Pagina 1 di 1

Log Hijack This

MessaggioInviato: mer ott 29, 2008 2:12 pm
da air.wolf
Ciao Boys,

Vi posto il mio log, cortesemente mi indicate se c'è qualcosa da Fixare? Il pc è molto lento....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.09.36, on 29/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Microsoft Firewall Client 2004\FwcAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o-g.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sg2k3:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\csrs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1315939038-3989984039-3553696176-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O15 - Trusted Zone: http://www.698698698.info
O15 - Trusted Zone: http://www.sgnappo.com
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://sg2k3/connectcomputer/nshelp.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = essegi.local
O17 - HKLM\Software\..\Telephony: DomainName = essegi.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = essegi.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{16BF0CB4-DB36-42F5-B521-86DD2EEA1478}: NameServer = 85.255.114.36,85.255.112.95
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = essegi.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = essegi.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6807 bytes


grazie ciao

Re: Log Hijack This

MessaggioInviato: mer ott 29, 2008 2:24 pm
da Amantide
Queste voci è da fixare ed il file evidenziato in rosso è da eliminare:
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\csrs.exe
O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: www.sgnappo.com

Scarica Malwarebytes' Anti-Malware ed esegui la scansione completa del sistema. Posta qui il report della scansione e magari aspetta la nostra risposta prima di confermare la rimozione dei file rilevati.

Re: Log Hijack This

MessaggioInviato: mer ott 29, 2008 3:11 pm
da air.wolf
Ecco qui

Tipo di scansione: Scansione rapida
Elementi scansionati: 51043
Tempo trascorso: 7 minute(s), 46 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 14
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31f11dfa-3a23-4bc0-89b4-2fb3fb43525b} (Dialer) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{319e125b-4c9b-4c73-be16-3e56592a951b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{52545f05-c50b-4665-90e2-7cfc9f3e8cbd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{16bf0cb4-db36-42f5-b521-86dd2eea1478}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{16bf0cb4-db36-42f5-b521-86dd2eea1478}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{319e125b-4c9b-4c73-be16-3e56592a951b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{319e125b-4c9b-4c73-be16-3e56592a951b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{334064f9-e50b-4641-9267-6a2e47d613ec}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{334064f9-e50b-4641-9267-6a2e47d613ec}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{52545f05-c50b-4665-90e2-7cfc9f3e8cbd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f9a9afc8-7278-40ff-bb1c-e58bd0039ee2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{319e125b-4c9b-4c73-be16-3e56592a951b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{52545f05-c50b-4665-90e2-7cfc9f3e8cbd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{319e125b-4c9b-4c73-be16-3e56592a951b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{52545f05-c50b-4665-90e2-7cfc9f3e8cbd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.36,85.255.112.95 -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Re: Log Hijack This

MessaggioInviato: mer ott 29, 2008 3:29 pm
da Amantide
Ok, allora procedi con la rimozione delle voci rilevate e riavvia il pc.

Re: Log Hijack This

MessaggioInviato: lun nov 03, 2008 10:59 am
da air.wolf
Ok... ve ne pongo un'altro (sto facendo il giro di tutti gli uffici :-) )




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.42.39, on 03/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Programmi\Microsoft Firewall Client 2004\FwcAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\RealVNC\VNC4\WinVNC4.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ASUS WiFi-AP Solo\AWWFSPU.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Programmi\SAP\SAP Business One ServerTools\Service Manager\ServerManager.exe
C:\Programmi\ServerStampe30\ServerStampe30.exe
C:\Programmi\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://SG2k3:8080/array.dll?Get.Routing.Script
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SG2k3:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AWWFSPU] "C:\Programmi\ASUS WiFi-AP Solo\AWWFSPU.exe" -nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Collegamento a ServerStampe30.exe.lnk = C:\Programmi\ServerStampe30\ServerStampe30.exe
O4 - Startup: Copia_unix.cmd.lnk = C:\Documents and Settings\Utente3\Desktop\Copia_unix.CMD
O4 - Startup: Posta elettronica.lnk = ?
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O4 - Global Startup: SAP Business One Service manager.lnk = C:\Programmi\SAP\SAP Business One ServerTools\Service Manager\ServerManager.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://10.0.0.2/ConnectComputer/nshelp.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = essegi.local
O17 - HKLM\Software\..\Telephony: DomainName = essegi.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{464C8AF6-1434-49AC-8E6D-8D0289D4ACE1}: NameServer = 10.0.0.2,151.99.125.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = essegi.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = essegi.local
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Programmi\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: SAP Business One Messaging Service (SBOMail) - Unknown owner - C:\Programmi\SAP\SAP Business One ServerTools\Mailer\B1mail.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmi\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7202 bytes

Re: Log Hijack This

MessaggioInviato: lun nov 03, 2008 2:01 pm
da Amantide
Il log è pulito [^]