Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

aiuto a leggere hijackthis per trojan

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

aiuto a leggere hijackthis per trojan

Postdi zzzhimo » 28/03/09 11:14

ciao a tutti sono nuova del forum...
ho un problema con i virus, ho usato l antivirus avg che mi ha rilevato la presenza di n trojan e mel ha eliminato ma il pc contina a darmi problemi: mi connette a siti porno, giochi d'azzardo ect, inoltre il desktop ha le icone evidenziate di blu e non è possibile scambiare lo sfondo. Vi posto il log di Hijackthis. Premetto che non l ho mai usato e non so nemmeno cosa signifchino tutte quelle righe...Qualcuno puo aiutarmi???grazie..
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.13.42, on 28/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\HiYo\bin\HiYo.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE
C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\OpenOffice.org 2.3\program\soffice.exe
C:\Programmi\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\AVG\AVG8\aAvgApi.exe
C:\Programmi\Java\jre1.6.0_03\bin\jucheck.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {68e5deb5-b7a5-1cc8-0664-e241783c08b1} - {1b80c387-142e-4660-8cc1-5a7b5bed5e86} - C:\WINDOWS\system32\rskfhm.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {f50f8ebc-4007-42b2-aa04-317665643187} - C:\WINDOWS\system32\fofugapi.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Hiyo] C:\Programmi\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [boyehukada] Rundll32.exe "C:\WINDOWS\system32\zinipelu.dll",s
O4 - HKLM\..\Run: [CPMd386e75c] Rundll32.exe "c:\windows\system32\kalerazo.dll",a
O4 - HKLM\..\Run: [d0b5d4c0] rundll32.exe "C:\WINDOWS\system32\tabisape.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [L07IXLRD_3598250] "C:\Programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmi\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D35F34D0-F119-4206-8E7E-6A1B3C2A4439}: NameServer = 195.130.224.18,195.130.225.129
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\fujobila.dll,rskfhm.dll,c:\windows\system32\kalerazo.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kalerazo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kalerazo.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 8470 bytes
zzzhimo
Utente Junior
 
Post: 23
Iscritto il: 28/03/09 11:03

Sponsor
 

Re: aiuto a leggere hijackthis per trojan

Postdi Luke57 » 28/03/09 11:31

Ciao, prova con carica combofix; scaricalo sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disattiva l'antivirus, se lo hai, disconnettiti da internet, chiudi programmi e applicazioni .
Fatto questo, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se spariscono le icone dal desktop è normale, acconsenti all'eventuale proposta del programma di eliminazione di drivers),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , riavvia in modalità normale e posta il contenuto del file o allegalo.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aiuto a leggere hijackthis per trojan

Postdi zzzhimo » 28/03/09 11:33

ora ci provo
zzzhimo
Utente Junior
 
Post: 23
Iscritto il: 28/03/09 11:03

Re: aiuto a leggere hijackthis per trojan

Postdi zzzhimo » 28/03/09 11:36

cioè se tutto va bene?
non è possibile solo dal log di H capire che cosa ha il pc?
zzzhimo
Utente Junior
 
Post: 23
Iscritto il: 28/03/09 11:03

Re: aiuto a leggere hijackthis per trojan

Postdi Luke57 » 28/03/09 11:52

Ciao, sì, sei infetto, hijackthis è per la diagnosi, combofix per la cura.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aiuto a leggere hijackthis per trojan

Postdi zzzhimo » 28/03/09 12:33

ciao ecco il risultato di combix
Codice: Seleziona tutto
ComboFix 09-03-27.02 - admin 2009-03-28 12:18:42.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1040.18.383.220 [GMT 1:00]
Eseguito da: c:\documents and settings\admin\desktop\combofix.exe
Opzioni usate :: /killal

