HiJackThis - Analisi Log - leggere Regole di Sezione - Pagina 634

Samu78 · 29-04-2010, 13:48

ok dopo lo rifaccio grazie

coolintel · 29-04-2010, 15:45

Ragazzi mi serve di nuovo il vostro aiuto per un altro log di un altro computer....

http://wikisend.com/download/445126/hijackthis.log

**Chill-Out** · 29-04-2010, 20:40

Quote:

Originariamente inviato da coolintel

Ragazzi mi serve di nuovo il vostro aiuto per un altro log di un altro computer....

http://wikisend.com/download/445126/hijackthis.log

Dal log non emerge nulla, aggiorna IE alla versione 8.

TFT · 30-04-2010, 10:50

notate qualcosa che non va?

sorry ma non mi funziona l'allegato

Log rimosso, leggere le modalità in prima pagina.

Kohai · 01-05-2010, 19:14

Salve ragazzi, una gentilezza: dopo il controllo effettuato per il desktop, potete dare un occhiata al log del mio computer piccolino?

Grazie in anticipo

http://wikisend.com/download/480810/hijackthis.log

Buon fine settimana

**Chill-Out** · 01-05-2010, 19:36

Quote:

Originariamente inviato da Kohai

Salve ragazzi, una gentilezza: dopo il controllo effettuato per il desktop, potete dare un occhiata al log del mio computer piccolino?

Grazie in anticipo

http://wikisend.com/download/480810/hijackthis.log

Buon fine settimana

Log pulito, nella sezione 017 inerente i DNS è presente questo IP 129.250.35.251.

Kohai · 01-05-2010, 20:47

Quote:

Originariamente inviato da Chill-Out

Log pulito, nella sezione 017 inerente i DNS è presente questo IP 129.250.35.251.

Ti ringrazio chill.
Per il dns segnalatomi da te e' male?
Sarebbe questo -> http://img213.imageshack.us/i/immaginevo.png/

Grazie ancora

**Chill-Out** · 01-05-2010, 20:55

Quote:

Originariamente inviato da Kohai

Ti ringrazio chill.
Per il dns segnalatomi da te e' male?
Sarebbe questo -> http://img213.imageshack.us/i/immaginevo.png/

Grazie ancora

Dipende se l'hai inserito volontariamente.

Kohai · 01-05-2010, 21:05

Quote:

Originariamente inviato da Chill-Out

Dipende se l'hai inserito volontariamente.

Si si, l'ho scelto dopo un benchmark sui dns di grc.com

Link -> http://www.grc.com/dns/benchmark.htm

oceancorps · 02-05-2010, 09:20

Probabile malware:

