|
|
#1
5 gennaio 2008, 10:26
| |||
| |||
| bene, non ho mai visto prima, ma ogni volta che fai clic sul pulsante di ricerca da finestre e fare ricerca continua "ricerca" per i file, anche se i clic sul pulsante per l'arresto, non so se è un virus, ma in realtà mi causa, se i desideri per la ricerca di un altro file poi ho per chiudere la finestra e aprire di nuovo ...  un'altra cosa che continua a preoccuparsi di me è che quando mi trovo in firefox per esempio, se nel mese di guardare un video di youtube a schermo intero va al piccolo schermo in certo periodo di tempo più e più volte o se sto scrivendo qualcosa, per qualche misterioso motivo I cant tipo più, come se ho selezionato un'altra finestra o qualcosa ... quindi devo scegliere di nuovo in Firefox per continuare il mio digitando  (che era accaduto più di 10 volte nel solo questa piccola guida msg ... pazzesco, im dicendo!)il mio pc è strano e che agiscono karpersky antivirus dice che non hanno nulla di sbagliato ... Ho lavorato con i computer per lungo tempo, ma adesso questa è una cosa havent ho visto e sentito havent ancora ... possono essere im diventando paranoico  |
|
#2
5 gennaio 2008, 10:44
| |||
| |||
| Diamo un'occhiata più da vicino. Scarica e rinominare HijackThis (HJT)
__________________  |
|
#3
5 gennaio 2008, 11:08
| |||
| |||
| Questo è ciò che ho: ************************************************** Logfile di Trend Micro HijackThis v2.0.2 Scan salvato a 02:08:32 pm, il 05/01/2008 Piattaforma: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Processi in esecuzione: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Archivos de programa \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe C: \ Archivos de programa \ LogMeIn \ x86 \ RaMaint.exe C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeIn.exe C: \ Archivos de programa \ Archivos comunes \ Microsoft Shared \ VS7DEBUG \ Mdm.exe C: \ WINDOWS \ system32 \ HPZipm12.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Dllhost.exe C: \ WINDOWS \ Explorer.EXE C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe C: \ WINDOWS \ system32 \ SVOHOST.exe C: \ Archivos de programa \ DAEMON Tools \ daemon.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Archivos de programa \ Microsoft Office \ Office11 \ WINWORD.EXE C: \ Archivos de programa \ Skype \ Phone \ Skype.exe C: \ Archivos de programa \ Mozilla Firefox \ firefox.exe C: \ Archivos de programa \ Trend Micro \ HijackThis \ asdf.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = circa: bianco R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = F2 - REG: system.ini: Userinit = C: \ WINDOWS \ system32 \ userinit.exe, C: \ WINDO WS \ system32 \ ODBCJET.exe, O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Archivos de programa \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file) O4 - HKLM \ .. \ Run: [LogMeIn GUI] "C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe" O4 - HKLM \ .. \ Run: [SoundMam] C: \ WINDOWS \ system32 \ SVOHOST.exe O4 - HKCU \ .. \ Run: [DAEMON Tools] "C: \ Archivos de programa \ DAEMON Tools \ daemon.exe"-lang 1033 O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Archivos de programa \ Windows Live \ Messenger \ MsnMsgr.Exe" / background O4 - HKCU \ .. \ Run: [Comrade.exe] C: \ Archivos de programa \ GameSpy \ Comrade \ Comrade.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe (User 'SERVICIO LOCALE') O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 Advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'SERVICIO LOCALE') O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide1] cmd.exe / C spostare / Y "% SystemRoot% \ System32 \ syssetub.dll" "% SystemRoot% \ System32 \ syssetup.dll" (L'utente 'SERVICIO LOCALE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe (User 'Servicio de rossi') O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 Advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'Servicio de rossi') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe (User 'SYSTEM') O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 Advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe (User 'Default user') O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 Advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'Default user') O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Restrictions presenti O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Pannello di controllo presenti O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Toolbars \ Restrictions presenti O8 - Extra contesto voce di menu: E & xportar a Microsoft Excel - res: / / C: \ ARCHIV ~ 1 \ micros ~ 1 \ Office11 \ EXCEL.EXE/3000 O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra pulsante: Referencia - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ ARCHIV ~ 1 \ micros ~ 1 \ Office11 \ REFIEBAR.DLL Ø16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813 Ø16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/ES-LA/.../GAME_UNO1.cab Ø16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (BAA62A6B-DD15-4E55-A719-401AF676E3A9): NameServer = 10.0.0.1,10.0.0.2 Ø20 - Winlogon Notify: usbmon - C: \ WINDOWS \ system32 \ usbmons.dll O23 - Service: ABBYY FineReader 9,0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C: \ Archivos de programa \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C: \ Archivos de programa \ Ares \ chatServer.exe O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Sconosciuto proprietario - C: \ Archivos de programa \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C: \ Archivos de programa \ LogMeIn \ x86 \ RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeIn.exe O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C: \ Archivos de programa \ Spyware Doctor \ svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C: \ Archivos de programa \ Spyware Doctor \ swdsvc.exe -- Fine del file - 5942 bytes |
|
#4
5 gennaio 2008, 11:24
| |||
| |||
| Sì, avete qualche brutto quelle lì. 1. Essa ha disattivato l'antivirus. 2. E 'un mass-mailing worm con backdoor e keylogging capacità. 3. Essa ha stabilito restrizioni sul pannello di controllo. --------------- Scarica Combofix da SUBS da uno qui o qui IMPORTANTE - Salva Combofix.exe al tuo desktop.
Next post aggiungi combofix log nuovo log HijackThis
__________________ |
|
#5
5 gennaio 2008, 12:33
| |||
| |||
| ComboFix 08-01-06.3 - Administrador 2008-01-05 14:48:48.1 - NTFSx86 Se ejecuta Iscritto: C: \ Documents and Settings \ Administrador \ escritorio \ ComboFix.exe . (((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))) ))))))))))))))))))))))))))))))))))))) . C: \ WINDOWS \ install.exe C: \ WINDOWS \ system32 \ svohost.exe C: \ WINDOWS \ system32 \ winscok.dll . (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))) ))))))))))))))))))))))))))))))))))))))))) . 2008-01-05 18:49 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos de programa \ Skype 2008-01-05 15:21 --------- d --- aw C: \ Documents and Settings \ All Users \ Dati di programma \ TEMP 2008-01-05 13:00 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos de programa \ Azureus 2007-12-26 22:39 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos de programa \ U3 2007-12-24 14:38 --------- d - h - w C: \ Archivos de programa \ InstallShield Installation Information 2007-12-23 04:15 --------- d ----- w C: \ Archivos de programa \ Azureus 2007-12-13 14:40 11.973 ---- aw C: \ WINDOWS \ system32 \ drivers \ secdrv.sys 2007-12-11 15:46 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ InstallShield 2007-12-05 20:12 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos de programa \ JAM Software 2007-12-05 20:09 --------- d ----- w C: \ Archivos de programa \ JAM Software 2007-12-04 19:25 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati di programma \ Office Genuine Advantage 2007-12-03 15:32 --------- d ----- w C: \ Archivos de programa \ FinalData 2007-12-02 17:05 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos de programa \ Media Player Classic 2007-12-02 16:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati di programma \ WM 2007-12-02 14:42 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos de programa \ WM 2007-12-02 14:39 --------- d ----- w C: \ Archivos de programa \ Word Magic Software 2007-12-02 00:44 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos de programa \ BSplayer Pro 2007-12-02 00:19 70.656 ---- aw C: \ WINDOWS \ ScUnin.exe 2007-11-30 22:17 --------- d ----- w C: \ Archivos de programa \ DivX 2007-11-30 22:01 --------- d ----- w C: \ Archivos de programa \ Microsoft Works 2007-11-30 21:45 --------- d ----- w C: \ Documents and Settings \ Dimart \ Datos de programa \ Talkback 2007-11-30 21:19 --------- d ----- w C: \ Archivos de programa \ DAEMON Tools 2007-11-30 21:13 685.816 ---- aw C: \ WINDOWS \ system32 \ drivers \ sptd.sys 2007-11-30 20:28 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati di programma \ Azureus 2007-11-30 13:42 --------- d ----- w C: \ Documents and Settings \ Administrador \ Datos de programa \ Talkback 2007-11-30 12:38 220.160 ---- aw C: \ WINDOWS \ system32 \ uxtheme.dll 2007-11-30 12:38 --------- d ----- w C: \ Archivos de programa \ Skype 2007-11-30 12:37 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati di programma \ Apple Computer 2007-11-30 12:37 --------- d ----- w C: \ Archivos de programa \ Windows Media Connect 2 2007-11-30 12:37 --------- d ----- w C: \ Archivos de programa \ Real Alternative 2007-11-30 12:37 --------- d ----- w C: \ Archivos de programa \ QuickTime Alternative 2007-11-30 12:37 --------- d ----- w C: \ Archivos de programa \ Media Player Classic 2007-11-30 12:35 --------- d ----- w C: \ Archivos de programa \ K-Lite Codec Pack 2007-11-30 12:35 --------- d ----- w C: \ Archivos de programa \ Java 2007-11-30 12:35 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ Java 2007-11-30 12:34 --------- d ----- w C: \ Archivos de programa \ Webteh 2007-11-30 12:34 --------- d ----- w C: \ Archivos de programa \ Lavalys 2007-11-30 12:34 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ Adobe 2007-11-30 12:23 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ MSSoap 2007-11-30 12:15 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ SpeechEngines 2007-11-30 12:15 --------- d ----- w C: \ Archivos de programa \ Archivos comunes \ ODBC 2007-11-15 22:46 23.736 ---- aw C: \ WINDOWS \ system32 \ lmimirr.dll 2007-11-15 22:46 10.040 ---- aw C: \ WINDOWS \ system32 \ lmimirr2.dll 2007-11-14 07:28 450.560 ------ w C: \ WINDOWS \ system32 \ dllcache \ jscript.dll 2007-10-30 10:17 3.079.680 ---- aw C: \ WINDOWS \ system32 \ dllcache \ mshtml.dll 2007-10-29 22:43 1.293.824 ---- aw C: \ WINDOWS \ system32 \ Quartz.dll 2007-10-29 22:43 1.293.824 ------ w C: \ WINDOWS \ system32 \ dllcache \ Quartz.dll 2007-10-25 16:56 8.496.640 ------ w C: \ WINDOWS \ system32 \ dllcache \ shell32.dll 2007-10-25 13:28 222.720 ---- aw C: \ WINDOWS \ system32 \ wmasf.dll 2007-10-25 13:28 222.720 ------ w C: \ WINDOWS \ system32 \ dllcache \ wmasf.dll 2007-10-20 00:56 200.704 ---- aw C: \ WINDOWS \ system32 \ ssldivx.dll 2007-10-20 00:56 1.044.480 ---- aw C: \ WINDOWS \ system32 \ libdivx.dll 2007-10-18 15:31 51.224 ---- aw C: \ WINDOWS \ system32 \ sirenacm.dll 2007-10-11 06:12 96.768 ------ w C: \ WINDOWS \ system32 \ dllcache \ Inseng.dll 2007-10-11 06:12 662.016 ------ w C: \ WINDOWS \ system32 \ dllcache \ wininet.dll 2007-10-11 06:12 616.448 ---- aw C: \ WINDOWS \ system32 \ dllcache \ urlmon.dll 2007-10-11 06:12 55.808 ------ w C: \ WINDOWS \ system32 \ dllcache \ extmgr.dll 2007-10-11 06:12 532.480 ------ w C: \ WINDOWS \ system32 \ dllcache \ mstime.dll 2007-10-11 06:12 474.624 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Shlwapi.dll 2007-10-11 06:12 449.024 ------ w C: \ WINDOWS \ system32 \ dllcache \ mshtmled.dll 2007-10-11 06:12 39.424 ------ w C: \ WINDOWS \ system32 \ dllcache \ pngfilt.dll 2007-10-11 06:12 357.888 ------ w C: \ WINDOWS \ system32 \ dllcache \ dxtmsft.dll 2007-10-11 06:12 251.392 ------ w C: \ WINDOWS \ system32 \ dllcache \ Iepeers.dll 2007-10-11 06:12 205.312 ------ w C: \ WINDOWS \ system32 \ dllcache \ dxtrans.dll 2007-10-11 06:12 16.384 ------ w C: \ WINDOWS \ system32 \ dllcache \ jsproxy.dll 2007-10-11 06:12 151.552 ---- aw C: \ WINDOWS \ system32 \ dllcache \ cdfview.dll 2007-10-11 06:12 146.432 ------ w C: \ WINDOWS \ system32 \ dllcache \ msrating.dll 2007-10-11 06:12 1.495.040 ---- aw C: \ WINDOWS \ system32 \ dllcache \ shdocvw.dll 2007-10-11 06:12 1.056.256 ------ w C: \ WINDOWS \ system32 \ dllcache \ danim.dll 2007-10-11 06:12 1.023.488 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Browseui.dll 2007-10-10 11:16 18.432 ------ w C: \ WINDOWS \ system32 \ dllcache \ iedw.exe 2006-11-07 14:29 145.920 ---- aw C: \ WINDOWS \ inf \ hdaudio.sys 2006-09-05 08:18 20.992 - sha-r C: \ WINDOWS \ system32 \ usbmons.exe . ((((((((((((((((((((((((((((((((( Cargando Puntos Reg. )))))))))))))) )))))))))))))))))))))))))))))))))))) . . REGEDIT4 * Nota * vacías messaggi e messaggi legítimas predeterminadas nessun figlio mostradas [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "DAEMON Tools" = "C: \ Archivos de programa \ DAEMON Tools \ daemon.exe" [2007-09-18 10:16 171464] "ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-19 08:42 30208] "MsnMsgr" = "C: \ Archivos de programa \ Windows Live \ Messenger \ MsnMsgr.exe" [2007-10-18 11:34 5724184] "Comrade.exe" = "C: \ Archivos de programa \ GameSpy \ Comrade \ Comrade.exe" [2007-12-20 13:47 36864] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "LogMeIn GUI" = "C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe" [2007-08-03 15:09 63048] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "Ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-19 