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ahtn.htm
c:\windows\system32\epasibat.ini
c:\windows\system32\fujobila.dll
c:\windows\system32\kalerazo.dll
c:\windows\system32\mosoraza.dll
c:\windows\system32\ovfsthfeacpdeassxudxdyhikvgbnbhmqdbjqx.dll
c:\windows\system32\ovfsthfloajnsvskeajpoygnumnugjasqkutog.dll
c:\windows\system32\ovfsthoewwxudqxlpswqwbkwossdyfqrmrfktd.dll
c:\windows\system32\rskfhm.dll
c:\windows\system32\tabisape.dll
c:\windows\system32\uniq.tll

.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthvnnbmuwfjpwipyyraejxmtamtoriuvwf
-------\Service_PCIDump


(((((((((((((((((((((((((   Files Creati Da 2009-02-28 al 2009-03-28  )))))))))))))))))))))))))))))))))))
.

2009-03-28 12:10 . 2009-03-28 12:10   268   --ah-----   C:\sqmdata15.sqm
2009-03-28 12:10 . 2009-03-28 12:10   244   --ah-----   C:\sqmnoopt15.sqm
2009-03-28 11:42 . 2009-03-28 11:42   268   --ah-----   C:\sqmdata14.sqm
2009-03-28 11:42 . 2009-03-28 11:42   244   --ah-----   C:\sqmnoopt14.sqm
2009-03-28 11:17 . 2009-03-28 11:17   268   --ah-----   C:\sqmdata13.sqm
2009-03-28 11:17 . 2009-03-28 11:17   244   --ah-----   C:\sqmnoopt13.sqm
2009-03-26 20:31 . 2009-03-26 20:31   268   --ah-----   C:\sqmdata12.sqm
2009-03-26 20:31 . 2009-03-26 20:31   244   --ah-----   C:\sqmnoopt12.sqm
2009-03-26 11:25 . 2009-03-26 11:25   268   --ah-----   C:\sqmdata11.sqm
2009-03-26 11:25 . 2009-03-26 11:25   244   --ah-----   C:\sqmnoopt11.sqm
2009-03-26 11:08 . 2009-03-26 11:08   <DIR>   d--h-----   C:\$AVG8.VAULT$
2009-03-26 10:47 . 2009-03-26 10:47   <DIR>   d--------   c:\programmi\Trend Micro
2009-03-26 09:25 . 2009-03-26 09:25   268   --ah-----   C:\sqmdata10.sqm
2009-03-26 09:25 . 2009-03-26 09:25   244   --ah-----   C:\sqmnoopt10.sqm
2009-03-26 07:09 . 2009-03-26 07:09   268   --ah-----   C:\sqmdata09.sqm
2009-03-26 07:09 . 2009-03-26 07:09   244   --ah-----   C:\sqmnoopt09.sqm
2009-03-25 23:21 . 2009-03-25 23:21   268   --ah-----   C:\sqmdata08.sqm
2009-03-25 23:21 . 2009-03-25 23:21   244   --ah-----   C:\sqmnoopt08.sqm
2009-03-25 22:59 . 2009-03-25 22:59   <DIR>   d--------   c:\programmi\AVG
2009-03-25 22:59 . 2009-03-28 12:09   <DIR>   d--------   c:\documents and settings\All Users\Dati applicazioni\avg8
2009-03-25 22:47 . 2009-03-25 22:47   268   --ah-----   C:\sqmdata07.sqm
2009-03-25 22:47 . 2009-03-25 22:47   244   --ah-----   C:\sqmnoopt07.sqm
2009-03-25 21:51 . 2009-03-25 21:51   268   --ah-----   C:\sqmdata06.sqm
2009-03-25 21:51 . 2009-03-25 21:51   244   --ah-----   C:\sqmnoopt06.sqm
2009-03-25 00:26 . 2009-03-25 00:26   268   --ah-----   C:\sqmdata05.sqm
2009-03-25 00:26 . 2009-03-25 00:26   244   --ah-----   C:\sqmnoopt05.sqm
2009-03-24 22:42 . 2009-03-24 22:42   268   --ah-----   C:\sqmdata04.sqm
2009-03-24 22:42 . 2009-03-24 22:42   244   --ah-----   C:\sqmnoopt04.sqm
2009-03-24 22:42 . 2009-03-24 22:42   0   --a------   c:\windows\system32\drivers\ovfsth.sys
2009-03-24 22:25 . 2009-03-25 00:15   108,032   --a------   C:\bmf.exe
2009-03-24 22:22 . 2009-03-28 11:36   43   --a------   c:\windows\system32\ovfsthtqkxgmkxrvqoxwcsriccvxykpdrerilv.dat
2009-03-24 22:20 . 2009-03-28 12:12   108,929   --a------   c:\windows\system32\ovfsthxujlnpmwslrrsbtfafvisjhyxxorfxny.dat
2009-03-17 19:12 . 2009-03-17 19:12   <DIR>   d--------   C:\1f14e86cbf0728e6534978b33d1f644e

