Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Molti processi svchost.exe ????

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Molti processi svchost.exe ????

Messaggioda CRYPAX » sab nov 27, 2010 11:13 pm

come mai sul mio pc ci sono molti processi svchost.exe

Immagine
Ogni uomo vive governato dalle proprie opinioni cui dà il nome fallace di realtà.
Avatar utente
CRYPAX
Bronze Member
Bronze Member
 
Messaggi: 994
Iscritto il: sab lug 24, 2010 5:01 pm
Località: K-PAX

Re: Molti processi svchost.exe ????

Messaggioda hashcat » dom nov 28, 2010 10:19 am

CRY >< PAX ha scritto:come mai sul mio pc ci sono molti processi svchost.exe

Immagine

Per essere sicuro che tutti que processi siano effettivamente sicuri scarica e usa svchost viewer:
http://svchostviewer.codeplex.com/releases/view/45558#DownloadId=122637
Selezionando ogni progresso inerente a svchost avrai informazioni aggiuntive che ti aiuteranno a capire se è sicuro o meno.
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: Molti processi svchost.exe ????

Messaggioda FDAC » dom nov 28, 2010 10:22 am

Occhio a sched.exe:
potrebbe essere un Worm.
Vediamo di fare più chiarezza:
Scarica ed installa Hijackthis: http://www.trendmicro.com/ftp/products/ ... ckThis.msi
● lancia Hijackthis
● clicca su Do a system scan and save a logfile
● al termine della scansione verrà rilasciato un file di testo: allegalo utilizzando il tag MEMO di questo forum
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm


Re: Molti processi svchost.exe ????

Messaggioda hashcat » dom nov 28, 2010 10:27 am

FDAC ha scritto:Occhio a sched.exe:
potrebbe essere un Worm.
Vediamo di fare più chiarezza:
Scarica ed installa Hijackthis: http://www.trendmicro.com/ftp/products/ ... ckThis.msi
● lancia Hijackthis
● clicca su Do a system scan and save a logfile
● al termine della scansione verrà rilasciato un file di testo: allegalo utilizzando il tag MEMO di questo forum

Accanto a sched.exe c'è scritto "Antivirus scheduler", se tu utilizzi come antivirus avira sei a posto, quel processo è sicuro.
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: Molti processi svchost.exe ????

Messaggioda FDAC » dom nov 28, 2010 10:54 am

Si, certo.
E' tutto da vedersi pero' :)
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Molti processi svchost.exe ????

Messaggioda hashcat » dom nov 28, 2010 11:17 am

FDAC ha scritto:Si, certo.
E' tutto da vedersi pero' :)

Esatto, un controllo aggiuntivo al computer fa sempre bene.
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: Molti processi svchost.exe ????

Messaggioda CRYPAX » dom nov 28, 2010 11:19 am

scusate l'assenza
si uso avira premium :D
il log di Hijackthis sembra OK

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:19, on 28/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winamp.exe
c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe
C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\MediaCataloger.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.71.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD13099B-9730-4B39-B747-8726F1F187B3}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5780 bytes
Ogni uomo vive governato dalle proprie opinioni cui dà il nome fallace di realtà.
Avatar utente
CRYPAX
Bronze Member
Bronze Member
 
Messaggi: 994
Iscritto il: sab lug 24, 2010 5:01 pm
Località: K-PAX

Re: Molti processi svchost.exe ????

Messaggioda FDAC » dom nov 28, 2010 11:34 am

Ciao.
Avira Premium svolge anche la funzione di Firewall?
Hai anche Malwarebytes Premium, che dovresti disinstallare in quanto i due programmi vanno in conflitto.

Rilancia Hijackthis:
Do a System Scan Only
spunta la casellina fianco di ogni singola voce che ti indicherò sotto
● una volta spuntate le voci:
chiudi tutte le applicazioni aperte
chiudi tutte le pagine del browser aperte
● in Hijackthis fixa le voci cliccando su Fix checked

Queste le voci da fixare:

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.71.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

Disinstalla:
DAEMON Tools Toolbar
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Molti processi svchost.exe ????

Messaggioda hashcat » dom nov 28, 2010 11:34 am

CRY >< PAX ha scritto:scusate l'assenza
si uso avira premium :D
il log di Hijackthis sembra OK

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:19, on 28/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winamp.exe
c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe
C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\MediaCataloger.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.71.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD13099B-9730-4B39-B747-8726F1F187B3}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5780 bytes

Questa riga sembra strana:
Codice: Seleziona tutto
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD13099B-9730-4B39-B747-8726F1F187B3}: NameServer = 8.8.8.8,8.8.4.4

Ma dovrebbe appartenere ai dns di google:
http://whois.domaintools.com/8.8.8.8
http://whois.domaintools.com/8.8.4.4
Ultima modifica di hashcat il dom nov 28, 2010 11:36 am, modificato 1 volta in totale.
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: Molti processi svchost.exe ????

