
Posts: 15
Salve, questo è il log di HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.09.34, on 10/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Programmi\G DATA\InternetSecurity\AVKTray\AVKTray.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\SkypeMate\SkypeMate.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Adobe\Photoshop Elements 5.0

\PhotoshopElementsFileAgent.exe
C:\Programmi\File comuni\G DATA\AVKProxy\AVKProxy.exe
C:\Programmi\G DATA\InternetSecurity\AVK\AVKService.exe
C:\Programmi\G DATA\InternetSecurity\AVK\AVKWCtl.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File

comuni\Acronis\Fomatik\TrueImageTryStartService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Piero\Documenti\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?

LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Programmi\File

comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-

0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-

484f-8273-0445EE161910} - C:\Programmi\File

comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-

BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-

EABFE594F69C} - C:\Programmi\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} -

C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

/Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [GDFirewallTray] C:\Programmi\G

DATA\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication]

C:\Programmi\G DATA\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader]

"C:\Programmi\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher]

"C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0]

"C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File

comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding

-boot
O4 - HKLM\..\Run: [PaperPort PTD]

"C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch]

"C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder]

"C:\Programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents

and Settings\All Users\Dati applicazioni\ScanSoft\PaperPort\11

\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd]

C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3]

C:\Programmi\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [CanonSolutionMenu]

C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter]

C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [TrueImageMonitor.exe]

C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor]

C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File

comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType

Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6

\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File

comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -

launchedbylogin
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep

0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools

Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe"

/nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'Default user')
O4 - Startup: SkypeMate.lnk = C:\Programmi\SkypeMate\SkypeMate.exe
O8 - Extra context menu item: Append Link Target to Existing PDF -

res://C:\Programmi\File

comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLi

nks.html
O8 - Extra context menu item: Append to Existing PDF -

res://C:\Programmi\File

comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF -

res://C:\Programmi\File

comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelL

inks.html
O8 - Extra context menu item: Convert to Adobe PDF -

res://C:\Programmi\File

comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htm

l
O8 - Extra context menu item: E&sporta in Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-

4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12

\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-

d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-

11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {950D732B-EF81-4DC0-A7F2-8A46D94CF55C} (UltraMJCamX

Class) - http://192.168.0.101/UltraMJCamX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash

.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-

3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

- C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -

C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5

(AdobeActiveFileMonitor5.0) - Unknown owner -

C:\Programmi\Adobe\Photoshop Elements 5.0

\PhotoshopElementsFileAgent.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software

AG - C:\Programmi\File comuni\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG

- C:\Programmi\G DATA\InternetSecurity\AVK\AVKService.exe
O23 - Service: Guardiano AntiVirus (AVKWCtl) - G DATA Software AG

- C:\Programmi\G DATA\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. -

C:\Programmi\File comuni\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA

Software AG - C:\Programmi\G

DATA\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG -

C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Acronis Try And Decide Service

(TryAndDecideService) - Unknown owner - C:\Programmi\File

comuni\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 -

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11692 bytes
a.roselli
Inviato: Sunday, January 10, 2010 8:14:20 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,055
Puoi reinserire il log, questo e tutto spezzettato, non viene letto dal servizio di controllo.

Copialo in una sola volta dal blocco note e incollalo nuovamente qui nel forum.


alfonso_aiutamici@hotmail.it

monsee
Inviato: Sunday, January 10, 2010 8:33:56 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Hai postato il LOG, sì, però spostando le varie righe... sicché chi deve analizzarlo, prima, deve faticare un po' a rimetter tutto a posto...
Ti riposto il LOG, ma già "rimesso a posto":

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.09.34, on 10/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Programmi\G DATA\InternetSecurity\AVKTray\AVKTray.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\SkypeMate\SkypeMate.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmi\File comuni\G DATA\AVKProxy\AVKProxy.exe
C:\Programmi\G DATA\InternetSecurity\AVK\AVKService.exe
C:\Programmi\G DATA\InternetSecurity\AVK\AVKWCtl.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Piero\Documenti\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE/Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [GDFirewallTray] C:\Programmi\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Programmi\G DATA\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding-boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmi\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" - launchedbylogin
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe"/background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON ToolsLite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe"/nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SkypeMate.lnk = C:\Programmi\SkypeMate\SkypeMate.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\NetworkDiagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {950D732B-EF81-4DC0-A7F2-8A46D94CF55C} (UltraMJCamXClass) - http://192.168.0.101/UltraMJCamX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V5(AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Programmi\File comuni\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Programmi\G DATA\InternetSecurity\AVK\AVKService.exe
O23 - Service: Guardiano AntiVirus (AVKWCtl) - G DATA Software AG - C:\Programmi\G DATA\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Programmi\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programmi\File comuni\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Così, se qualche anima buona passa e se lo vuol studiare, non deve prima "ricostruirselo"...

Personalmente, ho trovato alcune voci che si potrebbero anche eliminare, ma non perché son nocive, bensì, semplicemente, perché serve a poco averle attive allo startup...
Però, ammetto che c'è gente, qui, che ne sa parecchio più di me, per cui sarà magari in grado di forare anche le nere tenebre in cui brancolo io...
La mia opinione è che tu Shame on you NONNot talking sei "spiato". Ma, se te la conferma uno pià in gamba di me, magari, sarebbe decisamente meglio.
a.roselli
Inviato: Sunday, January 10, 2010 8:55:14 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,055
Grazie Monsee per la correzione.

Piero, il log è pulito, a meno che non hai qualche virus, prova a fare una scansione Antivirus in modalità provvisoria, riavvia il computer e prima che inizi a caricarsi il windows, ovvero appena dopo che scompare la schermata iniziale del BIOS, premi ripetuttamente il tasto F8 e nel menu seleziona AVVIO IN MODALITA' PROVVISORIA

Per quanto riguarda il traffico internet è normale, vari programmi come gli Update Microsoft, dell'antivirus e simili, si connettono automaticamente per controllare se ci sono aggiornamenti e provvedono a scaricarli, è tutto normale.


alfonso_aiutamici@hotmail.it

monsee
Inviato: Sunday, January 10, 2010 9:09:58 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Grazie a te, Alfonso: il tuo giudizio sull'analisi del LOG (data la tua esperienza) è una conferma assai importante.
piero
Inviato: Sunday, January 10, 2010 9:23:47 PM
Rank: Member

Iscritto dal : 12/25/2000
Posts: 15
Grazie di tutto, ero preoccupato.... proverò allora a fare la scansione antivirus. Ma il discorso dell'email che cos'era? A me il luogo di provenienza delle email ricevute non compare...
a.roselli
Inviato: Sunday, January 10, 2010 9:41:09 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,055
Questo devi chiederlo alla tua amica, dove ha letto la provenienza, in ogni caso se il tuo antivirus è aggiornato non è un tuo problema.


alfonso_aiutamici@hotmail.it

Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.