.



il pc ha sempre le icone evidenziate ect..
zzzhimo
Utente Junior
 
Post: 23
Iscritto il: 28/03/09 11:03

Re: aiuto a leggere hijackthis per trojan

Postdi Luke57 » 28/03/09 16:45

Ciao, si vede che sei ancora infetto ma il report di combofix che hai postato non è completo, mi serve di vederlo tutto per darti altri suggerimenti.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aiuto a leggere hijackthis per trojan

Postdi zzzhimo » 28/03/09 16:54

ti allego nuovamente il log...
ComboFix 09-03-27.02 - admin 2009-03-28 12:18:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.383.220 [GMT 1:00]
Eseguito da: c:\documents and settings\admin\desktop\combofix.exe
Opzioni usate :: /killal

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ahtn.htm
c:\windows\system32\epasibat.ini
c:\windows\system32\fujobila.dll
c:\windows\system32\kalerazo.dll
c:\windows\system32\mosoraza.dll
c:\windows\system32\ovfsthfeacpdeassxudxdyhikvgbnbhmqdbjqx.dll
c:\windows\system32\ovfsthfloajnsvskeajpoygnumnugjasqkutog.dll
c:\windows\system32\ovfsthoewwxudqxlpswqwbkwossdyfqrmrfktd.dll
c:\windows\system32\rskfhm.dll
c:\windows\system32\tabisape.dll
c:\windows\system32\uniq.tll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthvnnbmuwfjpwipyyraejxmtamtoriuvwf
-------\Service_PCIDump


((((((((((((((((((((((((( Files Creati Da 2009-02-28 al 2009-03-28 )))))))))))))))))))))))))))))))))))
.

