problema utilizzo cpu

[steaphan]

Ciao a tutti sono nuovo sul forum.
Dopo diversi giorni di tentativi inutili tra pagine web e forum vari ho deciso di iscrivermi per vedere se qualcuno riesce a darmi una mano a risolvere il mio problema.

Da diversi giorni registro un anomalo utilizzo della cpu e dal task manager ho isolato un'paio di processi che fanno schizzare i valori a 100% ogni 5/10 minuti.
I processi sono:
services.exe
csrss.exe

posto il log di HijackThis se qualcuno può dargli un'occhiata.

grazie mille

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.47.00, on 28/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\tsnpstd3.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\CyberLink\PCM4Everio\EverioService.ex e
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService. exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.5126 .1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.e xe" -launchedbylogin
O4 - HKLM\..\Run: [YSearchProtection] "C:\Programmi\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Programmi\CyberLink\PCM4Everio\EverioService.e xe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC EE.EXE /FU "C:\DOCUME~1\-\IMPOST~1\Temp\E_S8A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleT oolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1253375577000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1180109825622
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C49F7677-AAAC-445A-9BC1-22BD5BDCADF1}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Programmi\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService. exe

--
End of file - 10116 bytes

[menatwork]

ciao steaphan

il log sembra a posto

il processo csrss.exe e' legittimo Microsoft come anche services.exe

quest'ultimo viene anche utilizzato da alcuni virus. Quello legittimo lo trovi in C:\Windows\System32\services.exe


per allegerirti il compito, scaricati Everything search engine inserisci services.exe nello spazio bianco e controlla se ne hai piu' di uno

fai anche una scansione cautelativa

disattiva il tuo antivirus

scarica combofix sul desktop (non installare la recovery console)

esegui ComboFix.exe

- segui le instruzioni

- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt

come usare combofix

[steaphan]

Ciao Manatwork e grazie per l'aiuto

allora ho scaricato everything search engine e controllato services. exe e anche csrss.exe, questi i risultati:

C:\WINDOWS\$NtServicePackUninstall$\services.exe
C:\WINDOWS\ServicePackFiles\i386\services.exe
C:\WINDOWS\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\services.exe
C:\WINDOWS\SoftwareDistribution\Download\5aa525e90 b2bd0646a33215135e6b43b\SP2GDR\services.exe
C:\WINDOWS\SoftwareDistribution\Download\5aa525e90 b2bd0646a33215135e6b43b\SP2QFE\services.exe
C:\WINDOWS\SoftwareDistribution\Download\5aa525e90 b2bd0646a33215135e6b43b\SP3GDR\services.exe
C:\WINDOWS\SoftwareDistribution\Download\5aa525e90 b2bd0646a33215135e6b43b\SP3QFE\services.exe
C:\WINDOWS\system32\services.exe


C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
C:\WINDOWS\ServicePackFiles\i386\csrss.exe
C:\WINDOWS\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\csrss.exe
C:\WINDOWS\system32\csrss.exe


segue----perchè troppo lungo

[steaphan]

prosegue da precedente


Fatta poi scansione con il mio antivirus (AVG) che non ha trovato nulla.
Disattivato antivirus e scaricato combofix, lanciata scansione e questo il risultato:

ComboFix 10-08-27.03 - - 29/08/2010 0.56.27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2046.1070 [GMT 2:00]
Eseguito da: c:\documents and settings\-\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\windows\command
c:\windows\command\wizard.lnk
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\Temp
c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32


((((((((((((((((((((((((( Files Creati Da 2010-07-28 al 2010-08-28 )))))))))))))))))))))))))))))))))))
.