Messaggioda FDAC » dom nov 28, 2010 11:35 am

Ciao Hash :)
Dovrebbero essere i DNS di Google, a naso.
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Molti processi svchost.exe ????

Messaggioda hashcat » dom nov 28, 2010 11:37 am

FDAC ha scritto:Ciao Hash :)
Dovrebbero essere i DNS di Google, a naso.

Infatti ora ho corretto, grazie.
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: Molti processi svchost.exe ????

Messaggioda CRYPAX » dom nov 28, 2010 11:44 am

FDAC ha scritto:Ciao.
Avira Premium svolge anche la funzione di Firewall?
Hai anche Malwarebytes Premium, che dovresti disinstallare in quanto i due programmi vanno in conflitto.

Rilancia Hijackthis:
Do a System Scan Only
spunta la casellina fianco di ogni singola voce che ti indicherò sotto
● una volta spuntate le voci:
chiudi tutte le applicazioni aperte
chiudi tutte le pagine del browser aperte
● in Hijackthis fixa le voci cliccando su Fix checked

Queste le voci da fixare:

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.71.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

Disinstalla:
DAEMON Tools Toolbar


Avira premium non svolge la funziona firewall ( la premium security suite ha questa funzione)
Affianco Comodo Firewall ad Avira
Malwarebytes non è la versione premium
questo è il log con le voci fixate

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:30, on 28/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winamp.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD13099B-9730-4B39-B747-8726F1F187B3}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5090 bytes
Ogni uomo vive governato dalle proprie opinioni cui dà il nome fallace di realtà.
Avatar utente
CRYPAX
Bronze Member
Bronze Member
 
Messaggi: 994
Iscritto il: sab lug 24, 2010 5:01 pm
Località: K-PAX

Re: Molti processi svchost.exe ????

Messaggioda FDAC » dom nov 28, 2010 11:48 am

Ciao.
Scarica e installa Pserv 2.7: http://p-nand-q.com/download/pserv_cpl/pserv-2.7.exe
Una volta installato:
Start - Tutti i Programmi - Services & Devices
nell'elenco individua questi servizi:
NBService
Google Updater Service
Servizio di Google Update


- tasto destro del mouse sulla voce di ogni servizio, e scegli Delete

Una volta rimosso i servizi
riavvia il sistema
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Molti processi svchost.exe ????

Messaggioda CRYPAX » dom nov 28, 2010 11:57 am

fatto FDAC
ora devo postare qualcosa ??
Ogni uomo vive governato dalle proprie opinioni cui dà il nome fallace di realtà.
Avatar utente
CRYPAX
Bronze Member
Bronze Member
 
Messaggi: 994
Iscritto il: sab lug 24, 2010 5:01 pm
Località: K-PAX

Re: Molti processi svchost.exe ????

Messaggioda FDAC » dom nov 28, 2010 11:58 am

Ciao.
Il PC, ora, dovrebbe essere un po' più veloce.
Sicuro che Malwarebytes non abbia la protezione in real time?

Scarica Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Nota: prima di eseguire il download, rinomina il file in pippo.exe

posiziona pippo.exe sul Desktop ed esegui queste operazioni preliminari:
● disconnettiti da Internet
● sconnetti, fisicamente, il modem/router dal Computer

è assolutamente necessario, se attivo:
disattivare l'Antivirus in uso, dall'icona presente sulla traybar (accanto all'orologio di Windows)
disattivare il Firewall eventualmente installato, dall'icona presente sulla traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un account con privilegi di Amministratore e segui le istruzioni che verranno rilasciate per eseguire la scansione
● verrà richiesta la installazione della Console di ripristino di emergenza: non la installare
● senza eseguire nessuna altra operazione, lascia che il tool completi la scansione e la fase di creazione del log

Note - durante la scansione:
● verranno creati alcuni file sul Desktop e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall, se attivo, potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti

Quando Combofix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente (in caso contrario, riavvialo tu)
● ricollega, fisicamente, il modem/router al Computer
● connettiti a Internet
● vai in Disco Locale C:, cerca il log dal nome combofix.txt ed allegalo col tag MEMO
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Molti processi svchost.exe ????