2009-03-28 12:10 . 2009-03-28 12:10 268 --ah----- C:\sqmdata15.sqm
2009-03-28 12:10 . 2009-03-28 12:10 244 --ah----- C:\sqmnoopt15.sqm
2009-03-28 11:42 . 2009-03-28 11:42 268 --ah----- C:\sqmdata14.sqm
2009-03-28 11:42 . 2009-03-28 11:42 244 --ah----- C:\sqmnoopt14.sqm
2009-03-28 11:17 . 2009-03-28 11:17 268 --ah----- C:\sqmdata13.sqm
2009-03-28 11:17 . 2009-03-28 11:17 244 --ah----- C:\sqmnoopt13.sqm
2009-03-26 20:31 . 2009-03-26 20:31 268 --ah----- C:\sqmdata12.sqm
2009-03-26 20:31 . 2009-03-26 20:31 244 --ah----- C:\sqmnoopt12.sqm
2009-03-26 11:25 . 2009-03-26 11:25 268 --ah----- C:\sqmdata11.sqm
2009-03-26 11:25 . 2009-03-26 11:25 244 --ah----- C:\sqmnoopt11.sqm
2009-03-26 11:08 . 2009-03-26 11:08 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-26 10:47 . 2009-03-26 10:47 <DIR> d-------- c:\programmi\Trend Micro
2009-03-26 09:25 . 2009-03-26 09:25 268 --ah----- C:\sqmdata10.sqm
2009-03-26 09:25 . 2009-03-26 09:25 244 --ah----- C:\sqmnoopt10.sqm
2009-03-26 07:09 . 2009-03-26 07:09 268 --ah----- C:\sqmdata09.sqm
2009-03-26 07:09 . 2009-03-26 07:09 244 --ah----- C:\sqmnoopt09.sqm
2009-03-25 23:21 . 2009-03-25 23:21 268 --ah----- C:\sqmdata08.sqm
2009-03-25 23:21 . 2009-03-25 23:21 244 --ah----- C:\sqmnoopt08.sqm
2009-03-25 22:59 . 2009-03-25 22:59 <DIR> d-------- c:\programmi\AVG
2009-03-25 22:59 . 2009-03-28 12:09 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-03-25 22:47 . 2009-03-25 22:47 268 --ah----- C:\sqmdata07.sqm
2009-03-25 22:47 . 2009-03-25 22:47 244 --ah----- C:\sqmnoopt07.sqm
2009-03-25 21:51 . 2009-03-25 21:51 268 --ah----- C:\sqmdata06.sqm
2009-03-25 21:51 . 2009-03-25 21:51 244 --ah----- C:\sqmnoopt06.sqm
2009-03-25 00:26 . 2009-03-25 00:26 268 --ah----- C:\sqmdata05.sqm
2009-03-25 00:26 . 2009-03-25 00:26 244 --ah----- C:\sqmnoopt05.sqm
2009-03-24 22:42 . 2009-03-24 22:42 268 --ah----- C:\sqmdata04.sqm
2009-03-24 22:42 . 2009-03-24 22:42 244 --ah----- C:\sqmnoopt04.sqm
2009-03-24 22:42 . 2009-03-24 22:42 0 --a------ c:\windows\system32\drivers\ovfsth.sys
2009-03-24 22:25 . 2009-03-25 00:15 108,032 --a------ C:\bmf.exe
2009-03-24 22:22 . 2009-03-28 11:36 43 --a------ c:\windows\system32\ovfsthtqkxgmkxrvqoxwcsriccvxykpdrerilv.dat
2009-03-24 22:20 . 2009-03-28 12:12 108,929 --a------ c:\windows\system32\ovfsthxujlnpmwslrrsbtfafvisjhyxxorfxny.dat
2009-03-17 19:12 . 2009-03-17 19:12 <DIR> d-------- C:\1f14e86cbf0728e6534978b33d1f644e

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 11:22 --------- d-----w c:\documents and settings\admin\Dati applicazioni\OpenOffice.org2
2009-03-22 21:32 --------- d-----w c:\documents and settings\admin\Dati applicazioni\Canon
2009-03-11 19:49 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-26 15:25 --------- d-----w c:\programmi\Windows Live Safety Center
1601-01-01 00:12 47,616 --sha-w c:\windows\system32\fofugapi.dll
1601-01-01 00:12 47,616 --sha-w c:\windows\system32\zinipelu.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f50f8ebc-4007-42b2-aa04-317665643187}]
1601-01-01 01:12 47616 --ahs---- c:\windows\system32\fofugapi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"L07IXLRD_3598250"="c:\programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE" [2006-06-13 351000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"OpwareSE2"="c:\programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Hiyo"="c:\programmi\HiYo\bin\HiYo.exe" [2009-01-28 300336]
"boyehukada"="c:\windows\system32\zinipelu.dll" [1601-01-01 47616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\admin\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - c:\programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
NETGEAR WG111v3 Smart Wizard.lnk - c:\programmi\NETGEAR\WG111v3\WG111v3.exe [2007-09-12 1527808]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\fujobila.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\File comuni\\Ahead\\Lib\\NMBgMonitor.exe"=
"c:\\Programmi\\OpenOffice.org 2.3\\program\\soffice.bin"=
"c:\\Programmi\\ScanSoft\\OmniPageSE2.0\\opwareSE2.exe"=
"c:\\Programmi\\Java\\jre1.6.0_03\\bin\\jusched.exe"=
"c:\\Programmi\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\WINDOWS\\explorer.exe"=

