dsujbw.exe ??? cosa sara mai ???

[ainokaarina]

saluti
da un po' di tempo trovo nella cartella "documenti condivisi" i seguenti files nascosti :

dsujbw.exe e khw

lo strano e' che se metto norton antivirus, me li cancella
se invece metto AVG, li lascia stare non considerandoli "malevoli" .

Io li cancello, ma puntualmente vengono rimessi allo stesso posto.
Verranno generati da qualche programmino che non individuo.............che siano virus ???!!!???

Non so cosa pensare.......

ne sapete qualcosa ?????

Grazie per le risposte

[aurelio37]

Prova fare una scansione online del file in questione:
http://www.virustotal.com/it/

Ciao

[gahan]

Ciao,

esegui quanto detto da aurelio, e successivamente scarica ed installa

HijackThis
http://www.hijackthis.de/downloads/HJTInstall.exe

- apri il software
- accetta i termini di licenza
- clicca su "do a system scan and save a logfile"
- posta qui sul forum il log risultante

[-> EleKtrA <-]

saluti e grazie delle notizie.
questo e' il log di hijackthis :

Codice: Seleziona tutto

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ToolbarBHO Class - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Global Startup: avgtray.lnk = ?
O8 - Extra context menu item: Open with KUSO EXIF Viewer - C:\Programmi\KUSO EXIF Viewer\EXIF.htm
O8 - Extra context menu item: Read EXIF - C:\Programmi\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} (Iphona) - http://www.inps.it/Servizi/ParlaConNoi/VoipFiles/IPhona.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09F2730E-94BD-46B1-B34F-94F9F495FBD4}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{09F2730E-94BD-46B1-B34F-94F9F495FBD4}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)

--
End of file - 6922 bytes


ed il seguente e' il risultato che da' VIRUS TOTAL :

Codice: Seleziona tutto

Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.5.0.50 2010.01.21 Worm.Autoit!IK
AhnLab-V3 5.0.0.2 2010.01.20 -
AntiVir 7.9.1.146 2010.01.20 -
Antiy-AVL 2.0.3.7 2010.01.20 -
Authentium 5.2.0.5 2010.01.21 -
Avast 4.8.1351.0 2010.01.20 AutoIt:Balero-A2
AVG 9.0.0.730 2010.01.19 -
BitDefender 7.2 2010.01.21 Gen:Trojan.Heur.AutoIT.Oq3@b4u6jNdO
CAT-QuickHeal 10.00 2010.01.21 Win32.Packed.Klone.bj.4
ClamAV 0.94.1 2010.01.20 PUA.Script.Packed-3
Comodo 3651 2010.01.21 Packed.Win32.Klone.~KC
DrWeb 5.0.1.12222 2010.01.20 Win32.HLLW.Autoruner.based
eSafe 7.0.17.0 2010.01.20 -
eTrust-Vet 35.2.7249 2010.01.20 -
F-Prot 4.5.1.85 2010.01.20 -
F-Secure 9.0.15370.0 2010.01.21 Gen:Trojan.Heur.AutoIT.Oq3@b4u6jNdO
Fortinet 4.0.14.0 2010.01.20 -
GData 19 2010.01.21 Gen:Trojan.Heur.AutoIT.Oq3@b4u6jNdO
Ikarus T3.1.1.80.0 2010.01.21 Worm.Autoit
Jiangmin 13.0.900 2010.01.20 TrojanDownloader.Zlob.xcl
K7AntiVirus 7.10.951 2010.01.20 -
Kaspersky 7.0.0.125 2010.01.21 Worm.Win32.AutoIt.tc
McAfee 5867 2010.01.20 W32/Autorun.worm.zf.gen
McAfee+Artemis 5867 2010.01.20 W32/Autorun.worm.zf.gen
McAfee-GW-Edition 6.8.5 2010.01.20 Heuristic.BehavesLike.Win32.Trojan.J
Microsoft 1.5302 2010.01.20 Worm:AutoIt/Renocide.gen!C
NOD32 4791 2010.01.20 Win32/Packed.Autoit.Gen
Norman 6.04.03 2010.01.20 -
nProtect 2009.1.8.0 2010.01.20 -
Panda 10.0.2.2 2010.01.20 Trj/CI.A
PCTools 7.0.3.5 2010.01.21 HeurEngine.Malautoit
Rising 22.31.03.01 2010.01.21 -
Sophos 4.50.0 2010.01.21 -
Sunbelt 3.2.1858.2 2010.01.21 Trojan.Win32.AutoIt.gen.1 (v)
Symantec 20091.2.0.41 2010.01.21 Bloodhound.Malautoit.2
TheHacker 6.5.0.8.157 2010.01.21 -
TrendMicro 9.120.0.1004 2010.01.21 -
VBA32 3.12.12.1 2010.01.20 Trojan.Autoit.F
ViRobot 2010.1.20.2146 2010.01.21 -
VirusBuster 5.0.21.0 2010.01.20 Trojan.Autoit.Gen!Pac
Informazioni addizionali
File size: 656570 bytes
MD5   : 97063e3c343e2e206adcfd91d53fad3c
SHA1  : f102cbed7923e4ddf1d2d583b086afcb1d5de07e
SHA256: 2b71abf4a1f63ce394adc3a4c02be088ea8e2d79ed29f429245a0608d7c48095
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x54D3D
timedatestamp.....: 0x4850E379 (Thu Jun 12 10:51:05 2008)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x65F57 0x66000 6.69 3acda4623a0e3d29e47286c5ce656b86
.rdata 0x67000 0xE534 0xE600 5.02 f5ea2b2f886fbb9eaf7f19883bd5f07b
.data 0x76000 0x16AD8 0x2A00 3.89 85ce1e4957f76b29bd9a747a6ce443cc
.rsrc 0x8D000 0x5430 0x5600 4.97 0b1528b973fd0b72af63849124d18552

