Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Controllo Log per rilevamento infezioni x r16,pidue e a.Roselli Opzioni
salizzi69
Inviato: Monday, July 12, 2010 8:10:11 AM
Rank: Member

Iscritto dal : 4/6/2006
Posts: 20
Il mio avg mi rileva sei infezioni(troyan) che non riesce ad eliminare. Posto il log per una verifica. Grazie

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8.07.28, on 12/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ASUS\TurboV\TurboV.exe
C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe
C:\Programmi\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Programmi\ASUS\EPU-6 Engine\SixEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [TurboV] C:\Programmi\ASUS\TurboV\TurboV.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Programmi\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Programmi\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [Six Engine] "C:\Programmi\ASUS\EPU-6 Engine\SixEngine.exe" -b
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\WINDOWS\TEMP\E_SC6.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8361 bytes
Sponsor
Inviato: Monday, July 12, 2010 8:10:11 AM

 
paolopa
Inviato: Monday, July 12, 2010 11:52:32 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
in attesa che arrivi una delle persone da te citate ti consiglio questa scansione,li aiutera' quando entreranno:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
se trova infezioni posta il log che ti rilascera'.
sarebbe utile conoscere anche il nome ed il percorso delle infezioni che il tuo antivirus ti trova,tra l altro c è una voce nel log che dice che gli manca qualcosa...
pidue
Inviato: Monday, July 12, 2010 11:54:56 AM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Fatta la scansione in mod provvisoria e dopo aver disattivato il Ripristino configurazione di sistema?

In ogni caso scarica Malwarebytes Anti-Malware, installalo, aggiornalo e fai una scansione completa. Alla fine pubblica il file di log prodotto. E' in formato testo.
Ciao.

Edit:
Ecco paolopa che mi ha preceduto.



paolopa
Inviato: Monday, July 12, 2010 12:06:25 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ciao pidue,volevo fare trovare qualche informazione aggiuntiva quando entravate...comunque vedo che non ci discostiamo dalla linea di azione,mi fa certamente piacere.
pidue
Inviato: Monday, July 12, 2010 12:12:44 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
paolopa ha scritto:
ciao pidue,volevo fare trovare qualche informazione aggiuntiva quando entravate...comunque vedo che non ci discostiamo dalla linea di azione,mi fa certamente piacere.


Quattro occhi vedono meglio di due.
Ciao, paolopa. :-)



salizzi69
Inviato: Monday, July 12, 2010 1:37:56 PM
Rank: Member

Iscritto dal : 4/6/2006
Posts: 20
Ecco il log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4304

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/07/2010 13.35.54
mbam-log-2010-07-12 (13-35-54).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 156355
Tempo trascorso: 15 minuti, 57 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 3

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> No action taken.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\update.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Salvatore\Dati applicazioni\Microsoft\a1.7z (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Salvatore\Dati applicazioni\Microsoft\n (Malware.Traces) -> No action taken.
paolopa
Inviato: Monday, July 12, 2010 1:46:54 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
elimina cio' che ti ha trovato malwarebytes,poi fai questa scansione,se vuoi naturalmente :-) ,se preferisci aspettare i nostri amici fallo tranquillamente.
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e
chiudi TUTTI i programmi aperti,(Firewall compreso) e


Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix)
tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse)
e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
salizzi69
Inviato: Monday, July 12, 2010 2:49:32 PM
Rank: Member

Iscritto dal : 4/6/2006
Posts: 20
Eccomi amici: come mi hai consigliato Paolopa; ho eliminato ciò che ha trovato malwarebytes e scaricato combofix come da te richiesto. Ho eseguito tutto alla lettera: ecco il report


ComboFix 10-07-11.03 - Salvatore 12/07/2010 14.22.58.2.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3062.2620 [GMT 2:00]
Eseguito da: c:\documents and settings\Salvatore\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-06-12 al 2010-07-12 )))))))))))))))))))))))))))))))))))
.