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.23.36, on 02/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hamlet\Adsl\dslstat.exe
C:\Program Files\Hamlet\Adsl\dslagent.exe
C:\windows\PixArt\PAC207\Monitor.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\FRAPS\FRAPS.EXE
C:\windows\system32\spoolsv.exe
C:\Programmi\StormII\stormliv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\windows\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Windows Live\Toolbar\wltuser.exe
C:\Programmi\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\eMule\emule.exe
C:\Programmi\DsNET Corp\aTube Catcher 1.0\yct.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\windows\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ver/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Programmi\Celebrity Toolbar\tbhelper.dll
O1 - Hosts: aams-casino.awardspace.com
O1 - Hosts: account.caesarcardclub.com
O1 - Hosts: banner.cdpoker.com
O1 - Hosts: banner.eurogrand.com
O1 - Hosts: banner.expekt.com
O1 - Hosts: banner.itcasinobellini.com
O1 - Hosts: banner.mansionpoker.com
O1 - Hosts: banner.titan123poker.com
O1 - Hosts: banner.williamhillpoker.com
O1 - Hosts: betting.betfair.com
O1 - Hosts: betting.goalwin.net
O1 - Hosts: bingo.williamhill.com
O1 - Hosts: cache.betfair.com
O1 - Hosts: casino.488365.com
O1 - Hosts: casino.888italia.com
O1 - Hosts: casino.allsport365.com
O1 - Hosts: casino.bet-mart.com
O1 - Hosts: casino.bodoglife.com
O1 - Hosts: casino.casinogiocaitalia.com
O1 - Hosts: casino.casinogiocoitalia.com
O1 - Hosts: casino.giocacasinoonline.com
O1 - Hosts: casino.guadagnarealcasino.com
O1 - Hosts: casino.ladbrokes.com
O1 - Hosts: casino.redelcasinoonline.com
O1 - Hosts: casino.rhitech.com
O1 - Hosts: casino.scommetti365.com
O1 - Hosts: casino.w-121.betfair.com
O1 - Hosts: cdn2.unibet.com
O1 - Hosts: demcpb.710casino.eu
O1 - Hosts: download.betway.com
O1 - Hosts: download.casinotropez.com
O1 - Hosts: download.europacasino.com
O1 - Hosts: download.fulltiltpokeritalia.com
O1 - Hosts: download.pokervittoriosa.com
O1 - Hosts: enigma.globet.co.uk
O1 - Hosts: euro.intercasino.com
O1 - Hosts: eurobet.uk.com
O1 - Hosts: fun.sunpoker.com
O1 - Hosts: games.488365.com
O1 - Hosts: games.allsport365.com
O1 - Hosts: games.ladbrokes.com
O1 - Hosts: games.scommetti365.com
O1 - Hosts: games1.eurobet.com
O1 - Hosts: games2.eurobet.com
O1 - Hosts: gioca.710casino.eu
O1 - Hosts: it.888.com
O1 - Hosts: it.alljackpots.co.uk
O1 - Hosts: it.allslotscasino.com
O1 - Hosts: it.blackjackballroom.com
O1 - Hosts: it.captaincookscasino.com
O1 - Hosts: it.cdpoker.com
O1 - Hosts: it.cdpokeritaly.com
O1 - Hosts: it.crazyvegascasino.co.uk
O1 - Hosts: it.goalwin.net
O1 - Hosts: it.hollywoodpoker.com
O1 - Hosts: it.intercasino.com
O1 - Hosts: it.pacificpoker.com
O1 - Hosts: it.paradisepoker.com
O1 - Hosts: it.sportingbet.com
O1 - Hosts: it.williamhillcasino.com
O1 - Hosts: it.williamhillpoker.com
O1 - Hosts: it.williamhillpokeritaly.com
O1 - Hosts: it1.betclic.com
O1 - Hosts: it2.betclic.com
O1 - Hosts: it2.sportingbet.com
O1 - Hosts: it3.betclic.com
O1 - Hosts: it3.sportingbet.com
O1 - Hosts: it4.betclic.com
O1 - Hosts: it5.betclic.com
O1 - Hosts: ita.unibet.com
O1 - Hosts: italia.fulltiltpoker.com
O1 - Hosts: italia.intercasino.com
O1 - Hosts: italia.redkings.com
O1 - Hosts: italia.roxypalace.com
O1 - Hosts: italia.unibet.com
O1 - Hosts: italia1.roxypalace.com
O1 - Hosts: italia5.redkings.com
O1 - Hosts: italia7.redkings.com
O1 - Hosts: italiafulltiltpoker.com
O1 - Hosts: italy.fulltiltpoker.com
O1 - Hosts: italy.goalwin.net
O1 - Hosts: magicpalace.ultimatebet.com
O1 - Hosts: mercury6.betonmarkets.com
O1 - Hosts: play.cspoker.com
O1 - Hosts: play.sunpoker.com
O1 - Hosts: poker.488365.com
O1 - Hosts: poker.770.com
O1 - Hosts: poker.888italia.com
O1 - Hosts: poker.allsport365.com
O1 - Hosts: poker.bet365.com
O1 - Hosts: poker.betfair.com
O1 - Hosts: poker.betoto.com
O1 - Hosts: poker.bodoglife.co.uk
O1 - Hosts: poker.bwin.com
O1 - Hosts: poker.casino.net
O1 - Hosts: poker.casinogiocaitalia.com
O1 - Hosts: poker.casinogiocoitalia.com
O1 - Hosts: poker.casinoitalianogogle.com
O1 - Hosts: poker.clubofpoker.com
O1 - Hosts: poker.dollarobet.com
O1 - Hosts: poker.giocacasinoonline.com
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Programmi\Celebrity Toolbar\tbcore3.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: MyHeritage New Tab - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Programmi\Celebrity Toolbar\mhxpcomi.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Programmi\Celebrity Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Hamlet\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Hamlet\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [PAC207_Monitor] C:\windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C7CBCE3-215D-489A-A5CD-1AE57E353EB6}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Programmi\Celebrity Toolbar\mhxpcomi.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - ???????????? - C:\Programmi\StormII\stormliv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 12532 bytes