Messaggioda CRYPAX » dom nov 28, 2010 12:46 pm

ei FDAC
ho dovuto fare un riavvio che non riguardava il problema della discussione
intanto avevo scaricato combofix , alla fine del riavvio mi ritrovo questo

Immagine


comunque scusa la mia stupidità [:-H]
ma come faccio a nominare un file prima di scaricarlo ? [:-H]
Ogni uomo vive governato dalle proprie opinioni cui dà il nome fallace di realtà.
Avatar utente
CRYPAX
Bronze Member
Bronze Member
 
Messaggi: 994
Iscritto il: sab lug 24, 2010 5:01 pm
Località: K-PAX

Re: Molti processi svchost.exe ????

Messaggioda FDAC » dom nov 28, 2010 1:17 pm

Ciao.
Rinomina il file cliccando con il tasto destro, e Rinomina
Quello visto da Hitman è certamente un fals positivo
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Molti processi svchost.exe ????

Messaggioda CRYPAX » dom nov 28, 2010 7:56 pm

scusa se rispondo ora
ho avuto poco tempo
questo è il log della scansione

ComboFix 10-11-27.01 - user 28/11/2010 19:45:51.10.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3067.2530 [GMT 1:00]
Eseguito da: c:\users\user\Desktop\ppp.exe.exe
.

((((((((((((((((((((((((( Files Creati Da 2010-10-28 al 2010-11-28 )))))))))))))))))))))))))))))))))))
.

2010-11-28 18:50 . 2010-11-28 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-28 11:21 . 2010-08-16 06:14 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-28 11:21 . 2010-08-16 06:15 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-11-28 11:21 . 2010-08-16 06:14 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-11-28 11:21 . 2010-08-16 06:14 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-11-28 11:21 . 2010-08-16 06:14 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-28 11:20 . 2010-05-09 09:15 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-28 11:20 . 2010-05-09 09:15 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-28 11:20 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-11-28 11:19 . 2010-11-28 11:19 -------- d-----w- c:\program files\Feedback Tool
2010-11-28 10:53 . 2010-11-28 10:53 -------- d-----w- c:\program files\p-nand-q.com
2010-11-28 10:17 . 2010-11-28 10:17 -------- d-----w- c:\users\user\AppData\Local\SvchostViewer
2010-11-26 18:34 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9755FC23-CB8A-48FF-BBD1-1D3ACFBF5411}\mpengine.dll
2010-11-24 10:16 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-20 14:32 . 2010-11-20 14:32 -------- d-----w- c:\program files\Electronic Arts
2010-11-20 14:26 . 2010-11-20 14:26 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-11-20 14:25 . 2010-11-20 14:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-20 14:24 . 2010-11-20 14:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-11-13 07:53 . 2010-11-13 07:53 -------- d-----w- c:\users\user\AppData\Roaming\Avira
2010-11-13 07:48 . 2010-09-01 13:30 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-13 07:48 . 2010-09-01 13:30 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-13 07:48 . 2010-11-13 07:48 -------- d-----w- c:\program files\Avira
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-12 16:53 . 2010-11-12 16:55 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-11-12 16:51 . 2010-11-12 16:53 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-01 10:23 . 2010-11-22 15:46 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-30 18:30 . 2010-11-28 18:50 -------- d-----w- c:\users\user\AppData\Local\temp
2010-10-30 11:53 . 2010-10-30 11:53 -------- d-----w- c:\users\user\AppData\Local\COMODO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 15:11 . 2010-07-26 15:26 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-28 10:06 . 2010-09-24 11:33 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-10-19 09:41 . 2010-04-02 08:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-24 15:58 . 2010-09-24 11:33 88 --sh--r- c:\programdata\649ADD1AA6.sys
2010-09-10 21:41 . 2010-09-10 21:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 21:40 . 2010-09-10 21:40 78504 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 21:40 . 2010-09-10 21:40 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 21:40 . 2010-09-10 21:40 236088 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 21:40 . 2010-09-10 21:40 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-08 04:30 . 2010-10-13 08:28 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 08:28 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 08:28 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 08:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-13 08:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-13 08:19 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-13 08:29 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-13 08:29 954288 ----a-w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-20 691696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-09-10 236088]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-09-01 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-09-01 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-09-01 403624]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-01 64032]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-09-10 30112]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-04-25 95024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 k57nd60x;Gigabit Ethernet Broadcom NetXtreme - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Contenuto della cartella 'Scheduled Tasks'

