Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Problema svchost 100%
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
Lordsimo
Comune mortale
Comune mortale


Registrato: 02/01/08 13:56
Messaggi: 3
MessaggioInviato: 02 Gen 2008 14:13    Oggetto: Problema svchost 100% Rispondi citando
ciao a tutti non so se ho postato nella sezione giusta, ho un problema quando avvio il computer mi entra in windows e vedo tutto rallentato guardando tra i processi vedo un svchost a 100% ho provato a guardare meglio con process explorer e vi posto 2 screen così capite meglio:



Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 02 Gen 2008 14:58    Oggetto: Rispondi citando
Ciao Lordsimo, Ciao

Segui le istruzioni di questo topic per postare il log di hijackthis.

PS: se vuoi, puoi presentarti qui
Top
Profilo Invia messaggio privato
Lordsimo
Comune mortale
Comune mortale


Registrato: 02/01/08 13:56
Messaggi: 3
MessaggioInviato: 03 Gen 2008 11:52    Oggetto: Rispondi citando
ecco il log di hijack:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.23., on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\mioexplorer.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\Rainlendar2\Rainlendar2.exe
C:\Programmi\Clock Tray Skins\ClockTraySkins.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\Lock My PC 4\lockpc.exe
C:\Programmi\CrystalControl\CrystalControl.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Documents and Settings\SiMo\Menu Avvio\Programmi\Esecuzione automatica\Custom start.exe
C:\Programmi\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\xampp\mysql\bin\mysqld-nt.exe
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Config\explorer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmi\PC Connectivity Solution\NclBTHandler.exe
C:\Documents and Settings\SiMo\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ? LoRdSiMo RuLeZ r0x ?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 209.63.57.10:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=mioexplorer.exe
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Xilokit Deskloops BHO - {B0CD151E-D4F1-4474-9BED-7D0173050EAD} - C:\Programmi\Xilokit\Deskloops\DLIEHelper.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Vistadrv] C:\DESK\Vista Drive Indicator!\vsdrv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [ScanSoft PDF Professional 3.0-reminder] "C:\Programmi\ScanSoft\PDF Professional 3.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft\PDF Professional\3\Ereg\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [TransTask] "C:\Programmi\Tweak-XP Pro 4\transtask.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Rainlendar] C:\Programmi\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [SkinClock] C:\Programmi\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Microsoft Research Asia\Digital Effects for MSN Messenger\MsgrShl.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Sysctrls] Sysctrls.exe
O4 - HKCU\..\Run: [lmpc4] C:\Programmi\Lock My PC 4\lockpc.exe /s
O4 - HKCU\..\Run: [CrystalControl] C:\Programmi\CrystalControl\CrystalControl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Custom start.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Programmi\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: Download with YouTube Video Converter - C:\Programmi\Xilisoft\YouTube Video Converter\upod_link.HTM
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (file missing) (HKCU)
O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://c:\windows\notepad.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://anniex1990x.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C8FB828A-3EA0-4157-8DCF-A7C66523B780} (exploit.exploitC) - file://C:\Documents and Settings\SiMo\Desktop\IEActiveX\Exploit\exploit.ocx
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.singlehoteleden.ch/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE47F118-8EDA-4649-897B-151887661400}: NameServer = 151.99.0.100,151.99.125.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2556F19-C983-4805-A18E-6A3159403D0A}: NameServer = 151.99.0.100,151.99.125.1
O18 - Protocol: bw+0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {04E3CF70-A985-4836-828E-792C764A4A64} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acunetix WVS Scheduler (AcuWVSScheduler) - Acunetix Ltd. - C:\Programmi\Acunetix\Web Vulnerability Scanner 4\WVSScheduler.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programmi\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programmi\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: DirectX Service (Gutep) - Unknown owner - C:\WINDOWS\system32\directx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mysql - Unknown owner - C:\Programmi\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 27231 bytes
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 03 Gen 2008 21:03    Oggetto: Rispondi citando
Ciao Lordsimo, Ciao

queste di seguito sono le voci sconosciute/sospette che dovresti eliminare (se non le conosci):
Citazione:
F2 - REG:system.ini: Shell=mioexplorer.exe
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O4 - HKCU\..\Run: [Sysctrls] Sysctrls.exe
O4 - Startup: Custom start.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://c:\windows\notepad.exe
O16 - DPF: {C8FB828A-3EA0-4157-8DCF-A7C66523B780} (exploit.exploitC) - file://C:\Documents and Settings\SiMo\Desktop\IEActiveX\Exploit\exploit.ocx
O23 - Service: DirectX Service (Gutep) - Unknown owner - C:\WINDOWS\system32\directx.exe


