Toggle sidebar

Problema risolto Svchost.exe danneggiato

Rufy

Rufy

Utente Assiduo
Autore del topic
17 Luglio 2010
856
0
Miglior risposta
0
Scusate ieri mio fratello ha scaricato un programma facebook hack ed ovviamente era un trojan e mi ha inffettato svchost.exe me lo apre 4 volte e alla vio esce esecuzione svchost.exe

scansione con hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:22:08, on 20/12/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\windows\system32\taskmgr.exe
C:\Users\OPI\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Users\OPI\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\OPI\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\OPI\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\OPI\AppData\Local\Temp\Rar$EX22.216\Svchost Viewer.exe
C:\Users\OPI\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
Perfavore, Entra oppure Registrati per vedere i Link!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
Perfavore, Entra oppure Registrati per vedere i Link!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Perfavore, Entra oppure Registrati per vedere i Link!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
Perfavore, Entra oppure Registrati per vedere i Link!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Perfavore, Entra oppure Registrati per vedere i Link!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Perfavore, Entra oppure Registrati per vedere i Link!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Perfavore, Entra oppure Registrati per vedere i Link!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
O4 - HKLM\..\Run: [ASUS WebStorage] C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [HKLM] C:\Windows\System32\install\Svchost.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\OPI\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Dyyno Launcher] "C:\Program Files\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [HKCU] C:\Windows\System32\install\Svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\install\Svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\install\Svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: Dyyno Service (Dyyno Launcher) - Unknown owner - C:\Program Files\Dyyno\Dyyno Broadcaster\launcherd.exe
O23 - Service: HideMyIpSRV - Hide My IP - C:\Program Files\Hide My IP\HideMyIpSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 8047 bytes
Clicca per espandere...

@System32 @Mirko185.
 
Ultima modifica:
Riferimento: Svchost.exe danneggiato

Prova ad usare questo -->
Perfavore, Entra oppure Registrati per vedere i Link!


Comunqe vai nel percorso C:\Users\OPI\AppData\Local\Temp\Rar$EX22.216 ed elimina il file Svcho st Viewer.exe
 
Riferimento: Svchost.exe danneggiato

ho cercato C:\Users\OPI\AppData\Local\Temp\Rar$EX22.216 ma non mi trova niente su svchost process analyzer nelle icone mi escono quello dei 2 segnali screen:

e8o9li.png

2h52s21.png


@walter4991
 
Riferimento: Svchost.exe danneggiato

è da un ora che provo con combofix sono alla stage 48 diceva che ci metteva 10 min :S
 
Riferimento: Svchost.exe danneggiato

Come fai a sapere che è danneggiato ? Il processo è aperto più volte su tutti i computer che utilizzano Windows Vista o Seven come sistema operativo.
 
Riferimento: Svchost.exe danneggiato

System32 ha detto:
Come fai a sapere che è danneggiato ? Il processo è aperto più volte su tutti i computer che utilizzano Windows Vista o Seven come sistema operativo.
Clicca per espandere...

ho windows 7 e non vista cmq mi apre il programma quello di facebook e la derivante dice nel task svchost.exe ho fatto con combofix mi ha dato questo risultato:

ComboFix 11-12-20.04 - OPI 20/12/2011 17:06:36.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.1014.406 [GMT 1:00]
Eseguito da: c:\users\OPI\Downloads\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\OPI\AppData\Local\TempDIR
c:\users\OPI\AppData\Local\TempDIR\BetterInstaller.exe
c:\windows\system32\install
c:\windows\system32\install\Svchost.exe
c:\windows\system32\service
c:\windows\system32\service\18122011_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-20 al 2011-12-20 )))))))))))))))))))))))))))))))))))
.
.
2011-12-20 17:12 . 2011-12-20 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-20 14:40 . 2011-12-20 14:40 -------- d-----w- c:\programdata\IObit
2011-12-20 14:39 . 2011-12-20 14:39 -------- d-----w- c:\program files\IObit
2011-12-19 20:06 . 2011-12-19 20:08 -------- d-----w- C:\Minecraftcrack
2011-12-17 19:54 . 2011-12-17 19:54 -------- d-----w- c:\program files\Adobe Download Assistant
2011-12-17 17:45 . 2011-12-17 17:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-16 20:26 . 2011-12-20 15:30 -------- d-----w- c:\program files\RocketDock
2011-12-16 20:03 . 2010-10-16 04:49 315682 ----a-w- c:\windows\system32\slwc.exe
2011-12-16 19:55 . 2011-12-16 20:03 -------- d-----w- C:\SnowFiles
2011-12-16 19:55 . 2006-12-03 16:15 111104 ----a-w- c:\windows\system32\Uharc.exe
2011-12-16 19:55 . 2006-12-03 16:14 8636 ----a-w- c:\windows\system32\modifype.exe
2011-12-16 18:18 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\system32\themeui.dll.backup
2011-12-16 18:18 . 2009-07-14 01:16 37376 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-12-16 18:18 . 2009-07-14 01:16 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-12-16 18:17 . 2010-02-18 07:34 12867072 ----a-w- c:\windows\system32\shell32_backup_wti.dll
2011-12-16 18:17 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer_backup_wti.exe
2011-12-16 18:17 . 2009-07-14 01:16 859648 ----a-w- c:\windows\system32\OobeFldr_backup_wti.dll
2011-12-16 18:17 . 2009-07-14 01:15 1495040 ----a-w- c:\windows\system32\ExplorerFrame_backup_wti.dll
2011-12-16 18:17 . 2011-12-16 18:21 101072 ----a-w- c:\windows\UTP.exe
2011-12-16 18:17 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.backup.exe
2011-12-16 18:17 . 2011-12-16 18:17 -------- d-----w- c:\windows\W7SOC
2011-12-16 18:16 . 2011-12-16 18:16 307200 ----a-w- c:\windows\SetACL.exe
2011-12-16 18:02 . 2011-12-16 18:02 -------- d-----w- c:\windows\ehome
2011-12-16 18:02 . 2011-12-16 18:02 -------- d-----w- c:\windows\ShellNew
2011-12-16 18:01 . 2011-12-16 18:01 -------- d-----w- c:\program files\Windows Journal
2011-12-16 18:01 . 2011-12-16 18:01 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2011-12-16 18:01 . 2011-12-16 18:01 -------- d-----r- c:\users\Public\Recorded TV
2011-12-13 18:21 . 2011-12-13 18:21 -------- d-----w- c:\program files\Solent
2011-12-12 20:00 . 2011-12-12 20:00 -------- d-----w- c:\program files\FileZilla FTP Client
2011-12-11 12:28 . 2011-12-11 12:28 -------- d-----w- c:\programdata\WNR
2011-12-11 12:27 . 2011-12-11 12:27 -------- d-----w- c:\program files\Proxy Switcher Standard
2011-12-11 12:16 . 2011-12-11 12:17 -------- d-----w- c:\program files\Opera
2011-12-11 12:05 . 2011-06-04 00:56 330600 ----a-w- c:\windows\system32\HMIPCore.dll
2011-12-11 12:05 . 2011-12-11 12:05 -------- d-----w- c:\program files\Hide My IP
2011-12-10 19:00 . 2011-12-10 19:00 -------- d-----w- c:\program files\Dyyno
2011-12-10 11:28 . 1999-03-06 11:38 6144 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2011-12-09 18:40 . 2010-07-19 18:03 59472 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-12-09 18:40 . 2010-07-19 18:03 51792 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-12-09 18:40 . 2010-07-19 18:02 163408 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-12-09 18:36 . 2011-07-12 10:44 262416 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2011-12-09 18:36 . 2011-07-12 10:43 36624 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2011-12-09 18:36 . 2011-07-12 10:09 1405720 ----a-w- c:\windows\system32\drivers\vsapint.sys
2011-12-09 11:52 . 2011-12-09 11:52 -------- d-----w- c:\program files\AnyUtils
2011-12-09 02:26 . 2011-12-09 02:26 -------- d-----w- C:\Boot
2011-12-09 01:31 . 2010-06-24 16:55 -------- d-----w- c:\users\Default\AppData\Local\Adobe
2011-12-09 01:31 . 2010-06-24 16:31 -------- d-----w- c:\users\Default\AppData\Roaming\ASUS WebStorage
2011-12-09 01:31 . 2010-06-24 16:05 -------- d-----w- c:\users\Default\AppData\Local\Broadcom
2011-12-09 01:31 . 2010-06-24 16:00 -------- d-----w- c:\users\Default\AppData\Roaming\InstallShield
2011-12-08 18:54 . 2011-12-08 18:54 -------- d-----w- c:\program files\PaRaMeter
2011-12-08 16:57 . 2011-12-08 16:57 -------- d-----w- c:\windows\ConfigSetRoot