2010-11-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-10-03 20:55]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {BD13099B-9730-4B39-B747-8726F1F187B3} = 8.8.8.8,8.8.4.4
TCP: 0716E646F627F6 = 8.8.8.8,4.4.4.4
TCP: 4505D2C494E4B4F5346464438303 = 8.8.8.8,4.4.4.4
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\user\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Kaspersky Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Extension: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2010-11-28 19:52:33
ComboFix-quarantined-files.txt 2010-11-28 18:52
ComboFix2.txt 2010-11-20 19:42
ComboFix3.txt 2010-11-12 17:08
ComboFix4.txt 2010-10-30 18:30
ComboFix5.txt 2010-11-28 18:42

Pre-Run: 155.988.074.496 byte disponibili
Post-Run: 155.758.649.344 byte disponibili

- - End Of File - - BAEC13D8D49117F073C82D190A810C68
Ogni uomo vive governato dalle proprie opinioni cui dà il nome fallace di realtà.
Avatar utente
CRYPAX
Bronze Member
Bronze Member
 
Messaggi: 994
Iscritto il: sab lug 24, 2010 5:01 pm
Località: K-PAX

Re: Molti processi svchost.exe ????

Messaggioda FDAC » lun nov 29, 2010 1:56 pm

Carica questo file su Virustotal e posta qui l'esito:
c:\programdata\KGyGaAvL.sys



Start - Esegui e digita: notepad.exe
● clicca Ok
copia le righe qui sotto, senza saltarne nessuna:

File::
C:\32788R22FWJFW.1.tmp
C:\32788R22FWJFW.2.tmp
c:\windows\system32\MpSigStub.exe
c:\programdata\649ADD1AA6.sys

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

● le incolli all'interno dell'editor di testo Notepad
● clicca in alto su File
● nel menù che vedi scegli Salva con nome
● controlla che in alto, dove c'è scritto Salva in, sia selezionato Desktop
● in Nome file se trovi selezionato .txt lo cancelli, e scrivi CFScript.txt
● clicca Salva
● adesso, sul Desktop, trovi il file di testo
● con il tasto sinistro del mouse, lo trascini sopra l'icona di Combofix, lo rilasci, e parte la scansione di Combofix
non toccare più ne' mouse ne' tastiera, finche' non è finita
● se il sistema non si riavvia da solo, riavvialo tu
● a questo punta allega il log di Combofix utilizzando il tag memo del forum
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Molti processi svchost.exe ????

Messaggioda CRYPAX » lun nov 29, 2010 5:16 pm

FDAC ha scritto:Carica questo file su Virustotal e posta qui l'esito:
c:\programdata\KGyGaAvL.sys



Start - Esegui e digita: notepad.exe
● clicca Ok
copia le righe qui sotto, senza saltarne nessuna:

File::
C:\32788R22FWJFW.1.tmp
C:\32788R22FWJFW.2.tmp
c:\windows\system32\MpSigStub.exe
c:\programdata\649ADD1AA6.sys

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

● le incolli all'interno dell'editor di testo Notepad
● clicca in alto su File
● nel menù che vedi scegli Salva con nome
● controlla che in alto, dove c'è scritto Salva in, sia selezionato Desktop
● in Nome file se trovi selezionato .txt lo cancelli, e scrivi CFScript.txt
● clicca Salva
● adesso, sul Desktop, trovi il file di testo
● con il tasto sinistro del mouse, lo trascini sopra l'icona di Combofix, lo rilasci, e parte la scansione di Combofix
non toccare più ne' mouse ne' tastiera, finche' non è finita
● se il sistema non si riavvia da solo, riavvialo tu
● a questo punta allega il log di Combofix utilizzando il tag memo del forum


il file che mi hai chiesto di esaminare su virustotal è pulito
questo è l'altro log

ComboFix 10-11-28.05 - user 29/11/2010 17:05:04.12.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3067.2312 [GMT 1:00]
Eseguito da: c:\users\user\Desktop\ppp.exe.exe
Opzioni usate :: c:\users\user\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2010-10-28 al 2010-11-29 )))))))))))))))))))))))))))))))))))
.

