Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo file log hijack this

Controllo file log hijack this Opzioni
Topic Precedente · Topic Sucessivo
vice22
Inviato: Wednesday, July 01, 2009 9:12:42 AM
Rank: Newbie

Iscritto dal : 7/1/2009
Posts: 2
Salve a tutti,
sono un nuovo utente e come la maggior parte ho dei problemi riguardo la navigazione in internet, ovvero con l'apertura continua di pagine internet indesiderate.
Questo è l'unico sito che finalmente mi ha spiegato come fare, quindi posto ora il mio file log.
Vi ringrazio in anticipo!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.54.17, on 01/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\documents and settings\manuel\impostazioni locali\dati applicazioni\kcigecs.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\3\FastMobileModem\MMModem.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Manuel\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pando] "C:\Programmi\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kcigecs] "c:\documents and settings\manuel\impostazioni locali\dati applicazioni\kcigecs.exe" kcigecs
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://gsfs-eu.lge.com
O15 - Trusted Zone: *.sec.samsung.com
O15 - Trusted Zone: *.samsungportal.com
O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} (ClientEXE Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/CM_ClientEXE.cab
O16 - DPF: {0A2233AD-E771-11D2-973D-00104B15E56F} (ToinbWTR Class) - http://clseu.lge.com/common/gauceocx/toinbtr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
O16 - DPF: {1455BE02-C41B-4115-B21C-32380507DC8F} (MxTextAreaU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxTextAreaU.cab
O16 - DPF: {1F57AEAD-DB12-11D2-A4F9-00608CEBEE49} (ToinbWGrid Class) - http://clseu.lge.com/common/gauceocx/toinbgrid.cab
O16 - DPF: {223216F6-B9FE-406D-9ED6-143FCE3A07B8} (MxLogicalTRU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxLogicalTRU.cab
O16 - DPF: {2F98EA90-EAE1-4AB5-AE89-DA073D824589} (MxBinderU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxBinderU.cab
O16 - DPF: {31538FAB-8051-4CFA-ACA4-B2668718B6F8} (MxMenuU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxMenuU.cab
O16 - DPF: {317642DD-AF52-11D4-BC2A-0050DA8AEE6F} (FileMng Control) - http://europe.samsungportal.com/EP/web/common/cabfiles/FileWiz.cab
O16 - DPF: {3267EA0D-B5D8-11D2-A4F9-00608CEBEE49} (ToinbWData Class) - http://clseu.lge.com/common/gauceocx/toinbdata.cab
O16 - DPF: {37D13B2F-E5EB-11D2-973D-00104B15E56F} (ToinbWReport Class) - http://clseu.lge.com/common/gauceocx/toinbrep.cab
O16 - DPF: {4401B994-DD33-11D2-B539-006097ADB678} (ToinbWTree Class) - http://clseu.lge.com/common/gauceocx/toinbtree.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {4F57AF1B-5470-47EE-A5AA-D1EA4B3C42A6} (XChartU Class) - http://gsfs-eu.lge.com/sys/cabfiles/XChartU.cab
O16 - DPF: {5C32688E-CEBE-419D-9C63-0704A2331EEC} (MxFileControlU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxFileControlU.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {69F1348F-3EBE-11D3-973D-0060979E2A03} (ToinbWInputFile Class) - http://clseu.lge.com/common/gauceocx/toinbifile.cab
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://europe.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
O16 - DPF: {71E7ACA0-EF63-4055-9894-229B056E9C31} (MxGridU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxGridU.cab
O16 - DPF: {75B5421D-15E1-43FA-990D-C7847D1077F0} (XChart Class) - http://clseu.lge.com/common/gauceocx/xchart.cab
O16 - DPF: {7A54CBF0-2CB4-11D4-973E-0060979E2A03} (ToinbWMenu Class) - http://clseu.lge.com/common/gauceocx/toinbmenu.cab
O16 - DPF: {84168FE7-B960-402B-BC0E-E7214D2CFC10} (MxResourceMngU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxResourceMngU.cab
O16 - DPF: {90CAA259-71ED-42CB-BEB8-95281CCF9E58} (MxTabU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxTabU.cab
O16 - DPF: {9683681E-FAD6-45F1-86B3-FD60C7101BC9} (MxReportU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxReportU.cab
O16 - DPF: {9C9AB433-EA85-11D2-A4F9-00608CEBEE49} (ToinbWBind Class) - http://clseu.lge.com/common/gauceocx/toinbbind.cab
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} (SSOCheck Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/UniSSOCheck.cab
O16 - DPF: {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} (MxImageSetU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxImageSetU.cab
O16 - DPF: {AF989B7C-8AC3-40BC-B749-EB335BDFD190} (MxDataSetU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxDataSetU.cab
O16 - DPF: {B1405FE9-DEF8-4679-A3BC-C05F1330CDDD} (MGridU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxMGridU.cab
O16 - DPF: {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} (MxComboU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxComboU.cab
O16 - DPF: {C1781C5C-0C32-40F2-8927-46FE4BCB5B87} (MxTreeU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxTreeU.cab
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
O16 - DPF: {D7779973-9954-464E-9708-DA774CA50E13} (MxMaskEditU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxMaskEditU.cab
O16 - DPF: {F73C0958-D8FE-43A5-9BB0-0F651C5A2BCC} (MxRadioU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxRadioU.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{013D9836-F09C-4514-B373-CD08CED19514}: NameServer = 62.13.171.1 62.13.171.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{013D9836-F09C-4514-B373-CD08CED19514}: NameServer = 62.13.171.1 62.13.171.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servizio di Google Update (gupdate1c9c45423541b02) (gupdate1c9c45423541b02) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13331 bytes
Torna in alto
 
Sponsor
Inviato: Wednesday, July 01, 2009 9:12:42 AM

 
Torna in alto
 
shapiro
Inviato: Wednesday, July 01, 2009 9:39:20 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao e benvenuto nel forum

la tua e' un'infezione da navipromo

scarica navilog1.exe_il mafioso sul desktop e installalo.

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^).
Esegui Navilog1 e scegli l'opzione 2 (Automatic Cleaning) e dai l'ok (eseguirà la pulizia dei files infetti trovati)
Quando finisce, riavvia il pc in modalità normale

Posta il log che rilascia



Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKCU\..\Run: [kcigecs] "c:\documents and settings\manuel\impostazioni locali\dati applicazioni\kcigecs.exe" kcigecs



Controlla se conosci gli indirizzi delle voci 016- elimina quelle che non conosci






Scarica questo file

http://wikisend.com/download/928164/DelDomains.inf

tasto destro e scegli installa




Scarica e installa malwarebytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.

per ora non rimuovere niente
Torna in alto
 
vice22
Inviato: Friday, August 14, 2009 5:20:24 PM
Rank: Newbie

Iscritto dal : 7/1/2009
Posts: 2
Salve,
purtroppo ho ancora problemi di virus e quant'altro, questa volta e veramente un casino!

Ho questi problemi perchè mia sorella continua a scaricare di tutto e di più da emule e così adesso mi ritrovo con il pc super incasinato; l'unica cosa che sono certo è che è presente un rootkit che non sono proprio in grado di eliminare, e quando si attiva mi manda in tilt il pc!
Intanto posto il mio file log!

