chi mi aiuta a leggere il log di hijack?

**zzzhimo** · 28-03-2009, 13:53

ciao a tutti ho qualcheproblema con il pc precisamenteun troian. Ho un antivirus AVG mi ha rilevato e cancellato i virus ma il pc continua ad avere desktop con icone blu, connettersi a siti indisiderati...io vi posto il log di hijackthis..premetto che non ne capisco una mazza...voi potete aiutare? vi ringrazio

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.13.42, on 28/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\HiYo\bin\HiYo.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE
C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\Java\jre1.6.0_03\bin\jucheck.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {68e5deb5-b7a5-1cc8-0664-e241783c08b1} - {1b80c387-142e-4660-8cc1-5a7b5bed5e86} - C:\WINDOWS\system32\rskfhm.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {f50f8ebc-4007-42b2-aa04-317665643187} - C:\WINDOWS\system32\fofugapi.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [Hiyo] C:\Programmi\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [boyehukada] Rundll32.exe "C:\WINDOWS\system32\zinipelu.dll",s
O4 - HKLM\..\Run: [CPMd386e75c] Rundll32.exe "c:\windows\system32\kalerazo.dll",a
O4 - HKLM\..\Run: [d0b5d4c0] rundll32.exe "C:\WINDOWS\system32\tabisape.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [L07IXLRD_3598250] "C:\Programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D35F34D0-F119-4206-8E7E-6A1B3C2A4439}: NameServer = 195.130.224.18,195.130.225.129
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\fujobila.dll,rskfhm.dll,c:\win dows\system32\kalerazo.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kalerazo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kalerazo.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 8470 bytes

**amvinfe** · 28-03-2009, 15:41

Ciao,
ci sono alcune librerie e chiavi del registro che vanno eliminate, per una visione più completa scarica sul desktop
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verranno rilasciati (sempre sul desktop all'interno della cartella suspectfile) due file.
Vai su http://www.freefilehosting.net carica il file con estensione .zip e scrivi, nella tua prossima replica l'URL per poterlo scaricare.

Ricordati d'effettuare la scansione senza connessione attiva e con l'antivirus disabilitato salvo poi riattivarlo a scansione terminata.

SystemScan viene riconosciuto, erroneamente, da alcuni antivirus come infetto.

**zzzhimo** · 28-03-2009, 16:00

non so se ti possa essere utile, ma ho il log fatto con combix...pero anche quello non so cosa voglia dire...
ora non posso fare la procedura che mi hai consigliato...
ti posto il log

ComboFix 09-03-27.02 - admin 2009-03-28 12:18:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.383.220 [GMT 1:00]
Eseguito da: c:\documents and settings\admin\desktop\combofix.exe
Opzioni usate :: /killal

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

c:\windows\system32\ahtn.htm
c:\windows\system32\epasibat.ini
c:\windows\system32\fujobila.dll
c:\windows\system32\kalerazo.dll
c:\windows\system32\mosoraza.dll
c:\windows\system32\ovfsthfeacpdeassxudxdyhikvgbnb hmqdbjqx.dll
c:\windows\system32\ovfsthfloajnsvskeajpoygnumnugj asqkutog.dll
c:\windows\system32\ovfsthoewwxudqxlpswqwbkwossdyf qrmrfktd.dll
c:\windows\system32\rskfhm.dll
c:\windows\system32\tabisape.dll
c:\windows\system32\uniq.tll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthvnnbmuwfjpwipyyraejxmtamtoriuvwf
-------\Service_PCIDump

((((((((((((((((((((((((( Files Creati Da 2009-02-28 al 2009-03-28 )))))))))))))))))))))))))))))))))))
.

2009-03-28 12:10 . 2009-03-28 12:10 268 --ah----- C:\sqmdata15.sqm
2009-03-28 12:10 . 2009-03-28 12:10 244 --ah----- C:\sqmnoopt15.sqm
2009-03-28 11:42 . 2009-03-28 11:42 268 --ah----- C:\sqmdata14.sqm
2009-03-28 11:42 . 2009-03-28 11:42 244 --ah----- C:\sqmnoopt14.sqm
2009-03-28 11:17 . 2009-03-28 11:17 268 --ah----- C:\sqmdata13.sqm
2009-03-28 11:17 . 2009-03-28 11:17 244 --ah----- C:\sqmnoopt13.sqm
2009-03-26 20:31 . 2009-03-26 20:31 268 --ah----- C:\sqmdata12.sqm
2009-03-26 20:31 . 2009-03-26 20:31 244 --ah----- C:\sqmnoopt12.sqm
2009-03-26 11:25 . 2009-03-26 11:25 268 --ah----- C:\sqmdata11.sqm
2009-03-26 11:25 . 2009-03-26 11:25 244 --ah----- C:\sqmnoopt11.sqm
2009-03-26 11:08 . 2009-03-26 11:08 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-26 10:47 . 2009-03-26 10:47 <DIR> d-------- c:\programmi\Trend Micro
2009-03-26 09:25 . 2009-03-26 09:25 268 --ah----- C:\sqmdata10.sqm
2009-03-26 09:25 . 2009-03-26 09:25 244 --ah----- C:\sqmnoopt10.sqm
2009-03-26 07:09 . 2009-03-26 07:09 268 --ah----- C:\sqmdata09.sqm
2009-03-26 07:09 . 2009-03-26 07:09 244 --ah----- C:\sqmnoopt09.sqm
2009-03-25 23:21 . 2009-03-25 23:21 268 --ah----- C:\sqmdata08.sqm
2009-03-25 23:21 . 2009-03-25 23:21 244 --ah----- C:\sqmnoopt08.sqm
2009-03-25 22:59 . 2009-03-25 22:59 <DIR> d-------- c:\programmi\AVG
2009-03-25 22:59 . 2009-03-28 12:09 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-03-25 22:47 . 2009-03-25 22:47 268 --ah----- C:\sqmdata07.sqm
2009-03-25 22:47 . 2009-03-25 22:47 244 --ah----- C:\sqmnoopt07.sqm
2009-03-25 21:51 . 2009-03-25 21:51 268 --ah----- C:\sqmdata06.sqm
2009-03-25 21:51 . 2009-03-25 21:51 244 --ah----- C:\sqmnoopt06.sqm
2009-03-25 00:26 . 2009-03-25 00:26 268 --ah----- C:\sqmdata05.sqm
2009-03-25 00:26 . 2009-03-25 00:26 244 --ah----- C:\sqmnoopt05.sqm
2009-03-24 22:42 . 2009-03-24 22:42 268 --ah----- C:\sqmdata04.sqm
2009-03-24 22:42 . 2009-03-24 22:42 244 --ah----- C:\sqmnoopt04.sqm
2009-03-24 22:42 . 2009-03-24 22:42 0 --a------ c:\windows\system32\drivers\ovfsth.sys
2009-03-24 22:25 . 2009-03-25 00:15 108,032 --a------ C:\bmf.exe
2009-03-24 22:22 . 2009-03-28 11:36 43 --a------ c:\windows\system32\ovfsthtqkxgmkxrvqoxwcsriccvxyk pdrerilv.dat
2009-03-24 22:20 . 2009-03-28 12:12 108,929 --a------ c:\windows\system32\ovfsthxujlnpmwslrrsbtfafvisjhy xxorfxny.dat
2009-03-17 19:12 . 2009-03-17 19:12 <DIR> d-------- C:\1f14e86cbf0728e6534978b33d1f644e

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2009-03-28 11:22 --------- d-----w c:\documents and settings\admin\Dati applicazioni\OpenOffice.org2
2009-03-22 21:32 --------- d-----w c:\documents and settings\admin\Dati applicazioni\Canon
2009-03-11 19:49 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-26 15:25 --------- d-----w c:\programmi\Windows Live Safety Center
1601-01-01 00:12 47,616 --sha-w c:\windows\system32\fofugapi.dll
1601-01-01 00:12 47,616 --sha-w c:\windows\system32\zinipelu.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f50f8ebc-4007-42b2-aa04-317665643187}]
1601-01-01 01:12 47616 --ahs---- c:\windows\system32\fofugapi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"L07IXLRD_3598250"="c:\programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE" [2006-06-13 351000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"OpwareSE2"="c:\programmi\ScanSoft\OmniPageSE2.0\O pwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_0 3\bin\jusched.exe" [2007-09-25 132496]
"Hiyo"="c:\programmi\HiYo\bin\HiYo.exe" [2009-01-28 300336]
"boyehukada"="c:\windows\system32\zinipelu.dll " [1601-01-01 47616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\admin\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - c:\programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
NETGEAR WG111v3 Smart Wizard.lnk - c:\programmi\NETGEAR\WG111v3\WG111v3.exe [2007-09-12 1527808]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\fujobila.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\File comuni\\Ahead\\Lib\\NMBgMonitor.exe"=
"c:\\Programmi\\OpenOffice.org 2.3\\program\\soffice.bin"=
"c:\\Programmi\\ScanSoft\\OmniPageSE2.0\\opwareSE2 .exe"=
"c:\\Programmi\\Java\\jre1.6.0_03\\bin\\jusched.ex e"=
"c:\\Programmi\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\WINDOWS\\explorer.exe"=

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-04-23 224896]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4ae0ed9b-3303-11dd-80c0-f4091b228921}]
\Shell\AutoRun\command - n.bat
\Shell\explore\Command - n.bat
\Shell\open\Command - n.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{554c3b35-e453-11dc-809e-df201640f449}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e7310108-e602-11dc-80a0-9910beb1c84a}]
\Shell\AutoRun\command - H:\Autoplay.exe -auto
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{1b80c387-142e-4660-8cc1-5a7b5bed5e86} - c:\windows\system32\rskfhm.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kalerazo.dll

.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {D35F34D0-F119-4206-8E7E-6A1B3C2A4439} = 195.130.224.18,195.130.225.129
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 12:22:35
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\windows\system32\msv1_0.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wscntfy.exe
c:\programmi\OpenOffice.org 2.3\program\soffice.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\OpenOffice.org 2.3\program\soffice.bin
c:\programmi\MSN Messenger\msnmsgr.exe
.
************************************************** ************************
.
Ora fine scansione: 2009-03-28 12:25:19 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-28 11:25:16

Pre-Run: 16,602,750,976 byte disponibili
Post-Run: 16,553,562,112 byte disponibili

170 --- E O F --- 2009-03-20 18:52:00

**amvinfe** · 28-03-2009, 16:11

il report di SystemScan mi serve comunque.

Aspetto l'URL per poterlo scaricare.

Ciao

Discussione: chi mi aiuta a leggere il log di hijack?

Strumenti discussione

Ricerca discussione

Visualizza

chi mi aiuta a leggere il log di hijack?

Permessi di invio