2010-11-29 16:10 . 2010-11-29 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-28 11:21 . 2010-08-16 06:14 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-28 11:21 . 2010-08-16 06:15 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-11-28 11:21 . 2010-08-16 06:14 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-11-28 11:21 . 2010-08-16 06:14 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-11-28 11:21 . 2010-08-16 06:14 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-28 11:20 . 2010-05-09 09:15 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-28 11:20 . 2010-05-09 09:15 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-28 11:20 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-11-28 11:19 . 2010-11-28 11:19 -------- d-----w- c:\program files\Feedback Tool
2010-11-28 10:53 . 2010-11-28 10:53 -------- d-----w- c:\program files\p-nand-q.com
2010-11-28 10:17 . 2010-11-28 10:17 -------- d-----w- c:\users\user\AppData\Local\SvchostViewer
2010-11-26 18:34 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9755FC23-CB8A-48FF-BBD1-1D3ACFBF5411}\mpengine.dll
2010-11-24 10:16 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-20 14:32 . 2010-11-20 14:32 -------- d-----w- c:\program files\Electronic Arts
2010-11-20 14:26 . 2010-11-20 14:26 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-11-20 14:25 . 2010-11-20 14:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-20 14:24 . 2010-11-20 14:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-11-13 07:53 . 2010-11-13 07:53 -------- d-----w- c:\users\user\AppData\Roaming\Avira
2010-11-13 07:48 . 2010-09-01 13:30 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-13 07:48 . 2010-09-01 13:30 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-13 07:48 . 2010-11-13 07:48 -------- d-----w- c:\program files\Avira
2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-12 16:53 . 2010-11-12 16:55 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-11-12 16:51 . 2010-11-12 16:53 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-01 10:23 . 2010-11-22 15:46 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-30 18:30 . 2010-11-29 16:10 -------- d-----w- c:\users\user\AppData\Local\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 20:08 . 2010-07-26 15:26 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-28 10:06 . 2010-09-24 11:33 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-10-19 09:41 . 2010-04-02 08:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-24 15:58 . 2010-09-24 11:33 88 --sh--r- c:\programdata\649ADD1AA6.sys
2010-09-10 21:41 . 2010-09-10 21:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 21:40 . 2010-09-10 21:40 78504 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 21:40 . 2010-09-10 21:40 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 21:40 . 2010-09-10 21:40 236088 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 21:40 . 2010-09-10 21:40 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-08 04:30 . 2010-10-13 08:28 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 08:28 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 08:28 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 08:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-13 08:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-13 08:19 2327552 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-11-28_18.50.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-02 08:52 . 2010-11-29 12:39 48492 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2010-11-28 15:11 56130 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-11-29 15:51 56130 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-02 08:15 . 2010-11-29 15:51 18696 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-633374088-4001182803-702579871-1000_UserData.bin
- 2010-04-02 07:47 . 2010-11-28 17:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-02 07:47 . 2010-11-29 15:48 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-02 07:47 . 2010-11-29 15:48 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-02 07:47 . 2010-11-28 17:08 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-11-28 17:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-11-29 15:48 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 16:59 . 2010-11-29 15:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-02 16:59 . 2010-11-28 15:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-02 16:59 . 2010-11-28 15:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-02 16:59 . 2010-11-29 15:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-02 16:59 . 2010-11-28 15:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 16:59 . 2010-11-29 15:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-02 11:14 . 2010-11-28 15:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-02 11:14 . 2010-11-29 15:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-02 11:14 . 2010-11-28 15:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 11:14 . 2010-11-29 15:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-28 18:40 . 2010-11-28 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-11-29 12:37 . 2010-11-29 16:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-11-28 18:40 . 2010-11-28 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-11-29 12:37 . 2010-11-29 16:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-20 691696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-09-10 236088]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-09-01 339624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-09-01 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-09-01 403624]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-01 64032]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-09-10 30112]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-04-25 95024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 k57nd60x;Gigabit Ethernet Broadcom NetXtreme - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Contenuto della cartella 'Scheduled Tasks'

2010-11-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-10-03 20:55]

2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]

2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:42]

2010-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]

2010-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-633374088-4001182803-702579871-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-26 20:12]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {BD13099B-9730-4B39-B747-8726F1F187B3} = 8.8.8.8,8.8.4.4
TCP: 0716E646F627F6 = 8.8.8.8,4.4.4.4
TCP: 4505D2C494E4B4F5346464438303 = 8.8.8.8,4.4.4.4
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\user\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Kaspersky Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Extension: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\calghnzh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2010-11-29 17:12:40
ComboFix-quarantined-files.txt 2010-11-29 16:12
ComboFix2.txt 2010-11-28 18:52
ComboFix3.txt 2010-11-20 19:42
ComboFix4.txt 2010-11-12 17:08
ComboFix5.txt 2010-11-29 15:42

Pre-Run: 156.262.641.664 byte disponibili
Post-Run: 156.011.773.952 byte disponibili

- - End Of File - - 0FE9D87B064524F4D4C3F027F5085C8B
Ogni uomo vive governato dalle proprie opinioni cui dà il nome fallace di realtà.
Avatar utente
CRYPAX
Bronze Member
Bronze Member
 
Messaggi: 994
Iscritto il: sab lug 24, 2010 5:01 pm
Località: K-PAX

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 10 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising