Pioc1.exe

**merlinox** · 03-11-2006, 02:02

Ragazzi ho un file che si mette in
c:\windows\temp\pioc1.exe

Gli antivirus non me lo trovano,
ho appena pulito il pc (post) ma nulla di fatto.

Ogni tanto appare e mi butta giù la connessione ADSL tentando di creare un'altra connessione.
Lo rimuovo dai file in RUN dal registro, ma poi riparte.
Oltre tutto non riesco a killare il processo, nemmeno con i programmi della sysinternal

Allego hijack log

===

Logfile of HijackThis v1.99.1
Scan saved at 0.54.02, on 03/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Utility\AvgFree\avgamsvr.exe
C:\PROGRA~1\Utility\AvgFree\avgupsvc.exe
C:\PROGRA~1\Utility\AvgFree\avgemc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Utility\AvgFree\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\driver\MediaKey\MediaKey.EXE
C:\driver\A4Tech\Mouse\Amoumain.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet\DynDNS\DynDNS.exe
C:\Programmi\Internet\Free Download Manager\fdm.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Internet\eMule\emule.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\UltraVNC\WinVNC.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\Macromedia\Dreamweaver 8\Dreamweaver.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 5008\GoogleToolbarNotifier.exe
C:\Programmi\Macromedia\Fireworks 8\Fireworks.exe
C:\Programmi\Utility\ProcessExplorerNt\procexp.exe
C:\Programmi\Utility\ProcessExplorerNt\procexp.exe
C:\Programmi\Utility\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 207.44.196.219 auto.search.msn.com #NETVISION
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Internet\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Utility\AvgFree\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MediaKey] C:\driver\MediaKey\MediaKey.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\driver\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [pioc1.exe] C:\WINDOWS\Temp\pioc1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Programmi\Internet\DynDNS\DynDNS.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Internet\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\Internet\eMule\emule.exe -AutoStart
O4 - Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programmi\Internet\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programmi\Internet\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programmi\Internet\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A425B20-80B0-41C2-BD69-A100BC020DC5}: NameServer = 212.247.156.66 212.247.156.70
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Utility\AvgFree\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Utility\AvgFree\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Utility\AvgFree\avgemc.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NetGwy - Unknown owner - C:\Programmi\File comuni\System\OZj.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\UltraVNC\WinVNC.exe" -service (file missing)

Discussione: Pioc1.exe

Strumenti discussione

Ricerca discussione

Visualizza

Hybrid View

Pioc1.exe

Permessi di invio