2010-07-12 06:06 . 2010-07-12 06:06 388096 ----a-r- c:\documents and settings\Salvatore\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-12 06:06 . 2010-07-12 06:06 -------- d-----w- c:\programmi\Trend Micro
2010-07-12 05:36 . 2010-07-12 05:36 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\Malwarebytes
2010-07-12 05:35 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-12 05:35 . 2010-07-12 05:36 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-12 05:35 . 2010-07-12 05:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-07-12 05:35 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 16:14 . 2010-07-11 16:14 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2010-07-11 09:18 . 2010-07-11 15:32 -------- d-----w- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Cyberlink
2010-07-11 09:08 . 2010-07-11 09:24 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-07-11 08:51 . 2010-07-11 15:32 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\CyberLink
2010-07-11 08:51 . 2010-07-11 16:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2010-07-11 08:49 . 2010-07-11 16:21 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
2010-07-11 08:49 . 2010-07-11 16:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Temp
2010-07-11 07:57 . 2010-07-11 07:57 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\dvdcss
2010-07-10 17:31 . 2010-07-10 17:31 -------- d-----w- c:\programmi\PowerQuest
2010-06-27 07:43 . 2010-06-27 07:43 -------- d-----w- c:\programmi\File comuni\SWF Studio
2010-06-27 07:43 . 2010-06-27 07:43 -------- d-----w- c:\programmi\Riva
2010-06-12 14:32 . 2010-06-12 14:32 -------- d-----w- c:\documents and settings\Salvatore\LocalLow
2010-06-12 14:32 . 2010-06-12 14:32 -------- d-----w- c:\programmi\TVUPlayer
2010-06-12 14:26 . 2010-06-12 14:26 -------- d-----w- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\TVU Networks
2010-06-12 14:26 . 2010-06-12 14:26 -------- d-----w- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\LocalLow
2010-06-12 14:26 . 2010-06-12 14:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2010-06-12 14:26 . 2010-06-12 14:26 -------- d-----w- c:\windows\system32\TVUAx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 12:26 . 2010-02-27 13:54 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-12 12:26 . 2010-02-27 13:53 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-12 11:21 . 2001-08-31 12:00 80490 ----a-w- c:\windows\system32\perfc010.dat
2010-07-12 11:21 . 2001-08-31 12:00 482036 ----a-w- c:\windows\system32\perfh010.dat
2010-07-12 05:27 . 2010-03-02 09:22 -------- d-----w- c:\programmi\uTorrent
2010-07-11 16:22 . 2010-02-24 20:18 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-07-11 16:14 . 2010-01-12 05:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-11 16:14 . 2010-01-12 05:48 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-11 15:23 . 2010-03-02 09:20 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\uTorrent
2010-07-11 07:58 . 2010-02-27 17:21 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\vlc
2010-06-26 16:50 . 2010-02-27 14:14 -------- d-----w- c:\programmi\CCleaner
2010-06-21 23:27 . 2010-02-27 14:10 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\Skype
2010-06-21 23:26 . 2010-02-27 14:11 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\skypePM
2010-06-10 21:57 . 2010-02-27 14:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-06-04 14:01 . 2010-03-06 17:00 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-26 04:43 . 2010-05-26 04:43 503808 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20e04cf5-n\msvcp71.dll
2010-05-26 04:43 . 2010-05-26 04:43 499712 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20e04cf5-n\jmc.dll
2010-05-26 04:43 . 2010-05-26 04:43 348160 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20e04cf5-n\msvcr71.dll
2010-05-26 04:43 . 2010-05-26 04:43 61440 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66d94a9f-n\decora-sse.dll
2010-05-26 04:43 . 2010-05-26 04:43 12800 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66d94a9f-n\decora-d3d.dll
2010-05-06 10:32 . 2008-04-13 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2008-04-13 16:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-25 10:04 . 2010-04-24 13:37 47360 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\pcouffin.sys
2010-04-25 10:04 . 2010-04-24 13:37 47360 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\pcouffin.sys
2010-04-24 17:56 . 2010-04-24 13:37 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-04-20 05:30 . 2008-04-13 17:11 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 21:48 . 2010-04-16 21:48 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-12_12.10.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-12 12:26 . 2010-07-12 12:26 16384 c:\windows\Temp\Perflib_Perfdata_578.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Google Update"="c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-04-10 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-03 17567744]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-03-09 36864]
"TurboV"="c:\programmi\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"Ai Nap"="c:\programmi\ASUS\AI Suite\AiNap\AiNap.exe" [2009-05-25 1431040]
"QFan Help"="c:\programmi\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-04-30 598528]
"Cpu Level Up help"="c:\programmi\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Six Engine"="c:\programmi\ASUS\EPU-6 Engine\SixEngine.exe" [2009-05-25 6017024]
"nwiz"="c:\programmi\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R2 AsSysCtrlService;ASUS System Control Service;c:\programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [24/02/2010 22.34.46 90112]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [18/02/2009 16.31.56 294912]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24/02/2010 22.19.18 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-839522115-1801674531-1003Core.job
- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-10 05:33]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-839522115-1801674531-1003UA.job
- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-10 05:33]

2010-07-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 14:27
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(5516)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2010-07-12 14:28:56 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-07-12 12:28

Pre-Run: 197.592.059.904 byte disponibili
Post-Run: 197.594.615.808 byte disponibili

- - End Of File - - F2D6A6C1EE78C7B963459BA3E5A7D3BB
paolopa
Inviato: Monday, July 12, 2010 3:12:54 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
ascolta: combo ti ha eliminato un altra infezione,ma forse c è da fare uno script,e io non sono in grado.in attesa fai queste operazioni:
Scarica TFC by OldTimer sul desktop
http://oldtimer.geekstogo.com/TFC.exe
chiudi tutti i programmi
avvia TFC, clicca su "start"
al termine della scansione ti chiederà il riavvio, dai ok.
poi:
Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta
a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie),
registro compreso.
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows,
aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci
conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su
Remove selected

combofix e il ripristino configurazione di sistema momentaneamente li lasciamo stare come sono,ci penseremo dopo.il pc come sta andando?quando hai fatto tutto posti un log di hijack?
salizzi69
Inviato: Monday, July 12, 2010 4:19:10 PM
Rank: Member

Iscritto dal : 4/6/2006
Posts: 20
eccomi Paolopa...fatto tutto ti posto il log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.17.27, on 12/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ASUS\TurboV\TurboV.exe
C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe
C:\Programmi\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Programmi\ASUS\EPU-6 Engine\SixEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\AVG\AVG9\avgtray.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [TurboV] C:\Programmi\ASUS\TurboV\TurboV.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Programmi\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Programmi\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [Six Engine] "C:\Programmi\ASUS\EPU-6 Engine\SixEngine.exe" -b
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7540 bytes
paolopa
Inviato: Monday, July 12, 2010 4:42:48 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
il log non presenta infezioni,mi lascia un poco perplesso questa voce:
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
ma se l antivirus funziona bene direi che non è rilevante,in rete ho visto che sovente la fanno fixare senza preoccuparsi di altro,qui dice che non è importante:
http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=83815
aspetta magari di sentire che ne pensa r16,tanto devi aspettare che ti analizzi il log e ti prepari uno script se necessario.
salizzi69
Inviato: Monday, July 12, 2010 4:48:37 PM
Rank: Member

Iscritto dal : 4/6/2006
Posts: 20
Ok allora aspetto r16 o pidue per consigli. Grazie cmq Paolopa
r16
Inviato: Monday, July 12, 2010 4:59:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
File::
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad

KillAll::
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia da solo, riavvialo tu.
Posta il log aggiornato di combofix
salizzi69
Inviato: Monday, July 12, 2010 5:23:32 PM
Rank: Member

Iscritto dal : 4/6/2006
Posts: 20
Ecco il report r16:


ComboFix 10-07-11.03 - Salvatore 12/07/2010 17.15.41.3.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3062.2636 [GMT 2:00]
Eseguito da: c:\documents and settings\Salvatore\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Salvatore\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\drivers\logiflt.iad"
"c:\windows\system32\drivers\lvuvc.hs"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Creati Da 2010-06-12 al 2010-07-12 )))))))))))))))))))))))))))))))))))
.

2010-07-12 13:55 . 2010-07-12 13:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2010-07-12 06:06 . 2010-07-12 06:06 388096 ----a-r- c:\documents and settings\Salvatore\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-12 06:06 . 2010-07-12 06:06 -------- d-----w- c:\programmi\Trend Micro
2010-07-12 05:36 . 2010-07-12 05:36 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\Malwarebytes
2010-07-12 05:35 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-12 05:35 . 2010-07-12 05:36 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-12 05:35 . 2010-07-12 05:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-07-12 05:35 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 16:14 . 2010-07-11 16:14 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2010-07-11 09:18 . 2010-07-11 15:32 -------- d-----w- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Cyberlink
2010-07-11 09:08 . 2010-07-11 09:24 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-07-11 08:51 . 2010-07-11 15:32 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\CyberLink
2010-07-11 08:51 . 2010-07-11 16:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2010-07-11 08:49 . 2010-07-11 16:21 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
2010-07-11 08:49 . 2010-07-11 16:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Temp
2010-07-11 07:57 . 2010-07-11 07:57 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\dvdcss
2010-07-10 17:31 . 2010-07-10 17:31 -------- d-----w- c:\programmi\PowerQuest
2010-06-27 07:43 . 2010-06-27 07:43 -------- d-----w- c:\programmi\File comuni\SWF Studio
2010-06-27 07:43 . 2010-06-27 07:43 -------- d-----w- c:\programmi\Riva