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-04-23 224896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ae0ed9b-3303-11dd-80c0-f4091b228921}]
\Shell\AutoRun\command - n.bat
\Shell\explore\Command - n.bat
\Shell\open\Command - n.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554c3b35-e453-11dc-809e-df201640f449}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7310108-e602-11dc-80a0-9910beb1c84a}]
\Shell\AutoRun\command - H:\Autoplay.exe -auto
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{1b80c387-142e-4660-8cc1-5a7b5bed5e86} - c:\windows\system32\rskfhm.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kalerazo.dll


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {D35F34D0-F119-4206-8E7E-6A1B3C2A4439} = 195.130.224.18,195.130.225.129
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 12:22:35
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\windows\system32\msv1_0.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wscntfy.exe
c:\programmi\OpenOffice.org 2.3\program\soffice.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\OpenOffice.org 2.3\program\soffice.bin
c:\programmi\MSN Messenger\msnmsgr.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-28 12:25:19 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-28 11:25:16

Pre-Run: 16,602,750,976 byte disponibili
Post-Run: 16,553,562,112 byte disponibili

170 --- E O F --- 2009-03-20 18:52:00
zzzhimo
Utente Junior
 
Post: 23
Iscritto il: 28/03/09 11:03

Re: aiuto a leggere hijackthis per trojan

Postdi zzzhimo » 28/03/09 17:27

è completo ora?
grazie per l aiuto
zzzhimo
Utente Junior
 
Post: 23
Iscritto il: 28/03/09 11:03

Re: aiuto a leggere hijackthis per trojan

Postdi Luke57 » 28/03/09 19:29

Ciao,apri un file di testo dal blocco note di windows, incollaci il seguente codice:

Codice: Seleziona tutto
File::
c:\windows\system32\drivers\ovfsth.sys
C:\bmf.exe
c:\windows\system32\ovfsthtqkxgmkxrvqoxwcsriccvxykpdrerilv.dat
c:\windows\system32\ovfsthxujlnpmwslrrsbtfafvisjhyxxorfxny.dat
c:\windows\system32\fofugapi.dll
c:\windows\system32\zinipelu.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f50f8ebc-4007-42b2-aa04-317665643187}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"boyehukada"=-



salvalo nella stessa directory di combofix chiamandolo obbligatoriamente CFScript.txt trascinalo con il puntatore del mouse sull'icona di combofix, il programma eseguirà una nuova scansione. Al termine di essa riavvia il computer e posta il nuovo report C:\combofix.txt.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aiuto a leggere hijackthis per trojan

Postdi zzzhimo » 28/03/09 19:35

scusa l'ignorenza ...cioè stessa directory? combix è salvato nel desktop..
zzzhimo
Utente Junior
 
Post: 23
Iscritto il: 28/03/09 11:03

Re: aiuto a leggere hijackthis per trojan

Postdi zzzhimo » 28/03/09 19:39

ok sta partendo la scansione
zzzhimo
Utente Junior
 
Post: 23
Iscritto il: 28/03/09 11:03

Re: aiuto a leggere hijackthis per trojan

Postdi zzzhimo » 28/03/09 19:52

ecco il log:
ComboFix 09-03-27.02 - admin 2009-03-28 19.39.54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.383.128 [GMT 1:00]
Eseguito da: c:\documents and settings\admin\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\admin\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
C:\bmf.exe
c:\windows\system32\drivers\ovfsth.sys
c:\windows\system32\fofugapi.dll
c:\windows\system32\ovfsthtqkxgmkxrvqoxwcsriccvxykpdrerilv.dat
c:\windows\system32\ovfsthxujlnpmwslrrsbtfafvisjhyxxorfxny.dat
c:\windows\system32\zinipelu.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bmf.exe
c:\windows\system32\drivers\ovfsth.sys
c:\windows\system32\fofugapi.dll
c:\windows\system32\ovfsthtqkxgmkxrvqoxwcsriccvxykpdrerilv.dat
c:\windows\system32\ovfsthxujlnpmwslrrsbtfafvisjhyxxorfxny.dat
c:\windows\system32\zinipelu.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-02-28 al 2009-03-28 )))))))))))))))))))))))))))))))))))
.