2010-08-28 22:38 . 2010-08-28 22:43 -------- d-----w- c:\programmi\Everything
2010-08-28 13:02 . 2010-08-28 13:02 -------- d-----w- c:\documents and settings\-\DoctorWeb
2010-08-28 12:51 . 2010-08-28 12:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\F-Secure
2010-08-28 12:30 . 2010-08-28 12:48 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-08-28 11:20 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-08-27 14:12 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-27 14:12 . 2010-08-27 14:12 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-08-27 14:12 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 08:19 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-08-27 08:19 . 2010-08-27 08:19 -------- d-----w- c:\programmi\PDFCreator
2010-08-27 08:19 . 1998-08-05 06:45 122128 ----a-w- c:\windows\system32\VB6IT.DLL
2010-08-27 08:19 . 1998-08-05 06:45 150528 ----a-w- c:\windows\system32\MSCMCIT.DLL
2010-08-27 08:19 . 1998-08-05 06:45 63488 ----a-w- c:\windows\system32\MSCC2IT.DLL
2010-08-27 08:19 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-08-24 17:39 . 2010-08-28 11:22 -------- d-----w- c:\programmi\Panda Security
2010-08-23 19:40 . 2010-08-23 20:28 388096 ----a-r- c:\documents and settings\-\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-23 19:40 . 2010-08-23 19:40 -------- d-----w- c:\programmi\Trend Micro
2010-08-20 15:12 . 2010-08-20 15:12 30946 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-08-20 15:12 . 2010-08-20 15:12 28672 ----a-w- c:\windows\system32\Partizan.exe
2010-08-20 15:10 . 2010-08-20 15:10 2 --shatr- c:\windows\winstart.bat
2010-08-20 13:46 . 2010-08-20 13:46 -------- d-----w- c:\programmi\CCleaner
2010-08-20 08:36 . 2010-08-20 08:36 -------- d-----w- c:\programmi\iPod
2010-08-20 08:36 . 2010-08-20 08:37 -------- d-----w- c:\programmi\iTunes
2010-08-05 14:31 . 2010-08-05 14:31 -------- d-----w- c:\documents and settings\-\Impostazioni locali\Dati applicazioni\Apple
2010-08-05 14:31 . 2010-08-05 14:31 -------- d-----w- c:\programmi\Apple Software Update
2010-08-05 14:31 . 2010-08-05 14:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Apple
2010-08-02 10:20 . 2007-10-23 07:27 110592 ----a-w- c:\documents and settings\-\Dati applicazioni\U3\temp\cleanup.exe
2010-08-02 10:17 . 2008-05-02 08:41 3493888 ---ha-w- c:\documents and settings\-\Dati applicazioni\U3\temp\Launchpad Removal.exe
2010-08-02 10:17 . 2010-08-17 08:13 -------- d-----w- c:\documents and settings\-\Dati applicazioni\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-08-23 18:03 . 2009-11-16 14:07 -------- d-----w- c:\documents and settings\-\Dati applicazioni\Skype
2010-08-23 15:39 . 2009-11-16 14:10 -------- d-----w- c:\documents and settings\-\Dati applicazioni\skypePM
2010-08-20 15:03 . 2009-04-27 10:45 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-08-20 13:30 . 2007-04-05 12:14 -------- d-----w- c:\programmi\Google
2010-08-20 13:28 . 2010-07-25 17:35 -------- d-----w- c:\programmi\eMule
2010-08-20 09:10 . 2007-03-29 08:16 -------- d-----w- c:\documents and settings\-\Dati applicazioni\Apple Computer
2010-08-20 08:37 . 2010-08-20 08:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-20 08:36 . 2010-08-05 14:32 -------- d-----w- c:\programmi\File comuni\Apple
2010-08-20 08:34 . 2010-08-20 08:34 -------- d-----w- c:\programmi\QuickTime
2010-08-20 08:32 . 2010-08-20 08:32 73000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-12 14:29 . 2007-04-17 15:55 -------- d-----w- c:\documents and settings\-\Dati applicazioni\Cycling '74
2010-08-07 07:03 . 2010-08-07 07:03 61440 ----a-w- c:\documents and settings\-\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 2\4488892a-64de5df2-n\decora-sse.dll
2010-08-07 07:03 . 2010-08-07 07:03 503808 ----a-w- c:\documents and settings\-\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 \7ec4bf04-6e041f18-n\msvcp71.dll
2010-08-07 07:03 . 2010-08-07 07:03 499712 ----a-w- c:\documents and settings\-\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 \7ec4bf04-6e041f18-n\jmc.dll
2010-08-07 07:03 . 2010-08-07 07:03 348160 ----a-w- c:\documents and settings\-\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 \7ec4bf04-6e041f18-n\msvcr71.dll
2010-08-07 07:03 . 2010-08-07 07:03 12800 ----a-w- c:\documents and settings\-\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 2\4488892a-64de5df2-n\decora-d3d.dll
2010-08-05 14:46 . 2010-08-05 14:46 117652 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-05 14:33 . 2010-08-05 14:33 -------- d-----w- c:\programmi\Safari
2010-08-05 14:33 . 2007-07-07 11:30 -------- d-----w- c:\programmi\Bonjour
2010-08-04 22:13 . 2010-07-27 15:54 -------- d-----w- c:\programmi\Aptana
2010-08-04 22:11 . 2010-07-29 14:44 -------- d-----w- c:\programmi\PSPad editor
2010-08-03 14:45 . 2009-08-03 07:01 -------- d-----w- c:\programmi\Yahoo!
2010-07-29 17:02 . 2010-07-29 14:44 -------- d-----w- c:\documents and settings\-\Dati applicazioni\PSpad
2010-07-27 16:00 . 2010-07-27 16:00 0 ----a-w- c:\windows\nsreg.dat
2010-07-27 15:40 . 2010-07-27 15:40 -------- d-----w- c:\documents and settings\-\Dati applicazioni\Bradsoft.com
2010-07-27 15:15 . 2010-07-27 15:12 -------- d-----w- c:\programmi\Notepad++
2010-07-27 15:15 . 2010-07-27 15:12 -------- d-----w- c:\documents and settings\-\Dati applicazioni\Notepad++
2010-07-26 17:49 . 2009-11-15 20:09 -------- d-----w- c:\programmi\Steam
2010-07-23 04:13 . 2010-07-23 04:13 72488 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-17 07:25 . 2009-09-18 10:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-17 07:25 . 2010-07-17 07:25 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-17 07:24 . 2009-09-18 10:44 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-10 10:54 . 2010-07-10 10:54 -------- d-----w- c:\programmi\Conduit
2010-07-10 10:54 . 2010-07-10 10:54 -------- d-----w- c:\programmi\Babylon
2010-07-01 17:34 . 2008-12-09 11:52 -------- d-----w- c:\programmi\SpeedFan
2010-06-23 03:39 . 2010-06-23 03:39 501936 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\Google\Google Toolbar\Update\gtb8.tmp.exe
2010-06-04 19:31 . 2009-09-18 10:44 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

--segue

[steaphan]

--prosegue da precedente


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\G oogleToolbarNotifier.exe" [2010-08-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HydraVisionDesktopManager"="c:\programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.e xe" [2008-08-14 611712]
"YSearchProtection"="c:\programmi\Yahoo!\Searc h Protection\SearchProtection.exe" [2009-02-03 111856]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-02-20 326656]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"EverioService"="c:\programmi\CyberLink\PCM4Everio \EverioService.exe" [2007-06-06 151552]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-03-18 421888]
"Everything"="c:\programmi\Everything\Everything.e xe" [2009-03-13 602624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE [2009-12-12 136192]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-19 13:39 1667584 ------w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\CyberLink\\PowerDirector Express\\PDX.exe"=
"c:\\Programmi\\CyberLink\\PCM4Everio\\PCM4Everio. exe"=
"c:\\Programmi\\CyberLink\\PCM4Everio\\EverioServi ce.exe"=
"c:\\Programmi\\Steam\\steam.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManage r.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Steam\\SteamApps\\common\\napo leon total war\\Napoleon.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/09/2009 12.44.24 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/09/2009 12.44.29 243024]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [17/07/2010 9.25.37 308136]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate. exe [31/01/2010 13.51.03 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programmi\AVG\AVG9\Toolbar\ToolbarBroke r.exe [15/04/2010 11.21.49 430152]
S3 esihdrv;esihdrv;\??\c:\docume~1\-\IMPOST~1\Temp\esihdrv.sys --> c:\docume~1\-\IMPOST~1\Temp\esihdrv.sys [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [03/12/2007 15.16.33 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [03/12/2007 15.53.55 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [03/12/2007 15.53.55 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [26/10/2009 14.14.47 88560]
S3 Partizan;Partizan;c:\windows\system32\drivers\Part izan.sys [20/08/2010 17.12.03 30946]
S3 Ssgnuio3dw;Ssgnuio3dw;c:\windows\system32\drivers\ s3gnbm.sys [27/03/2007 10.56.11 166912]
S4 Ralld0ntces6;Ralld0ntces6; [x]
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-31 11:50]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-31 11:50]
.
.