Segui le istruzioni di questo topic per postare il log di combofix.
Top
Profilo Invia messaggio privato
Lordsimo
Comune mortale
Comune mortale


Registrato: 02/01/08 13:56
Messaggi: 3
MessaggioInviato: 04 Gen 2008 14:29    Oggetto: Rispondi citando
ecco il log:

ComboFix 08-01-04.1 - SiMo 2008-01-04 12.01.21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.364 [GMT 1:00]
Eseguito da: C:\Documents and Settings\SiMo\Desktop\ComboFix.exe
.
The following files were disabled during the run:
C:\WINDOWS\system32\DrvTrNTl.dll


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\SiMo\Dati applicazioni\macromedia\Flash Player\#SharedObjects\WAN6JQVS\iforex.com
C:\Documents and Settings\SiMo\Dati applicazioni\macromedia\Flash Player\#SharedObjects\WAN6JQVS\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\SiMo\Dati applicazioni\macromedia\Flash Player\#SharedObjects\WAN6JQVS\www.broadcaster.com
C:\Documents and Settings\SiMo\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\SiMo\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\SiMo\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\SiMo\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\sys.txt
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\MabryObj.dll

.
((((((((((((((((((((((((( Files Creati Da 2007-12-04 al 2008-01-04 )))))))))))))))))))))))))))))))))))
.

2008-01-04 11:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 01:17 . 2008-01-03 01:17 268 --ah----- C:\sqmdata09.sqm
2008-01-03 01:17 . 2008-01-03 01:17 172 --ah----- C:\sqmnoopt09.sqm
2007-12-31 17:08 . 2007-12-31 17:08 <DIR> d-------- C:\Programmi\QuickTime
2007-12-25 17:40 . 2007-12-25 17:40 <DIR> d-------- C:\Programmi\iriver
2007-12-19 12:27 . 2007-12-19 12:27 268 --ah----- C:\sqmdata08.sqm
2007-12-19 12:26 . 2007-12-19 12:26 244 --ah----- C:\sqmnoopt08.sqm
2007-12-19 10:25 . 2007-12-19 10:25 268 --ah----- C:\sqmdata07.sqm
2007-12-19 10:25 . 2007-12-19 10:25 244 --ah----- C:\sqmnoopt07.sqm
2007-12-18 21:14 . 2007-12-18 22:01 <DIR> d-------- C:\Programmi\YouTube Downloader
2007-12-18 07:58 . 2007-12-18 07:58 25 --a------ C:\WINDOWS\mixerdef.ini
2007-12-17 17:26 . 2000-03-29 15:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-12-17 17:26 . 2007-12-17 17:26 1,548 --a------ C:\WINDOWS\Ascd_tmp.ini
2007-12-17 12:08 . 2007-12-17 12:08 <DIR> d-------- C:\Programmi\O Imaging Corporation
2007-12-17 12:03 . 2005-12-02 16:00 229,376 --a------ C:\WINDOWS\amuninst.exe
2007-12-10 11:58 . 2007-12-10 12:58 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-12-06 13:53 . 2007-12-06 13:59 <DIR> d-------- C:\Programmi\PiZZa40
2007-12-05 08:56 . 2007-12-05 08:56 268 --ah----- C:\sqmdata06.sqm
2007-12-05 08:56 . 2007-12-05 08:56 244 --ah----- C:\sqmnoopt06.sqm
2007-12-04 22:24 . 2007-12-04 22:24 <DIR> d-------- C:\Programmi\Graffiti Studio 2.0
2007-12-04 22:24 . 2007-12-04 22:24 24 --a------ C:\WINDOWS\AM_D8.PRF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 16:08 --------- d-----w C:\Programmi\Xilisoft
2007-12-26 19:18 --------- d-----w C:\Documents and Settings\SiMo\Dati applicazioni\Nokia Multimedia Player
2007-12-25 09:03 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-18 21:13 --------- d-----w C:\Programmi\Naevius YouTube Converter
2007-12-17 19:14 --------- d-----w C:\Programmi\Messenger Plus! Live
2007-12-11 10:01 --------- d-----w C:\Programmi\eMule Extreme
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-03 16:52 --------- d-----w C:\Programmi\CrystalControl
2007-12-02 14:14 --------- d-----w C:\Documents and Settings\SiMo\Dati applicazioni\Azureus
2007-12-02 14:02 --------- d-----w C:\Programmi\Azureus
2007-12-01 18:53 --------- d-----w C:\Programmi\SopCast
2007-11-28 09:42 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-11-28 09:38 --------- d-----w C:\Programmi\Google
2007-11-28 09:06 --------- d-----w C:\Documents and Settings\SiMo\Dati applicazioni\IndigoRose
2007-11-28 09:00 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2007-11-27 23:33 --------- d-----w C:\Programmi\MSXML 6.0
2007-11-26 15:24 --------- d-----w C:\Documents and Settings\SiMo\Dati applicazioni\Autodesk
2007-11-26 09:09 --------- d-----w C:\Programmi\FrameShow
2007-11-26 09:08 --------- d-----w C:\Programmi\My Photo Calendars
2007-11-26 08:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft
2007-11-26 08:39 --------- d-----w C:\Programmi\Reallusion
2007-11-26 08:37 --------- d-----w C:\Programmi\Stardock
2007-11-21 22:46 --------- d-----w C:\Programmi\QO Developments
2007-11-13 22:42 --------- d-----w C:\Programmi\UnH Solutions
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:38 --------- d-----w C:\Programmi\d3loo_msn_own_account_creator
2007-11-11 14:56 --------- d-----w C:\Programmi\Smart Projects
2007-11-08 08:43 --------- d-----w C:\Programmi\UltraISO
2007-11-08 08:43 --------- d-----w C:\Programmi\File comuni\EZB Systems
2007-11-07 09:05 --------- d-----w C:\Programmi\HachaPro
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-03-07 10:53 1 ----a-w C:\Documents and Settings\SiMo\SI.bin
2006-12-03 17:19 30,601 ----a-w C:\Documents and Settings\SiMo\x.exe
2007-02-15 12:39 88 --sh--r C:\WINDOWS\system32\54D2EF52E8.sys
2007-03-08 14:45 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
Codice:
<pre>
------w            32,768 2007-09-13 21:07:17  C:\Programmi\Azureus\ALL Car Radio CalculatorS\FordLC .exe
------w            93,696 2007-09-13 21:04:52  C:\Programmi\Azureus\ALL Car Radio CalculatorS\More Becker\Becker4digit .exe
------w           185,856 2007-09-13 21:05:51  C:\Programmi\Azureus\ALL Car Radio CalculatorS\More Blaupunkt\Blaupunkt Peugeot T1 Code Viewer .exe
------w            61,440 2007-09-13 21:06:03  C:\Programmi\Azureus\ALL Car Radio CalculatorS\More Blaupunkt\BPcalc v1[1].0 .exe
----a-w            93,696 2004-09-29 18:44:52  C:\Programmi\eMule\Incoming\Car Radio Code Calculators And Instructions!\Becker\Becker4digit .exe
----a-w           185,856 2004-09-29 18:44:54  C:\Programmi\eMule\Incoming\Car Radio Code Calculators And Instructions!\Blaupunkt\Blaupunkt Peugeot T1 Code Viewer .exe
----a-w            32,768 2004-09-29 18:44:54  C:\Programmi\eMule\Incoming\Car Radio Code Calculators And Instructions!\Ford\FordLC .exe
</pre>