2009-03-28 12:57 . 2009-03-28 12:57 268 --ah----- C:\sqmdata17.sqm
2009-03-28 12:57 . 2009-03-28 12:57 244 --ah----- C:\sqmnoopt17.sqm
2009-03-28 12:27 . 2009-03-28 12:27 268 --ah----- C:\sqmdata16.sqm
2009-03-28 12:27 . 2009-03-28 12:27 244 --ah----- C:\sqmnoopt16.sqm
2009-03-28 12:10 . 2009-03-28 12:10 268 --ah----- C:\sqmdata15.sqm
2009-03-28 12:10 . 2009-03-28 12:10 244 --ah----- C:\sqmnoopt15.sqm
2009-03-28 11:42 . 2009-03-28 11:42 268 --ah----- C:\sqmdata14.sqm
2009-03-28 11:42 . 2009-03-28 11:42 244 --ah----- C:\sqmnoopt14.sqm
2009-03-28 11:17 . 2009-03-28 11:17 268 --ah----- C:\sqmdata13.sqm
2009-03-28 11:17 . 2009-03-28 11:17 244 --ah----- C:\sqmnoopt13.sqm
2009-03-26 20:31 . 2009-03-26 20:31 268 --ah----- C:\sqmdata12.sqm
2009-03-26 20:31 . 2009-03-26 20:31 244 --ah----- C:\sqmnoopt12.sqm
2009-03-26 11:25 . 2009-03-26 11:25 268 --ah----- C:\sqmdata11.sqm
2009-03-26 11:25 . 2009-03-26 11:25 244 --ah----- C:\sqmnoopt11.sqm
2009-03-26 11:08 . 2009-03-26 11:08 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-26 10:47 . 2009-03-26 10:47 <DIR> d-------- c:\programmi\Trend Micro
2009-03-26 09:25 . 2009-03-26 09:25 268 --ah----- C:\sqmdata10.sqm
2009-03-26 09:25 . 2009-03-26 09:25 244 --ah----- C:\sqmnoopt10.sqm
2009-03-26 07:09 . 2009-03-26 07:09 268 --ah----- C:\sqmdata09.sqm
2009-03-26 07:09 . 2009-03-26 07:09 244 --ah----- C:\sqmnoopt09.sqm
2009-03-25 23:21 . 2009-03-25 23:21 268 --ah----- C:\sqmdata08.sqm
2009-03-25 23:21 . 2009-03-25 23:21 244 --ah----- C:\sqmnoopt08.sqm
2009-03-25 22:59 . 2009-03-25 22:59 <DIR> d-------- c:\programmi\AVG
2009-03-25 22:59 . 2009-03-28 12:09 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-03-25 22:47 . 2009-03-25 22:47 268 --ah----- C:\sqmdata07.sqm
2009-03-25 22:47 . 2009-03-25 22:47 244 --ah----- C:\sqmnoopt07.sqm
2009-03-25 21:51 . 2009-03-25 21:51 268 --ah----- C:\sqmdata06.sqm
2009-03-25 21:51 . 2009-03-25 21:51 244 --ah----- C:\sqmnoopt06.sqm
2009-03-25 00:26 . 2009-03-25 00:26 268 --ah----- C:\sqmdata05.sqm
2009-03-25 00:26 . 2009-03-25 00:26 244 --ah----- C:\sqmnoopt05.sqm
2009-03-24 22:42 . 2009-03-24 22:42 268 --ah----- C:\sqmdata04.sqm
2009-03-24 22:42 . 2009-03-24 22:42 244 --ah----- C:\sqmnoopt04.sqm
2009-03-17 19:12 . 2009-03-17 19:12 <DIR> d-------- C:\1f14e86cbf0728e6534978b33d1f644e