Grazie!

lollos · 02-05-2010, 09:26

ciao a tutti
e' un po di tempo che ho un problema
in pratica di tanto in tanto il services.exe si prende tutta la banda in upload (ho alice 7 mega) e non mi permette di fare assolutamente nulla
me ne sono accorto tramite sunbelt (il fw) che mi mostra il grafico di banda in tempo reale, apre porte a caso si collega ad host a caso e riempie la banda fino a rendere impossibile la navigazione e manda in tilt il router (dopo un po attacca a riavviarsi a manetta da solo).
accade anche che nelle opzioni di iexplorer (io uso quasi sempre firefox) venga impostato un "proxy" che punta a 127.0.0.1:5000 e che nelle connessioni di rete sia abilitata la condivisione di cartelle in rete.
per riprendere possesso della connessione devo ogni volta aprire le impostazioni di sunbelt e NEGARE le connessioni in entrata/uscita di services.exe (tra l'altro file vitale di windows a quanto pare e non so se e bene che sia bloccato).
cosa sta succedendo?
malwarebyte aggiornato non rileva nulla
uso avir come antivirus nessun virus rilevato
combofix non trova nulla
allego log di hijack

http://wikisend.com/download/457348/hijackthis.log

ps sebbene blocchi gli accessi su sunbelt e abbia ripristino di win sempre bloccato qualcosa li riabilita (accessi di services.exe alla rete internet)

Sonicpablo3 · 02-05-2010, 12:08

Ciao a tutti, ho questo problema: quando apro internet explorer la finestra spesso non compare, sebbene nel taskmanager appaia più di un processo aperto (adesso per esempio ho una finestra aperta e nel taskmanager ci sono 3 iexplore.exe); la stessa cosa accade quando cerco di aprire un link.
McAfee mi continua a bloccare un sovraccarico del buffer indicando come file C:\Windows\EXPLORER.EXE
Inoltre ogni volta che avvio il pc, appare una finestra in cui mi chiede l'autorizzazione per avviare questo programma:
C:\Users\Pablo Augusto\AppData\Roaming\Microsoft\svchost.exe
Che io annulli o autorizzi, non mi pare cambi qualcosa.

Il mio log è questo:

Quote:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13.19.05, on 02/05/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\sony\Marketing Tools\MarketingTools.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\sony\Network Utility\LANUtil.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Pablo Augusto\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com/default.aspx?wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Vocal Reader - {E00DD475-1DF2-4881-8CFE-65951AFFA46C} - C:\PROGRA~1\VOCALR~1\VRFORI~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Pablo Augusto\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Startup] C:\Users\Pablo Augusto\AppData\Roaming\Microsoft\svchost.exe
O4 - HKCU\..\Run: [StartServiceENFMWMSM] "C:\Users\Pablo Augusto\AppData\Local\ENFMWMSM\StartService.exe"
O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Windows\system32\sshnas21.dll,BackupReadW
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...PUpldit-it.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\sony\VAIO Update 5\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13957 bytes

Grazie mille in anticipo per l'aiuto

**Chill-Out** · 02-05-2010, 15:41

Quote:

Originariamente inviato da Kohai

Si si, l'ho scelto dopo un benchmark sui dns di grc.com

Link -> http://www.grc.com/dns/benchmark.htm

Ok

xcdegasp · 02-05-2010, 18:48

Quote:

Originariamente inviato da oceancorps

Probabile malware:

Grazie!

fixa:

Codice:

R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Programmi\Celebrity Toolbar\tbhelper.dll
O1 - Hosts: aams-casino.awardspace.com
O1 - Hosts: account.caesarcardclub.com
O1 - Hosts: banner.cdpoker.com
O1 - Hosts: banner.eurogrand.com
O1 - Hosts: banner.expekt.com
O1 - Hosts: banner.itcasinobellini.com
O1 - Hosts: banner.mansionpoker.com
O1 - Hosts: banner.titan123poker.com
O1 - Hosts: banner.williamhillpoker.com
O1 - Hosts: betting.betfair.com
O1 - Hosts: betting.goalwin.net
O1 - Hosts: bingo.williamhill.com
O1 - Hosts: cache.betfair.com
O1 - Hosts: casino.488365.com
O1 - Hosts: casino.888italia.com
O1 - Hosts: casino.allsport365.com
O1 - Hosts: casino.bet-mart.com
O1 - Hosts: casino.bodoglife.com
O1 - Hosts: casino.casinogiocaitalia.com
O1 - Hosts: casino.casinogiocoitalia.com
O1 - Hosts: casino.giocacasinoonline.com
O1 - Hosts: casino.guadagnarealcasino.com
O1 - Hosts: casino.ladbrokes.com
O1 - Hosts: casino.redelcasinoonline.com
O1 - Hosts: casino.rhitech.com
O1 - Hosts: casino.scommetti365.com
O1 - Hosts: casino.w-121.betfair.com
O1 - Hosts: cdn2.unibet.com
O1 - Hosts: demcpb.710casino.eu
O1 - Hosts: download.betway.com
O1 - Hosts: download.casinotropez.com
O1 - Hosts: download.europacasino.com
O1 - Hosts: download.fulltiltpokeritalia.com
O1 - Hosts: download.pokervittoriosa.com
O1 - Hosts: enigma.globet.co.uk
O1 - Hosts: euro.intercasino.com
O1 - Hosts: eurobet.uk.com
O1 - Hosts: fun.sunpoker.com
O1 - Hosts: games.488365.com
O1 - Hosts: games.allsport365.com
O1 - Hosts: games.ladbrokes.com
O1 - Hosts: games.scommetti365.com
O1 - Hosts: games1.eurobet.com
O1 - Hosts: games2.eurobet.com
O1 - Hosts: gioca.710casino.eu
O1 - Hosts: it.888.com
O1 - Hosts: it.alljackpots.co.uk
O1 - Hosts: it.allslotscasino.com
O1 - Hosts: it.blackjackballroom.com
O1 - Hosts: it.captaincookscasino.com
O1 - Hosts: it.cdpoker.com
O1 - Hosts: it.cdpokeritaly.com
O1 - Hosts: it.crazyvegascasino.co.uk
O1 - Hosts: it.goalwin.net
O1 - Hosts: it.hollywoodpoker.com
O1 - Hosts: it.intercasino.com
O1 - Hosts: it.pacificpoker.com
O1 - Hosts: it.paradisepoker.com
O1 - Hosts: it.sportingbet.com
O1 - Hosts: it.williamhillcasino.com
O1 - Hosts: it.williamhillpoker.com
O1 - Hosts: it.williamhillpokeritaly.com
O1 - Hosts: it1.betclic.com
O1 - Hosts: it2.betclic.com
O1 - Hosts: it2.sportingbet.com
O1 - Hosts: it3.betclic.com
O1 - Hosts: it3.sportingbet.com
O1 - Hosts: it4.betclic.com
O1 - Hosts: it5.betclic.com
O1 - Hosts: ita.unibet.com
O1 - Hosts: italia.fulltiltpoker.com
O1 - Hosts: italia.intercasino.com
O1 - Hosts: italia.redkings.com
O1 - Hosts: italia.roxypalace.com
O1 - Hosts: italia.unibet.com
O1 - Hosts: italia1.roxypalace.com
O1 - Hosts: italia5.redkings.com
O1 - Hosts: italia7.redkings.com
O1 - Hosts: italiafulltiltpoker.com
O1 - Hosts: italy.fulltiltpoker.com
O1 - Hosts: italy.goalwin.net
O1 - Hosts: magicpalace.ultimatebet.com
O1 - Hosts: mercury6.betonmarkets.com
O1 - Hosts: play.cspoker.com
O1 - Hosts: play.sunpoker.com
O1 - Hosts: poker.488365.com
O1 - Hosts: poker.770.com
O1 - Hosts: poker.888italia.com
O1 - Hosts: poker.allsport365.com
O1 - Hosts: poker.bet365.com
O1 - Hosts: poker.betfair.com
O1 - Hosts: poker.betoto.com
O1 - Hosts: poker.bodoglife.co.uk
O1 - Hosts: poker.bwin.com
O1 - Hosts: poker.casino.net
O1 - Hosts: poker.casinogiocaitalia.com
O1 - Hosts: poker.casinogiocoitalia.com
O1 - Hosts: poker.casinoitalianogogle.com
O1 - Hosts: poker.clubofpoker.com
O1 - Hosts: poker.dollarobet.com
O1 - Hosts: poker.giocacasinoonline.com
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Programmi\Celebrity Toolbar\tbcore3.dll
O2 - BHO: MyHeritage New Tab - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Programmi\Celebrity Toolbar\mhxpcomi.dll
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Programmi\Celebrity Toolbar\tbcore3.dll
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O23 - Service: Contrl Center of Storm Media (ccosm) - ???????????? - C:\Programmi\StormII\stormliv.exe

il pc è infetto, segui la guida per risolvere il virus alert (http://www.hwupgrade.it/forum/showpo...93&postcount=3) poi vedremo se è il caso di farne alltre di scansioni.
fai analizzare su virustotal.com e virscan.org il file "C:\windows\PixArt\PAC207\Monitor.exe", per entrambi i siti a fine scansione quando ti mostra la tabellla con i risultati per ciasc'un antivirus basta copi l'indirizzo mosttrato nel browser e lo incolli li quando pubblichi i report delle scansioni rischieste.

spero sia l'ultima volta che pubblichi un log lungo come questo tramite i tag quote/code. come scritto nelle regole di sezione è sconsigliabile per i log lunghi

xcdegasp · 02-05-2010, 19:04

Quote:

Originariamente inviato da Sonicpablo3

Ciao a tutti, ho questo problema: quando apro internet explorer la finestra spesso non compare, sebbene nel taskmanager appaia più di un processo aperto (adesso per esempio ho una finestra aperta e nel taskmanager ci sono 3 iexplore.exe); la stessa cosa accade quando cerco di aprire un link.
McAfee mi continua a bloccare un sovraccarico del buffer indicando come file C:\Windows\EXPLORER.EXE
Inoltre ogni volta che avvio il pc, appare una finestra in cui mi chiede l'autorizzazione per avviare questo programma:
C:\Users\Pablo Augusto\AppData\Roaming\Microsoft\svchost.exe
Che io annulli o autorizzi, non mi pare cambi qualcosa.

Il mio log è questo:

Grazie mille in anticipo per l'aiuto

fixa:

Codice:

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Pablo Augusto\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Startup] C:\Users\Pablo Augusto\AppData\Roaming\Microsoft\svchost.exe
O4 - HKCU\..\Run: [StartServiceENFMWMSM] "C:\Users\Pablo Augusto\AppData\Local\ENFMWMSM\StartService.exe"
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...PUpldit-it.cab

segui la semplice Guida alla disinfezione per Infetti e pubblicando tutti i log richiesti in un nuovo thread e vedrai che ripuliremo il pc

lollos · 02-05-2010, 19:42

nessuno sa dirmi nulla ho sbagliato qualcosa? :S

Quote:

Originariamente inviato da lollos

ciao a tutti
e' un po di tempo che ho un problema
in pratica di tanto in tanto il services.exe si prende tutta la banda in upload (ho alice 7 mega) e non mi permette di fare assolutamente nulla
me ne sono accorto tramite sunbelt (il fw) che mi mostra il grafico di banda in tempo reale, apre porte a caso si collega ad host a caso e riempie la banda fino a rendere impossibile la navigazione e manda in tilt il router (dopo un po attacca a riavviarsi a manetta da solo).
accade anche che nelle opzioni di iexplorer (io uso quasi sempre firefox) venga impostato un "proxy" che punta a 127.0.0.1:5000 e che nelle connessioni di rete sia abilitata la condivisione di cartelle in rete.
per riprendere possesso della connessione devo ogni volta aprire le impostazioni di sunbelt e NEGARE le connessioni in entrata/uscita di services.exe (tra l'altro file vitale di windows a quanto pare e non so se e bene che sia bloccato).
cosa sta succedendo?
malwarebyte aggiornato non rileva nulla
uso avir come antivirus nessun virus rilevato
combofix non trova nulla
allego log di hijack

http://wikisend.com/download/457348/hijackthis.log

ps sebbene blocchi gli accessi su sunbelt e abbia ripristino di win sempre bloccato qualcosa li riabilita (accessi di services.exe alla rete internet)

xcdegasp · 03-05-2010, 15:08

Quote:

Originariamente inviato da lollos

nessuno sa dirmi nulla ho sbagliato qualcosa? :S

scusami ma non è stata volontaria la dimenticanza

fixa:

Codice:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - H:\Programmi\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [AppleSyncNotifier] "H:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCMService] "H:\Programmi\CyberLink\PowerCinema\PCMService.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NoAds] "H:\Programmi\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [Eraser] H:\Programmi\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "H:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: logvarii.txt
O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} (McciUtilsSpecialFolder Class) - http://aiuto.alice.it/ata/static/installers/McciControlInstaller_6.6.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://aiuto.alice.it/ata/static/installers/McciControlInstaller_6.6.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

in sostanza hai tracce di un adaware che sfrutta il browser per uscire su internet, io fossi in te abbandonerei IE per preferire Firefox, disinstallerei sunbelt per preferire singoli prodotti che sono decisamente più efficaci quindi Avira Free e un firewall a scelta tra Comodo-Firewall o OnlineArmor-free, e poi segui la semplice procedura descritta in Guida alla Disinfezione per Infetti e pubblica tutti i log richiesti facendo attenzione alle Regole di Sezione, così potremmo aiutarti

ovviamente in un nuovo thread

bobby1112 · 03-05-2010, 15:26

possibile virus :

Quote:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.16.41, on 03/05/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Luca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Luca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MP3 Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Luca\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 5807 bytes

olaffio · 03-05-2010, 20:44

Ultimamente ho notato qualche rallentamento nel pc.
Non credo ci siano applicazioni strane che partono ma scanso equivoci...

Sono più che altro convinto che qualcosa si possa rimuovere, tipo i file di Adobe...ma non so quali siano davvero rimuovibili senza problemi

lokka19 · 03-05-2010, 21:20

Ciao a tutti, sono una nuova iscritta e volevo sapere se era tutto a posto, visto che Norton durante una scansione mi ha rimosso tre trojan...

Grazie a tutti in anticipo!

30-04-2010, 10:50	#12664
TFT Bannato Iscritto dal: Apr 2010 Messaggi: 80	notate qualcosa che non va? sorry ma non mi funziona l'allegato Log rimosso, leggere le modalità in prima pagina. Ultima modifica di Chill-Out : 30-04-2010 alle 11:14.

01-05-2010, 19:14	#12665
Kohai Senior Member Iscritto dal: Jan 2009 Città: Citta'... che parolona... paesino vicino Como Messaggi: 7608	Controllino su computer piccolino Salve ragazzi, una gentilezza: dopo il controllo effettuato per il desktop, potete dare un occhiata al log del mio computer piccolino? Grazie in anticipo http://wikisend.com/download/480810/hijackthis.log Buon fine settimana __________________ Pacific Rim - Mirada Studios - Guida ad Avast! - Configurazione di sicurezza - The Last Of Us

02-05-2010, 09:26	#12671
lollos Member Iscritto dal: Oct 2004 Messaggi: 230	ciao a tutti e' un po di tempo che ho un problema in pratica di tanto in tanto il services.exe si prende tutta la banda in upload (ho alice 7 mega) e non mi permette di fare assolutamente nulla me ne sono accorto tramite sunbelt (il fw) che mi mostra il grafico di banda in tempo reale, apre porte a caso si collega ad host a caso e riempie la banda fino a rendere impossibile la navigazione e manda in tilt il router (dopo un po attacca a riavviarsi a manetta da solo). accade anche che nelle opzioni di iexplorer (io uso quasi sempre firefox) venga impostato un "proxy" che punta a 127.0.0.1:5000 e che nelle connessioni di rete sia abilitata la condivisione di cartelle in rete. per riprendere possesso della connessione devo ogni volta aprire le impostazioni di sunbelt e NEGARE le connessioni in entrata/uscita di services.exe (tra l'altro file vitale di windows a quanto pare e non so se e bene che sia bloccato). cosa sta succedendo? malwarebyte aggiornato non rileva nulla uso avir come antivirus nessun virus rilevato combofix non trova nulla allego log di hijack http://wikisend.com/download/457348/hijackthis.log ps sebbene blocchi gli accessi su sunbelt e abbia ripristino di win sempre bloccato qualcosa li riabilita (accessi di services.exe alla rete internet) Ultima modifica di lollos : 02-05-2010 alle 09:45.

29-04-2010, 13:48	#12661
Samu78 Senior Member Iscritto dal: Sep 2005 Messaggi: 375	ok dopo lo rifaccio grazie

29-04-2010, 15:45	#12662
coolintel Member Iscritto dal: Apr 2010 Messaggi: 235	Ragazzi mi serve di nuovo il vostro aiuto per un altro log di un altro computer.... http://wikisend.com/download/445126/hijackthis.log

Strumenti
Mostra una versione stampabile Invia questa pagina per email