Grazie di cuore a tutte le persone che mi aiuteranno!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.19.58, on 14/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\3\FastMobileModem\MMModem.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN13.tmp
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\braviax.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [rts] C:\WINDOWS\rts.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://gsfs-eu.lge.com
O15 - Trusted Zone: *.sec.samsung.com
O15 - Trusted Zone: *.samsungportal.com
O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} (ClientEXE Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/CM_ClientEXE.cab
O16 - DPF: {0A2233AD-E771-11D2-973D-00104B15E56F} (ToinbWTR Class) - http://clseu.lge.com/common/gauceocx/toinbtr.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
O16 - DPF: {1455BE02-C41B-4115-B21C-32380507DC8F} (MxTextAreaU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxTextAreaU.cab
O16 - DPF: {1F57AEAD-DB12-11D2-A4F9-00608CEBEE49} (ToinbWGrid Class) - http://clseu.lge.com/common/gauceocx/toinbgrid.cab
O16 - DPF: {223216F6-B9FE-406D-9ED6-143FCE3A07B8} (MxLogicalTRU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxLogicalTRU.cab
O16 - DPF: {2F98EA90-EAE1-4AB5-AE89-DA073D824589} (MxBinderU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxBinderU.cab
O16 - DPF: {31538FAB-8051-4CFA-ACA4-B2668718B6F8} (MxMenuU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxMenuU.cab
O16 - DPF: {317642DD-AF52-11D4-BC2A-0050DA8AEE6F} (FileMng Control) - http://europe.samsungportal.com/EP/web/common/cabfiles/FileWiz.cab
O16 - DPF: {3267EA0D-B5D8-11D2-A4F9-00608CEBEE49} (ToinbWData Class) - http://clseu.lge.com/common/gauceocx/toinbdata.cab
O16 - DPF: {37D13B2F-E5EB-11D2-973D-00104B15E56F} (ToinbWReport Class) - http://clseu.lge.com/common/gauceocx/toinbrep.cab
O16 - DPF: {4401B994-DD33-11D2-B539-006097ADB678} (ToinbWTree Class) - http://clseu.lge.com/common/gauceocx/toinbtree.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {4F57AF1B-5470-47EE-A5AA-D1EA4B3C42A6} (XChartU Class) - http://gsfs-eu.lge.com/sys/cabfiles/XChartU.cab
O16 - DPF: {5C32688E-CEBE-419D-9C63-0704A2331EEC} (MxFileControlU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxFileControlU.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {69F1348F-3EBE-11D3-973D-0060979E2A03} (ToinbWInputFile Class) - http://clseu.lge.com/common/gauceocx/toinbifile.cab
O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://europe.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
O16 - DPF: {71E7ACA0-EF63-4055-9894-229B056E9C31} (MxGridU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxGridU.cab
O16 - DPF: {75B5421D-15E1-43FA-990D-C7847D1077F0} (XChart Class) - http://clseu.lge.com/common/gauceocx/xchart.cab
O16 - DPF: {7A54CBF0-2CB4-11D4-973E-0060979E2A03} (ToinbWMenu Class) - http://clseu.lge.com/common/gauceocx/toinbmenu.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {84168FE7-B960-402B-BC0E-E7214D2CFC10} (MxResourceMngU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxResourceMngU.cab
O16 - DPF: {90CAA259-71ED-42CB-BEB8-95281CCF9E58} (MxTabU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxTabU.cab
O16 - DPF: {9683681E-FAD6-45F1-86B3-FD60C7101BC9} (MxReportU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxReportU.cab
O16 - DPF: {9C9AB433-EA85-11D2-A4F9-00608CEBEE49} (ToinbWBind Class) - http://clseu.lge.com/common/gauceocx/toinbbind.cab
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} (SSOCheck Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/UniSSOCheck.cab
O16 - DPF: {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} (MxImageSetU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxImageSetU.cab
O16 - DPF: {AF989B7C-8AC3-40BC-B749-EB335BDFD190} (MxDataSetU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxDataSetU.cab
O16 - DPF: {B1405FE9-DEF8-4679-A3BC-C05F1330CDDD} (MGridU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxMGridU.cab
O16 - DPF: {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} (MxComboU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxComboU.cab
O16 - DPF: {C1781C5C-0C32-40F2-8927-46FE4BCB5B87} (MxTreeU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxTreeU.cab
O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://europe.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
O16 - DPF: {D7779973-9954-464E-9708-DA774CA50E13} (MxMaskEditU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxMaskEditU.cab
O16 - DPF: {F73C0958-D8FE-43A5-9BB0-0F651C5A2BCC} (MxRadioU Class) - http://gsfs-eu.lge.com/sys/cabfiles/MxRadioU.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{013D9836-F09C-4514-B373-CD08CED19514}: NameServer = 62.13.171.1 62.13.171.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{013D9836-F09C-4514-B373-CD08CED19514}: NameServer = 62.13.171.1 62.13.171.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servizio di Google Update (gupdate1c9c45423541b02) (gupdate1c9c45423541b02) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 12390 bytes
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo file log hijack this


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.