Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Controllo log. Opzioni
loppa
Inviato: Thursday, March 27, 2008 9:29:51 PM
Rank: AiutAmico

Iscritto dal : 8/11/2005
Posts: 108
Salve amici, probabilmante ho infettato il PC. Mi si è installato un programma tale "180 solutions" che si apre in continuazione e mi dice che nel PC ci sono degli spyware. Vi sarei grato se mi potete controllare il log: Grazie Aldo


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.13.06, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\Programmi\Folder Shield\FSService.exe
F:\Programmi\Folder Shield\fsp.exe
F:\WINDOWS\system32\lvhidsvc.exe
F:\Programmi\CyberLink\Shared Files\RichVideo.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\sbwltbxa.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINDOWS\system32\ctfmona.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Programmi\LHSP\L&H Power Translator Pro\ptpro.exe
F:\Programmi\Internet Explorer\iexplore.exe
F:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Documents and Settings\Aldo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=F:\WINDOWS\SYSTEM32\Userinit.exe,F:\WINDOWS\system32\sbwltbxa.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "F:\Programmi\StarModem\StarModem USB Network\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ctfmona] F:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [WinIFixer] F:\Programmi\WinIFixer\WinIFixer.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA858] command /c del "F:\WINDOWS\mspphe.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1859] cmd /c del "F:\WINDOWS\mspphe.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2351] command /c del "F:\WINDOWS\bjam.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1256] cmd /c del "F:\WINDOWS\bjam.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4290] command /c del "F:\WINDOWS\2020search2.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1837] cmd /c del "F:\WINDOWS\2020search2.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8459] command /c del "F:\WINDOWS\2020search.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6311] cmd /c del "F:\WINDOWS\2020search.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1384] command /c del "F:\WINDOWS\cdsm32.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8159] cmd /c del "F:\WINDOWS\cdsm32.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1876] command /c del "F:\WINDOWS\system32\WER8274.DLL_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4165] cmd /c del "F:\WINDOWS\system32\WER8274.DLL_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6832] command /c del "F:\WINDOWS\system32\MSIXU.DLL_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3914] cmd /c del "F:\WINDOWS\system32\MSIXU.DLL_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4364] command /c del "F:\WINDOWS\mspphe.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9261] cmd /c del "F:\WINDOWS\mspphe.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB966] command /c del "F:\WINDOWS\bjam.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4270] cmd /c del "F:\WINDOWS\bjam.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7783] command /c del "F:\WINDOWS\2020search2.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1487] cmd /c del "F:\WINDOWS\2020search2.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3675] command /c del "F:\WINDOWS\2020search.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7851] cmd /c del "F:\WINDOWS\2020search.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7878] command /c del "F:\WINDOWS\cdsm32.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3497] cmd /c del "F:\WINDOWS\cdsm32.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1485] command /c del "F:\WINDOWS\system32\WER8274.DLL_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2037] cmd /c del "F:\WINDOWS\system32\WER8274.DLL_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3266] command /c del "F:\WINDOWS\system32\MSIXU.DLL_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4207] cmd /c del "F:\WINDOWS\system32\MSIXU.DLL_tobedeleted"
O4 - HKLM\..\Policies\Explorer\Run: [DvVideo32] F:\WINDOWS\dvvid32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - F:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - F:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103402189425
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ercappe1614.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - file://H:\SOFTWARE\MagicMovie\setup.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: FSService - Unknown owner - F:\Programmi\Folder Shield\FSService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote HID Service (LvHidSvc) - Animation Technologies Inc. - F:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - F:\Programmi\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10152 bytes
Sponsor
Inviato: Thursday, March 27, 2008 9:29:51 PM

 
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.