Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log da controllare, riferim. post windows xp , topic "problemi con avvio pc"

Log da controllare, riferim. post windows xp , topic "problemi con avvio pc" Opzioni
Topic Precedente · Topic Sucessivo
phils
Inviato: Friday, March 05, 2010 8:34:54 AM
Rank: AiutAmico

Iscritto dal : 3/19/2007
Posts: 166
Vi posto un log da controllare , in riferimento al topic su Windows xp " problemi con avvio pc "

Grazie a tutti

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.19.59, on 05/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\PaperCut Print Logger\pcpl.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\Pmxmiced.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\Intel\AMT\atchk.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\IncrediMail\Bin\ImApp.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aceaintranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell-row-rel&channel=it&ibd=1071128
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aceaspa.it:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [atchk] "C:\Programmi\Intel\AMT\atchk.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Save Flash - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Save YouTube Video - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267711258578
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\Software\..\Telephony: DomainName = aceaspa.it
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS10\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS11\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS12\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS13\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS14\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS15\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS16\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS17\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS18\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS19\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS20\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS21\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS22\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS23\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS24\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS25\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS26\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS27\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS28\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS29\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS30\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS31\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS32\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS33\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS34\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS35\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS36\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS37\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS38\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS39\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS40\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS41\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS42\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS43\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS44\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS45\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS46\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS47\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS48\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS49\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS50\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS51\Services\Tcpip\Parameters: Domain = aceaspa.it
O17 - HKLM\System\CS52\Services\Tcpip\Parameters: Domain = aceaspa.it
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\Skype4COM.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Programmi\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: OracleOraHome811ClientCache - Unknown owner - C:\orasip\ora81\BIN\ONRSD.EXE
O23 - Service: PaperCut Print Logger (PCPrintLogger) - PaperCut Software International Pty Ltd - C:\Programmi\PaperCut Print Logger\pcpl.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10972 bytes
Torna in alto
 
Sponsor
Inviato: Friday, March 05, 2010 8:34:54 AM

 
Torna in alto
 
paolopa
Inviato: Friday, March 05, 2010 9:04:30 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
c è questo pcpl.exe che non mi convince molto,lo faresti analizzare su virustotal? O23 - Service: PaperCut Print Logger (PCPrintLogger) - PaperCut Software International Pty Ltd - C:\Programmi\PaperCut Print Logger\pcpl.exe
http://www.virustotal.com/it/
Torna in alto
 
phils
Inviato: Friday, March 05, 2010 11:08:17 AM
Rank: AiutAmico

Iscritto dal : 3/19/2007
Posts: 166
Per paolopa : a titolo informativo papercut print logger è un programma che ho installato io
per controllare in mia assenza (ho la stampante in rete condivisa con alcuni colleghi ), chi lascia
acceso il pc dopo l'uso . PCPL.EXE è l'eseguibile di questo programma .
Torna in alto
 
paolopa
Inviato: Friday, March 05, 2010 11:30:53 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
si,immaginavo che fosse un processo legittimo,ma mi ero imbattuto in questo: http://www.prevx.com/filenames/1070857161366955208-X1/PCPL.EXE.html ed allora mi sono detto che forse era meglio controllare.scusa per la perdita di tempo.
Torna in alto
 
r16
Inviato: Friday, March 05, 2010 1:23:23 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Tutte quelle voci 017 sono un'anomalia.
prova a eliminarle tutte.
Se riscontri problemi di connessione, le ripristiniamo. (non tutte)
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log da controllare, riferim. post windows xp , topic "problemi con avvio pc"


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.