------- Scansione supplementare -------
.
uStart Page = hxxp://www.yahoo.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
TCP: {C49F7677-AAAC-445A-9BC1-22BD5BDCADF1} = 208.67.222.222,208.67.220.220
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\-\Dati applicazioni\Mozilla\Firefox\Profiles\5f73lsm8.def ault\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.it/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneC lick8.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll


---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-AdobeBridge - (no file)



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 01:05
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.

----segue

[steaphan]

----prosegue da precedente


--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.application\b ootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C 7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:fe,a4,f0,db,3c,c0,20,50,aa,7a,f9,62, 91,d2,83,d8,2c,0d,20,53,05,
84,d2,ed,3e,00,99,86,9b,55,d7,03,c3,bb,e1,68,8d,33 ,ed,05,17,6e,e9,61,70,b9,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:fe,a4,f0,db,3c,c0,20,50,aa,7a,f9,62, 91,d2,83,d8,2c,0d,20,53,05,
84,d2,ed,3e,00,99,86,9b,55,d7,03,c3,bb,e1,68,8d,33 ,ed,05,17,6e,e9,61,70,b9,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3148)
c:\programmi\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll
c:\windows\system32\msi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\programmi\Yahoo!\SoftwareUpdate\YahooAUService. exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
************************************************** ************************
.
Ora fine scansione: 2010-08-29 01:10:41 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-08-28 23:10

Pre-Run: 24.326.438.912 byte disponibili
Post-Run: 24.559.730.688 byte disponibili

- - End Of File - - FBD876973449BA991086C1FCAEC3D3C3



Unica cosa strana dopo che combofix ha finito scansione e riavviato pc mi è apparsa una nuova icona di Internet explorer sul desktop.
Che significa? :master:

al momento il problema persiste!


grazie ancora dell' aiuto
aspetto risposta

ciao

[steaphan]

Ciao Manatwork

aggiungo una cosa ai post di ieri.
Stamattina everything mi segnale moliti più processi services.exe rispetto ad ieri mentre csrss.exe rimango gli stessi.

posto qui il log

C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
C:\WINDOWS\$NtServicePackUninstall$\services.exe
C:\WINDOWS\$NtUninstallKB956572$\services.exe
C:\WINDOWS\ERDNT\cache\services.exe
C:\WINDOWS\ServicePackFiles\i386\services.exe
C:\WINDOWS\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\services.exe
C:\WINDOWS\SoftwareDistribution\Download\5aa525e90 b2bd0646a33215135e6b43b\SP2GDR\services.exe
C:\WINDOWS\SoftwareDistribution\Download\5aa525e90 b2bd0646a33215135e6b43b\SP2QFE\services.exe
C:\WINDOWS\SoftwareDistribution\Download\5aa525e90 b2bd0646a33215135e6b43b\SP3GDR\services.exe
C:\WINDOWS\SoftwareDistribution\Download\5aa525e90 b2bd0646a33215135e6b43b\SP3QFE\services.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\dllcache\services.exe

[menatwork]

come tu stesso hai potuto notare il processo e' legittimo

ora controllami le proprieta' di questo file>>> tasto destro >>>proprieta' e dimmi a quale societa' appartiene

c:\docume~1\-\IMPOST~1\Temp\esihdrv.sys

dopo averlo fatto, analizzalo su virus total

[menatwork]

alcuni fanno parte dell'aggiornamento di windows XP

[steaphan]

Ciao

ho provato in tutti i modi ma nel percorso che mi indichi quel file non lo trovo.

Ho provato a far mostrare file e cartelle nascoste me niente.

Puoi indicarmi come fare a visualizzarlo??