((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]
"TransTask"="C:\Programmi\Tweak-XP Pro 4\transtask.exe" [ ]
"STYLEXP"="C:\Programmi\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31 1372160]
"Rainlendar"="C:\Programmi\Rainlendar2\Rainlendar2.exe" [2006-10-28 15:22 981504]
"SkinClock"="C:\Programmi\Clock Tray Skins\ClockTraySkins.exe" [2006-11-16 14:55 448000]
"msnmsgr"="C:\Programmi\Microsoft Research Asia\Digital Effects for MSN Messenger\MsgrShl.exe" [2007-05-15 14:57 16896]
"H/PC Connection Agent"="C:\Programmi\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:08 1211176]
"Sysctrls"="Sysctrls.exe" []
"lmpc4"="C:\Programmi\Lock My PC 4\lockpc.exe" [2006-12-14 15:22 821248]
"CrystalControl"="C:\Programmi\CrystalControl\CrystalControl.exe" [2004-03-16 17:07 1279488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"WinDVR SchSvr"="C:\Programmi\File comuni\InterVideo\SchSvr\SchSvr.exe" [2003-11-18 17:34 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"Vistadrv"="C:\DESK\Vista Drive Indicator!\vsdrv.exe" [2006-07-30 03:37 121089]
"Share-to-Web Namespace Daemon"="C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"SpeedOptimizer"="C:\PROGRA~1\SPEEDO~1\SPO.exe" [2003-09-29 14:53 607232]
"ScanSoft PDF Professional 3.0-reminder"="C:\Programmi\ScanSoft\PDF Professional 3.0\Ereg\ereg.exe" [ ]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"C-Media Mixer"="Mixer.exe" [2001-09-12 23:09 1134592 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 14:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

C:\Documents and Settings\SiMo\Menu Avvio\Programmi\Esecuzione automatica\
Custom start.exe [2007-05-22 12:53:42]
MSN Pictures Displayer.lnk - C:\Programmi\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-06-17 17:18:55]
Yahoo! Widget Engine.lnk - C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-05-04 20:39:42]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
hp psc 2000 Series.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-11 10:31:50]
Logitech Desktop Messenger.lnk - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-25 17:36:50]
Logitech SetPoint.lnk - C:\Programmi\Logitech\SetPoint\SetPoint.exe [2006-12-25 17:34:53]
officejet 6100.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 10:32:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
fsp_lmwl.dll 2006-11-02 11:44 39936 C:\WINDOWS\system32\fsp_lmwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^MioSync.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\MioSync.lnk
backup=C:\WINDOWS\pss\MioSync.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ZDWlan.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\ZDWlan.lnk
backup=C:\WINDOWS\pss\ZDWlan.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SiMo^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
path=C:\Documents and Settings\SiMo\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-10-28 15:25 94208 --a------ C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
C:\Programmi\HighCriteria\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
"CrazyTalk Serve"=rundll32.exe C:\WINDOWS\system32\CrazyTalk.dll,DllServeMediaFile
"ISUSPM"="C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ISUSPM Startup"=C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"MediaLifeService"="C:\Programmi\Logitech\MediaLife\MediaLifeService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"<NO NAME>"=rBot.exe

*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
"2007-12-28 09:22:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2007-03-09 19:17:16 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1165691578.job"
- C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 12:17:03
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

**************************************************************************
.
Ora fine scansione: 2008-01-04 12.19.26
ComboFix-quarantined-files.txt 2008-01-04 11:18:30
.
2007-12-12 22:46:17 --- E O F ---


vedi qualcosa ke non va?
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 04 Gen 2008 14:44    Oggetto: Rispondi
Combofix ha eliminato alcune voci.
Di seguito ti indico altre voci sospette:
Citazione:
2007-03-07 10:53 1 ----a-w C:\Documents and Settings\SiMo\SI.bin
2006-12-03 17:19 30,601 ----a-w C:\Documents and Settings\SiMo\x.exe
2007-02-15 12:39 88 --sh--r C:\WINDOWS\system32\54D2EF52E8.sys
"Sysctrls"="Sysctrls.exe" []

Hanno a che fare con qualche programma che usi? Think

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi