Ho un probabile virus.
Alla partenza del pc mi viene segnalato un problema su "
Generic host Process for win32 Services".
Ho cercato in google e dicono sia un probabile virus.
Mi son scaricato HijackThis e ho il log.
Vi chiederi di verificare se ci sono dei problemi.
Ho un Windows Xp Professional SP3
Grazie Moreno
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18.21.03, on 03/04/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
FIREFOX: 28.0 (it)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
C:\Programmi\IObit\Advanced SystemCare 7\ASCService.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
C:\Programmi\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Programmi\IObit\Advanced SystemCare 7\Monitor.exe
C:\Programmi\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
C:\Programmi\EaseUS\Todo Backup\bin\Agent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Programmi\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Programmi\AVAST Software\Avast\AvastUI.exe
C:\Programmi\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
F:\WINDOWS\RTHDCPL.EXE
F:\WINDOWS\system32\igfxtray.exe
F:\WINDOWS\system32\hkcmd.exe
F:\WINDOWS\system32\igfxpers.exe
F:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Documents and Settings\Moreno\Dati applicazioni\Spotify\Data\SpotifyWebHelper.exe
C:\Documents and Settings\Moreno\Dati applicazioni\Spotify\spotify.exe
C:\Programmi\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Programmi\Freemake\CaptureLib\CaptureLibService.exe
C:\Programmi\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Programmi\Glary Utilities 4\Integrator.exe
C:\Programmi\PDF Architect\HelperService.exe
C:\Programmi\PDF Architect\ConversionService.exe
F:\WINDOWS\System32\svchost.exe
C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
C:\Programmi\IObit\IObit Malware Fighter\IMF.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Moreno\Dati applicazioni\Spotify\Data\SpotifyHelper.exe
C:\Documents and Settings\Moreno\Dati applicazioni\Spotify\Data\SpotifyHelper.exe
C:\Documents and Settings\Moreno\Dati applicazioni\Spotify\Data\SpotifyHelper.exe
C:\Programmi\IObit\Advanced SystemCare 7\DelayLoad.exe
C:\Documents and Settings\Moreno\Dati applicazioni\Spotify\Data\SpotifyHelper.exe
F:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Moreno\Dati applicazioni\Spotify\Data\SpotifyHelper.exe
C:\Documents and Settings\Moreno\Dati applicazioni\Spotify\Data\SpotifyHelper.exe
C:\Programmi\Mozilla Firefox\firefox.exe
F:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
F:\WINDOWS\Explorer.EXE
F:\Documents and Settings\Moreno\Documenti\Download\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1QzutDtDyDtD0D0AyD0CtDyByByDtAtC0B0AtN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0Dzzzz0D0FzyzztGtAyByB0EtGyEzyyD0DtGtByCtDzytGyB0CyD0DyCtD0DyC0AyE0FtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtCtCyByE0FtDtCtGtByEzztAtGtB0E0D0AtGzztCtCtAtGtByBtDzy0BtDtB0FzzyBtCtC2Q&cr=773600616&ir=R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.mysearchdial.com/?f=1&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1QzutDtDyDtD0D0AyD0CtDyByByDtAtC0B0AtN0D0Tzu0SzztCtCtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0Dzzzz0D0FzyzztGtAyByB0EtGyEzyyD0DtGtByCtDzytGyB0CyD0DyCtD0DyC0AyE0FtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtCtCyByE0FtDtCtGtByEzztAtGtB0E0D0AtGzztCtCtAtGtByBtDzy0BtDtB0FzzyBtCtC2Q&cr=773600616&ir=R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Programmi\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: CrossriderApp0049074 - {11111111-1111-1111-1111-110411901174} - C:\Programmi\The weDownload Manager\The weDownload Manager-bho.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programmi\PDF Architect\PDFIEHelper.dll
O2 - BHO: Wondershare Player 1.6.0 - {43D9786F-A485-683B-9B5B-ACC97ABC17FC} - C:\DOCUME~1\ALLUSE~1\DATIAP~1\WONDER~2\Player\WSBROW~1.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programmi\PDF Architect\PDFIEPlugin.dll
O3 - Toolbar: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Programmi\IObit\IObit Uninstaller\UninstallExplorer32.dll
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Programmi\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Programmi\EaseUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Programmi\EaseUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Programmi\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Privatefirewall] C:\Programmi\Privacyware\Privatefirewall 7.0\PFGUI.exe
O4 - HKLM\..\Run: [DelaypluginInstall] C:\Documents and Settings\All Users\Dati applicazioni\Wondershare\Player\DelayPluginI.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Programmi\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] F:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] F:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Moreno\Dati applicazioni\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Documents and Settings\Moreno\Dati applicazioni\Spotify\spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Programmi\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: WSIEChrome - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Programmi\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Servizio EaseUS Agent (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Programmi\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Freemake Improver - Freemake - C:\Documents and Settings\All Users\Dati applicazioni\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Programmi\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Programmi\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Programmi\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Programmi\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Programmi\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Programmi\PDF Architect\ConversionService.exe
O23 - Service: Privacyware network service (PFNet) - Privacyware/PWI, Inc. - C:\Programmi\Privacyware\Privatefirewall 7.0\pfsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
--
End of file - 10026 bytes