2011-12-08 16:56 . 2011-12-08 16:56 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-08 16:56 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-12-08 16:56 . 2011-12-08 16:56 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-12-08 16:55 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-12-08 16:54 . 2011-12-08 16:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-12-08 16:53 . 2011-12-08 16:53 -------- d-----w- c:\program files\Microsoft
2011-12-08 16:52 . 2011-12-08 16:52 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-12-08 16:52 . 2011-12-08 16:56 -------- d-----w- c:\program files\Windows Live
2011-12-08 16:52 . 2011-12-08 16:52 -------- d-----w- c:\windows\PCHEALTH
2011-12-08 16:50 . 2011-12-08 16:50 -------- d-----w- c:\program files\Common Files\Windows Live
2011-12-08 16:49 . 2011-12-08 16:49 -------- d-----w- c:\program files\Boingo
2011-12-08 16:49 . 2011-12-08 16:49 -------- d-----w- c:\programdata\GoBoingo
2011-12-08 16:48 . 2011-12-08 16:49 -------- d-----w- c:\program files\E-Cam
2011-12-08 16:48 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-12-08 16:48 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-12-08 16:48 . 2011-12-08 16:48 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-12-08 16:48 . 2011-12-08 16:48 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-12-08 16:48 . 2002-12-05 13:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-12-08 16:48 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-12-08 16:48 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-12-08 16:47 . 2011-12-08 16:47 -------- d-----w- c:\windows\system32\Atheros_L1e
2011-12-08 16:45 . 2011-12-08 16:45 -------- d-----w- c:\program files\Synaptics
2011-12-08 16:41 . 2011-12-08 16:41 -------- d-----w- c:\users\OPI
2011-12-08 16:39 . 2011-12-08 16:39 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 18:18 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2011-12-16 18:18 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2011-12-16 18:18 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2011-11-21 04:35 . 2011-12-17 17:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dyyno Launcher"="c:\program files\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-01-15 2151776]
"PSwitch"="c:\program files\Proxy Switcher Standard\ProxySwitcher.exe" [2011-11-20 5193784]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]
"HotkeyService"="AsusSender.exe" [2010-03-03 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]
"LiveUpdate"="AsusSender.exe" [2010-03-03 29184]
"CapsHook"="AsusSender.exe" [2010-03-03 29184]
"ASUS WebStorage"="c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1024368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-22 9177632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-13 1594664]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2011-12-08 2429]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-06-24 2018032]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-04-13 83240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-06-21 11520]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-05-04 146448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
S2 Dyyno Launcher;Dyyno Service;c:\program files\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-15 415072]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2011-07-12 36624]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-05-04 283152]
S3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2011-06-04 3249512]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2010-04-13 51712]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-19 51792]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2010-05-04 497008]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-05-04 689416]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-638018717-580664013-1244314082-1000Core.job
- c:\users\OPI\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-08 17:36]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-638018717-580664013-1244314082-1000UA.job
- c:\users\OPI\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-08 17:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.windowsxlive.net
LSP: c:\windows\system32\HMIPCore.dll
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\OPI\AppData\Roaming\Mozilla\Firefox\Profiles\gzxfju97.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@denied: (Full) (Everyone)
.
Ora fine scansione: 2011-12-20 18:22:28
ComboFix-quarantined-files.txt 2011-12-20 17:22
.
Pre-Run: 82.364.325.888 byte disponibili
Post-Run: 81.816.371.200 byte disponibili
.
- - End Of File - - 8D0EB004FCF96F8F6E2D06AC2D563120
Clicca per espandere...
--------------- AGGIUNTA AL POST ---------------
fatto con combofix e mi ha tolto il trojan grazie @~retrover~
 
Ultima modifica:
Devi accedere o registrarti per rispondere qui.
 
 
Top
Indietro