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 18:44 --------- d-----w c:\documents and settings\admin\Dati applicazioni\OpenOffice.org2
2009-03-22 21:32 --------- d-----w c:\documents and settings\admin\Dati applicazioni\Canon
2009-03-11 19:49 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-26 15:25 --------- d-----w c:\programmi\Windows Live Safety Center
2007-04-23 13:21 269,824 ----a-w c:\windows\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w c:\windows\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w c:\windows\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w c:\windows\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w c:\windows\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w c:\windows\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w c:\windows\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w c:\windows\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w c:\windows\inf\WG111v3\RTWREFU.EXE
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"L07IXLRD_3598250"="c:\programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE" [2006-06-13 351000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"OpwareSE2"="c:\programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Hiyo"="c:\programmi\HiYo\bin\HiYo.exe" [2009-01-28 300336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\admin\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - c:\programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
NETGEAR WG111v3 Smart Wizard.lnk - c:\programmi\NETGEAR\WG111v3\WG111v3.exe [2007-09-12 1527808]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\fujobila.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\File comuni\\Ahead\\Lib\\NMBgMonitor.exe"=
"c:\\Programmi\\OpenOffice.org 2.3\\program\\soffice.bin"=
"c:\\Programmi\\ScanSoft\\OmniPageSE2.0\\opwareSE2.exe"=
"c:\\Programmi\\Java\\jre1.6.0_03\\bin\\jusched.exe"=
"c:\\Programmi\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\programmi\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-04-23 224896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ae0ed9b-3303-11dd-80c0-f4091b228921}]
\Shell\AutoRun\command - n.bat
\Shell\explore\Command - n.bat
\Shell\open\Command - n.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{554c3b35-e453-11dc-809e-df201640f449}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7310108-e602-11dc-80a0-9910beb1c84a}]
\Shell\AutoRun\command - H:\Autoplay.exe -auto
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {D35F34D0-F119-4206-8E7E-6A1B3C2A4439} = 195.130.224.18,195.130.225.129
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-28 19:43:51
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wscntfy.exe
c:\programmi\OpenOffice.org 2.3\program\soffice.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\OpenOffice.org 2.3\program\soffice.bin
c:\programmi\MSN Messenger\msnmsgr.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-28 19:46:46 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-28 18:46:36
ComboFix2.txt 2009-03-28 11:25:22

Pre-Run: 16.520.384.512 byte disponibili
Post-Run: 16,510,189,568 byte disponibili

167 --- E O F --- 2009-03-20 18:52:00

...desktop sempre uguale
zzzhimo
Utente Junior
 
Post: 23
Iscritto il: 28/03/09 11:03

Re: aiuto a leggere hijackthis per trojan

Postdi zzzhimo » 29/03/09 11:18

ho cambiato le impostazioni sul desktop enon si connette piu a siti indesiderati
GRAZIE MILLE
ho provato peò ad installare AVG.8 ma mi ha dato problemi non so se sia per via di un virus o di registro, allora ho installato NOD e l operazione è riuscita...
zzzhimo
Utente Junior
 
Post: 23
Iscritto il: 28/03/09 11:03

Re: aiuto a leggere hijackthis per trojan

Postdi Luke57 » 29/03/09 14:31

Ciao, per finire, apri hijackthis, premi "do a system scan only", metti il segno di spunta a questa voce:
O20 - AppInit_DLLs: C:\WINDOWS\system32\fujobila.dll

premi fix checked.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: aiuto a leggere hijackthis per trojan

Postdi zzzhimo » 29/03/09 14:58

ok fatto...ora potrei installare anche avg?
zzzhimo
Utente Junior
 
Post: 23
Iscritto il: 28/03/09 11:03

Re: aiuto a leggere hijackthis per trojan

Postdi Luke57 » 29/03/09 16:20

Ciao, prova a installarlo, tentar non nuoce.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "aiuto a leggere hijackthis per trojan":


Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti