Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log

Controllo log Opzioni
Topic Precedente · Topic Sucessivo
andread81
Inviato: Sunday, December 25, 2011 12:55:49 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
Ciao, visto che recentemente ho avuto un pò di rogne con Trojan e virus (pure quello cosiddetto della Guarda di Finanza), mi dareste una controllatina al log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12.54.19, on 25/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Programmi\Megatec\UPSilon 2000\RupsMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\VEXPLite\viritsvc.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmi\Microsoft Security Client\msseces.exe
C:\VEXPLite\MONLITE.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Megatec\UPSilon 2000\Monw32.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Programmi\Megatec\UPSilon 2000\USBMate.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\VEXPLite\viritexp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2475029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programmi\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programmi\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Programmi\Save Flash\SaveFlash.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Programmi\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Programmi\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Programmi\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Programmi\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Programmi\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Programmi\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Programmi\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Programmi\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSC] "c:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [BootRacer] "C:\Programmi\BootRacer\Bootrace.exe" /2
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Rupsmon Daemon.lnk = ?
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6F42886-DCF9-438E-989E-22A2FC28B5DB}: NameServer = 85.37.17.13 85.38.28.81
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: BootRacerServ - Greatis Software, LLC - C:\Programmi\BootRacer\BootRacerServ.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Programmi\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Programmi\Megatec\UPSilon 2000\RupsMon.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBMate - Mega Corp. - C:\Programmi\Megatec\UPSilon 2000\USBMate.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe

--
End of file - 10446 bytes


Grazie in anticipo a chi mi sarà una mano, e ovviamente auguriBoo hoo!
Torna in alto
 
Sponsor
Inviato: Sunday, December 25, 2011 12:55:49 PM

 
Torna in alto
 
cbbusto
Inviato: Monday, December 26, 2011 6:24:40 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Hai diversi programmi della Megatec\UPSilon 2000 li conosci, li usi ? Altrimenti eliminali.
Poi hai 2 antivirus, rimuovi Virit, altrimenti creano conflitti.
Poi chiudi tutti i programmi e disconnesso fixa le seguenti voci:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2475029

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programmi\Canon\Easy-WebPrint EX\ewpexhlp.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Programmi\Save Flash\SaveFlash.dll (file missing)

O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Programmi\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Programmi\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"

O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Programmi\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Programmi\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Programmi\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Programmi\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"

O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Programmi\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Programmi\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Policies\Explorer\Run: [BootRacer] "C:\Programmi\BootRacer\Bootrace.exe" /2

O4 - Global Startup: Rupsmon Daemon.lnk = ?

O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe

Poi installa QUESTO sw, lo aggiorni e poi fai una
scansione COMPLETA non rapida, elimina quello che trova, posta il log.
Fai una pulizia con Ccleaner compreso il Registro.
Vai in C:\windows, cerca la cartella Prefetch la apri e la svuoti completamente.
Poi disattiva il ripristino configurazione di sistema
start,pannello di controllo,sistema,configurazione di sistema,metti la spunta a
"disattiva ripristino configurazione di sistema su tutte le unita'",applica,ok.
spegni e riaccendi il pc e fai l operazione inversa per riattivarlo.

Fai sapere. Ciao
Torna in alto
 
andread81
Inviato: Monday, December 26, 2011 7:51:13 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
cbbusto ha scritto:
Hai diversi programmi della Megatec\UPSilon 2000 li conosci, li usi ? Altrimenti eliminali

Intanto grazie del contributo. Rispondo subito a questo perchè la so: è il software di gestione del gruppo di continuità. Ho installato VirIt solo di recente per eliminare un virus (quello noto come della GdF) che era sfuggito a MSE e scansionando ha beccato altre 2 minacce non rilevate da MSE. Ad ogni modo leggendo un post di un altro utente, ho letto che posso lasciarlo installato ma non in realtime.
Per il resto seguo le istruzioni e ti faccio sapere.Applause
Torna in alto
 
andread81
Inviato: Monday, December 26, 2011 9:28:46 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
Fixate le voci, scaricato, aggiornato e lanciato MAM e con questo log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versione database: 911122603

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/12/2011 21.08.23
mbam-log-2011-12-26 (21-08-23).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 300139
Tempo impiegato: 52 minuti, 37 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

Adesso cancello la cartella che mi hai indicato e pulisco la modalità provvisoria.
Torna in alto
 
cbbusto
Inviato: Monday, December 26, 2011 9:33:39 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Allora virit disattivalo, il pc ha qualche altro problema ?
Riposta un log di HJT aggiornato. Ciao
Torna in alto
 
andread81
Inviato: Thursday, January 05, 2012 4:41:08 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
cbbusto ha scritto:
Allora virit disattivalo, il pc ha qualche altro problema ?
Riposta un log di HJT aggiornato. Ciao

Ed ecco la versione aggiornata del log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.40.49, on 05/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Programmi\Megatec\UPSilon 2000\RupsMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\VEXPLite\viritsvc.exe
C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programmi\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\File comuni\SureThing Shared\stllssvr.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\Programmi\emule\emule.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programmi\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\I-Storm USB ADSL Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Programmi\Agnitum\Outpost Firewall\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [MSC] "c:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6F42886-DCF9-438E-989E-22A2FC28B5DB}: NameServer = 85.37.17.13 85.38.28.81
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: BootRacerServ - Greatis Software, LLC - C:\Programmi\BootRacer\BootRacerServ.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Programmi\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Programmi\Megatec\UPSilon 2000\RupsMon.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBMate - Mega Corp. - C:\Programmi\Megatec\UPSilon 2000\USBMate.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe

--
End of file - 8888 bytes
Torna in alto
 
cbbusto
Inviato: Thursday, January 05, 2012 7:31:16 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao, il log è a posto, il pc va bene ?
Torna in alto
 
andread81
Inviato: Saturday, January 07, 2012 12:20:27 AM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
cbbusto ha scritto:
Ciao, il log è a posto, il pc va bene ?

Niente da segnalare a parte che ogni tanto se ho la connessione attiva e lavoro in alcune cartelle del PC mi compare questo messaggio di errore: http://imageshack.us/f/706/immagineqsr.jpg/

Per il resto no problema grazie intantoBoo hoo! Applause
Torna in alto
 
cbbusto
Inviato: Saturday, January 07, 2012 12:47:42 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Fai una passata con QUESTO sw, ripara molti errori
di windows.
Torna in alto
 
andread81
Inviato: Saturday, January 07, 2012 11:35:00 AM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
cbbusto ha scritto:
Fai una passata con QUESTO sw, ripara molti errori
di windows.

Ma quante ne sai!!!!!! Grazie 1000 ti farò sapere se trova qualcosa.Applause
Torna in alto
 
andread81
Inviato: Tuesday, January 10, 2012 9:33:20 PM

Rank: AiutAmico

Iscritto dal : 4/1/2010
Posts: 402
Il problema resta... ho provato ad aprire un topic dedicato vediamo se qualcuno sa aiutarmi. Grazie comunqueApplause
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.