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 15:17 . 2001-08-31 12:00 80490 ----a-w- c:\windows\system32\perfc010.dat
2010-07-12 15:17 . 2001-08-31 12:00 482036 ----a-w- c:\windows\system32\perfh010.dat
2010-07-12 05:27 . 2010-03-02 09:22 -------- d-----w- c:\programmi\uTorrent
2010-07-11 16:22 . 2010-02-24 20:18 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-07-11 16:14 . 2010-01-12 05:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-11 16:14 . 2010-01-12 05:48 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-11 15:23 . 2010-03-02 09:20 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\uTorrent
2010-07-11 07:58 . 2010-02-27 17:21 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\vlc
2010-06-26 16:50 . 2010-02-27 14:14 -------- d-----w- c:\programmi\CCleaner
2010-06-21 23:27 . 2010-02-27 14:10 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\Skype
2010-06-21 23:26 . 2010-02-27 14:11 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\skypePM
2010-06-12 14:32 . 2010-06-12 14:32 -------- d-----w- c:\programmi\TVUPlayer
2010-06-12 14:26 . 2010-06-12 14:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2010-06-10 21:57 . 2010-02-27 14:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-06-04 14:01 . 2010-03-06 17:00 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-26 04:43 . 2010-05-26 04:43 503808 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20e04cf5-n\msvcp71.dll
2010-05-26 04:43 . 2010-05-26 04:43 499712 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20e04cf5-n\jmc.dll
2010-05-26 04:43 . 2010-05-26 04:43 348160 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20e04cf5-n\msvcr71.dll
2010-05-26 04:43 . 2010-05-26 04:43 61440 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66d94a9f-n\decora-sse.dll
2010-05-26 04:43 . 2010-05-26 04:43 12800 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66d94a9f-n\decora-d3d.dll
2010-05-06 10:32 . 2008-04-13 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2008-04-13 16:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-25 10:04 . 2010-04-24 13:37 47360 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\pcouffin.sys
2010-04-25 10:04 . 2010-04-24 13:37 47360 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\pcouffin.sys
2010-04-24 17:56 . 2010-04-24 13:37 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-04-20 05:30 . 2008-04-13 17:11 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 21:48 . 2010-04-16 21:48 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-12_12.10.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-12 15:19 . 2010-07-12 15:19 16384 c:\windows\temp\Perflib_Perfdata_568.dat
+ 2001-08-31 12:00 . 2010-07-12 15:17 68292 c:\windows\system32\perfc009.dat
- 2001-08-31 12:00 . 2010-07-12 11:21 68292 c:\windows\system32\perfc009.dat
+ 2010-07-12 15:19 . 2009-10-07 00:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2010-07-12 12:09 . 2010-07-12 12:10 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2001-08-31 12:00 . 2010-07-12 15:17 435396 c:\windows\system32\perfh009.dat
- 2001-08-31 12:00 . 2010-07-12 11:21 435396 c:\windows\system32\perfh009.dat
+ 2009-03-10 21:18 . 2009-06-25 11:20 1485176 c:\windows\system32\LegitCheckControl.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Google Update"="c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-04-10 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-03 17567744]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-03-09 36864]
"TurboV"="c:\programmi\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"Ai Nap"="c:\programmi\ASUS\AI Suite\AiNap\AiNap.exe" [2009-05-25 1431040]
"QFan Help"="c:\programmi\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-04-30 598528]
"Cpu Level Up help"="c:\programmi\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Six Engine"="c:\programmi\ASUS\EPU-6 Engine\SixEngine.exe" [2009-05-25 6017024]
"nwiz"="c:\programmi\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R2 AsSysCtrlService;ASUS System Control Service;c:\programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [24/02/2010 22.34.46 90112]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [18/02/2009 16.31.56 294912]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24/02/2010 22.19.18 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-839522115-1801674531-1003Core.job
- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-10 05:33]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-839522115-1801674531-1003UA.job
- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-10 05:33]

2010-07-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 17:20
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(548)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2010-07-12 17:21:48 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-07-12 15:21
ComboFix2.txt 2010-07-12 12:28

Pre-Run: 196.887.019.520 byte disponibili
Post-Run: 197.093.576.704 byte disponibili

- - End Of File - - 64EBDE62619026B6CD4929A50CB22001
r16
Inviato: Monday, July 12, 2010 6:07:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Problemi?
salizzi69
Inviato: Monday, July 12, 2010 7:18:45 PM
Rank: Member

Iscritto dal : 4/6/2006
Posts: 20
grazie...tutto a postoApplause
paolopa
Inviato: Monday, July 12, 2010 7:38:51 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.
disattiva il ripristino configurazione di sistema
start,pannello di controllo,sistema,configurazione di sistema,metti la spunta a
"disattiva ripristino configurazione di sistema su tutte le unita'",applica,ok.
spegni e riaccendi il pc e fai l operazione inversa per riattivarlo.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.