( 13 imports )

> advapi32.dll: RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW
> comctl32.dll: ImageList_DragMove, ImageList_EndDrag, ImageList_DragLeave, ImageList_DragEnter, ImageList_BeginDrag, ImageList_SetDragCursorImage, ImageList_Destroy, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Remove
> comdlg32.dll: GetSaveFileNameW, GetOpenFileNameW
> gdi32.dll: LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, SetTextColor, GetObjectW, SetBkMode, RoundRect, SetBkColor, CloseFigure, SetPixel, EndPath, StrokePath, StrokeAndFillPath, ExtCreatePen, PolyBezierTo, SetViewportOrgEx, Rectangle, CreatePen, CreateSolidBrush, CreateCompatibleBitmap, GetPixel, DeleteDC, GetDIBits, BitBlt, SelectObject, CreateDIBSection, CreateCompatibleDC, CreateFontW, GetDeviceCaps, GetTextFaceW, GetStockObject, CreateDCW, GetTextExtentPoint32W, DeleteObject
> kernel32.dll: UnmapViewOfFile, OpenProcess, CreateFileMappingW, MapViewOfFile, WriteProcessMemory, ReadProcessMemory, CreateFileW, ReadFile, SetFilePointer, SetFileTime, FindResourceW, LoadResource, GetFileAttributesW, LockResource, FindFirstFileW, SizeofResource, FindClose, EnumResourceNamesW, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, OutputDebugStringW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, TerminateProcess, SetSystemPowerState, GetLocalTime, MultiByteToWideChar, WideCharToMultiByte, CompareStringW, InterlockedIncrement, InterlockedDecrement, WriteFile, CreatePipe, GetStdHandle, InterlockedExchange, EnterCriticalSection, TerminateThread, LeaveCriticalSection, DeleteCriticalSection, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetDriveTypeW, QueryPerformanceFrequency, GetVolumeInformationW, SetVolumeLabelW, DeviceIoControl, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, SetFileAttributesW, WritePrivateProfileSectionW, GetShortPathNameW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetEnvironmentVariableW, GetFileSize, SetEnvironmentVariableW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, SetProcessWorkingSetSize, GlobalMemoryStatus, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, CreateProcessW, SetPriorityClass, VirtualAlloc, LoadLibraryExW, GetModuleHandleA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, RaiseException, GetModuleFileNameA, HeapSize, HeapReAlloc, HeapDestroy, HeapCreate, RtlUnwind, QueryPerformanceCounter, GetModuleHandleW, GetSystemInfo, GetVersionExW, GetCurrentThreadId, Sleep, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, HeapAlloc, GetProcessHeap, HeapFree, CloseHandle, GetCurrentProcess, LoadLibraryA, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, GetConsoleCP, GetConsoleMode, SetHandleCount, GetCurrentDirectoryW, FreeLibrary, InitializeCriticalSection, GetProcAddress, LoadLibraryW, GetStartupInfoW, GetVersionExA, ExitProcess, ExitThread, GetSystemTimeAsFileTime, GetFileType, GetStartupInfoA, SetStdHandle, ResumeThread, FlushFileBuffers, LCMapStringA, LCMapStringW, GetTimeZoneInformation, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, CompareStringA, GetDiskFreeSpaceW, SetEnvironmentVariableA
> mpr.dll: WNetUseConnectionW, WNetGetConnectionW, WNetAddConnection2W, WNetCancelConnection2W
> ole32.dll: OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, IIDFromString, StringFromIID, CLSIDFromString, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, StringFromCLSID, OleUninitialize
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> shell32.dll: DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
> user32.dll: SetWindowLongW, FlashWindow, GetActiveWindow, InflateRect, CharNextW, DrawFocusRect, wsprintfW, DrawTextW, RedrawWindow, FrameRect, DrawFrameControl, FillRect, DrawMenuBar, PtInRect, DestroyMenu, SetMenu, DestroyAcceleratorTable, CreateAcceleratorTableW, GetWindowTextLengthW, SetCursor, GetWindowDC, TranslateAcceleratorW, GetSystemMetrics, IsDialogMessageW, CreateMenu, IsDlgButtonChecked, GetSysColor, DefDlgProcW, ReleaseCapture, SetCapture, SetActiveWindow, FindWindowExW, EnumThreadWindows, LoadImageW, CreateIconFromResourceEx, mouse_event, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, IsZoomed, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, DispatchMessageW, GetDC, GetKeyboardLayoutNameA, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, DestroyWindow, GetMenu, GetClientRect, CopyRect, EndPaint, BeginPaint, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, SendMessageTimeoutW, GetFocus, GetWindowTextW, ScreenToClient, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, GetCaretPos, GetSubMenu, GetMenuStringW, IsCharUpperW, IsCharLowerW, IsCharAlphaNumericW, IsCharAlphaW, GetKeyboardLayoutNameW, ClientToScreen, RegisterHotKey, ReleaseDC, SetMenuItemInfoW, GetCursor, PostMessageW, GetWindowRect, MessageBoxW, GetForegroundWindow, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, MessageBoxA, RegisterWindowMessageW, DestroyIcon, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, TranslateMessage, PeekMessageW, WindowFromPoint, SetClipboardData, EmptyClipboard, CountClipboardFormats, SetWindowPos, CopyImage, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, AdjustWindowRectEx, SetRect, CharLowerBuffW, GetMessageW, VkKeyScanA, LockWindowUpdate, UnregisterHotKey, keybd_event, ExitWindowsEx, CharUpperW
> version.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> winmm.dll: waveOutSetVolume, mciSendStringW, timeGetTime
> wsock32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )
 
TrID  : File type identification
Windows Screen Saver (39.4%)
Win32 Executable Generic (25.6%)
Win32 Dynamic Link Library (generic) (22.8%)
Generic Win/DOS Executable (6.0%)
DOS Executable Generic (6.0%)
ssdeep: 12288:v6SKqT31T6WpJY6V765jKqostkm3ObpTUVWR+seiLo0JB:ixqT31T6WE6I5jKqosOm+bpN8ilJB
PEiD  : -
RDS   : NSRL Reference Data Set
-

======================

ho letto con calma cercando di capirne qualcosa.......ma niente....purtroppo.

se potete decifrarne qualcosa di utile.....grazie e scusate del disturbo che arreco


P.S.: quando ricompare il file, dopo di averlo cancellato, viene spoesso con altro nome;
ora,per es. si chiama : kljimr.exe

di nuovo grazie

.

[gahan]

Ciao molto probabilmente hai sbagliato a postare il log di hijackthis essendo incompleto.
Clicca su "do a system scan only and save a log file" e posta il log completo.

Dai log postati si nota un'infezione sul tuo sistema.

[-> EleKtrA <-]

questo e' il nuovo risultato :

Codice: Seleziona tutto

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:26 PM, on 2/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\AVG\AVG9\avgtray.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programmi\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Adobelm_Cleanup.0001
C:\Eseguibili\AntiSpyware\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ToolbarBHO Class - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Global Startup: avgtray.lnk = ?
O8 - Extra context menu item: Open with KUSO EXIF Viewer - C:\Programmi\KUSO EXIF Viewer\EXIF.htm
O8 - Extra context menu item: Read EXIF - C:\Programmi\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} (Iphona) - http://www.inps.it/Servizi/ParlaConNoi/VoipFiles/IPhona.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09F2730E-94BD-46B1-B34F-94F9F495FBD4}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{09F2730E-94BD-46B1-B34F-94F9F495FBD4}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)

--
End of file - 6978 bytes

[gahan]

- scarica Malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

- Installa il programma
- aggiornalo
- fai una scansione completa
- a fine scansione premi sul pulsante "rimuovi elementi selezionati"
- posta il rapporto ottenuto.

[ainokaarina]

saluti
non ha trovato niente di "malevolo"
questo e' il log. :

Codice: Seleziona tutto

Malwarebytes' Anti-Malware 1.44
Versione del database: 3770
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/21/2010 8:31:52 PM
mbam-log-2010-02-21 (20-31-52).txt

Tipo di scansione: Scansione completa (C:\|G:\|K:\|)
Elementi scansionati: 300201
Tempo trascorso: 4 hour(s), 18 minute(s), 13 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)


==================================
???

[-> EleKtrA <-]

Ciao ainokaarina, questo tipo di file random (dsujbw.exe)
possono essere il risultato di navigazioni su siti non attendibili.
L'altro potrebbe essere un file/cartella riferito ad un sito di E-commerce di informatica.

Dal log di hijackthis risulta che hai installato AVG9,
ma non è attivo in realtime, lo hai disabilitato tu?
Hai installato tu WinPCap?

Inoltre dovresti aggiornare Adobe Reader, Java Sun e Adobe Flash Player

Suggerisco di eseguire questi controlli, oltre quelli che sono stati già fatti.
Scarica Combofix | Tutorial
Non installare la recovery console
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

Esegui una scansione online con Kaspersky ed allega il risultato.

NOTA
Copia il rapporto sul forum inserendolo nel tag "code" (CLICCA)

[ainokaarina]

scusate, ma.......
non ce l'ho fatta piu' ad aspettare !

Ho riformattato tutto ed ora sto "riaggiustando" tutti i programmi.

Staro', o cerchero' di stare piu' attento in futuro

Ringrazio tutti


ciao

[ainokaarina]

scusatemi ancora

potete dirmi, fisicamente, in che cartella si trova "Posta in Arrivo" e "Posta Inviata"
di Outlook Express ??

cioe' come ricercarli senza usare il programma stesso Outlook Express ??

grazie

[aurelio37]

Le singole email non vengono salvate singolarmente con estensione .eml ma si trovavo, diciamo in contenitori .dbx.
Il percorso è:
Per prima cosa bisogna visualizzare le cartelle nascoste; apri una qualsiasi cartella, vai su Strumenti—> Opzioni Cartella—> Visualizzazione e seleziona Visualizza cartelle e file nascosti e clicca su OK. Poi basta andare nella cartella C:\Documents and Settings\Nomeutente\Impostazioni locali\Dati applicazioni\Identities\{,,,..........}\Microsoft\Outlook Express e qui trovi tutti i dbx contenenti le email

Questo ti era utile per salvare la tua posta prima di formattare.
Ciao

[ainokaarina]

.
si', Aurelio, hai detto :
<Questo ti era utile per salvare la tua posta prima di formattare>

purtroppo sono andato la', ma non ci ho trovato piu' niente !!
Comunque questa volta non ho formattato, ma ho installato un'altra copia di windows nella directory win.
Ho risolto momentaneamente tutti i problemi con il solo "fastidio" di dover reinstallare i programmi
perche' windows non li "vedeva" piu' nel registro.
Ora il computer va spedito che e' una "bellezza".
Con calma, piano piano, cancellero' tutta la directory di windows dove si annidava il problema.

grazie di tutto
saluti