08:42 30208] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ System] "DisableStatusMessages" = 0 (0x0) "HideShutdownScripts" = 0 (0x0) "RunLogonScriptSync" = 0 (0x0) "RunStartupScriptSync" = 0 (0x0) "HideStartupScripts" = 0 (0x0) [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ Policies \ System] "DisableLockWorkstation" = 0 (0x0) "DisableChangePassword" = 0 (0x0) "HideLogonScripts" = 0 (0x0) "HideLogoffScripts" = 0 (0x0) "HideLegacyLogonScripts" = 0 (0x0) [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ corr rentversion \ Policies \ System] "NoDispCPL" = 0 (0x0) "NoDispAppearancePage" = 0 (0x0) "NoDispScrSavPage" = 0 (0x0) "NoDispSettingsPage" = 0 (0x0) "NoVisualStyleChoice" = 0 (0x0) "NoColorChoice" = 0 (0x0) "NoSizeChoice" = 0 (0x0) "DisableLockWorkstation" = 0 (0x0) "DisableChangePassword" = 0 (0x0) "HideLogonScripts" = 0 (0x0) "HideLogoffScripts" = 0 (0x0) "HideLegacyLogonScripts" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ Explorer] "NoDesktopCleanupWizard" = 1 (0x1) "ForceClassicControlPanel" = 1 (0x1) "NoWelcomeScreen" = 0 (0x0) [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ Policies \ Explorer] "NoChangeKeyboardNavigationIndicators" = 0 (0x0) "NoChangeAnimation" = 0 (0x0) "NoAddPrinter" = 0 (0x0) "NoDeletePrinter" = 0 (0x0) "RestrictCpl" = 0 (0x0) "DisallowCpl" = 0 (0x0) "NoViewOnDrive" = 0 (0x0) "RestrictRun" = 0 (0x0) "DisallowRun" = 0 (0x0) "NoRecycleFiles" = 0 (0x0) "ForceRecycleBinSize" = 0 (0x0) "NoCustomizeWebView" = 0 (0x0) "NoWinKeys" = 0 (0x0) "NoFileAssociate" = 0 (0x0) "NoDFSTab" = 0 (0x0) "NoInstrumentation" = 0 (0x0) "NoCustomizeThisFolder" = 0 (0x0) "NoWebView" = 0 (0x0) "DontShowSuperHidden" = 0 (0x0) "NoOnlinePrintsWizard" = 0 (0x0) "NoPublishingWizard" = 0 (0x0) "NoSMConfigurePrograms" = 0 (0x0) "NoSMMyPictures" = 0 (0x0) "NoStartMenuMyMusic" = 0 (0x0) "NoFavoritesMenu" = 0 (0x0) "NoHelp" = 0 (0x0) "NoCommonGroups" = 0 (0x0) "NoStartMenuMFUprogramsList" = 0 (0x0) "NoStartMenuPinnedList" = 0 (0x0) "NoUserNameInStartMenu" = 0 (0x0) "NoStartMenuMorePrograms" = 0 (0x0) "NoStartMenuEjectPC" = 0 (0x0) "NoSimpleStartMenu" = 0 (0x0) "ForceStartMenuLogoff" = 0 (0x0) "NoStartMenuSubFolders" = 0 (0x0) "NoDisconnect" = 0 (0x0) "NoNtSecurity" = 0 (0x0) "NoSetFolders" = 0 (0x0) "GreyMSIAds" = 0 (0x0) "ForceMaxRecentDocs" = 0 (0x0) "NoSMBalloonTip" = 0 (0x0) "NoSMBalloonTips" = 0 (0x0) "NoTrayContextMenu" = 0 (0x0) "LockTaskbar" = 0 (0x0) "NoTaskGrouping" = 0 (0x0) "NoWebServices" = 0 (0x0) "NoFileUrl" = 0 (0x0) "NoBandCustomize" = 0 (0x0) "NoToolbarCustomize" = 0 (0x0) "NoExpandedNewMenu" = 0 (0x0) "SpecifyDefaultButtons" = 0 (0x0) "NoRecentDocsNetHood" = 0 (0x0) "EnforceShellExtensionSecurity" = 0 (0x0) "NoLogOff" = 0 (0x0) "NoRunasInstallPrompt" = 0 (0x0) "PromptRunasInstallNetPath" = 1 (0x1) "NoResolveTrack" = 0 (0x0) "NoResolveSearch" = 0 (0x0) "NoDevMgrUpdate" = 0 (0x0) "NoThumbnailCache" = 0 (0x0) "ForceCopyAclwithFile" = 0 (0x0) "StartRunNoHOMEPATH" = 0 (0x0) [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ corr rentversion \ Policies \ Explorer] "NoThemesTab" = 0 (0x0) "NoChangeKeyboardNavigationIndicators" = 0 (0x0) "NoChangeAnimation" = 0 (0x0) "NoAddPrinter" = 0 (0x0) "NoDeletePrinter" = 0 (0x0) "RestrictCpl" = 0 (0x0) "DisallowCpl" = 0 (0x0) "NoViewOnDrive" = 0 (0x0) "RestrictRun" = 0 (0x0) "DisallowRun" = 0 (0x0) "NoRecycleFiles" = 0 (0x0) "ForceRecycleBinSize" = 0 (0x0) "NoCustomizeWebView" = 0 (0x0) "NoViewContextMenu" = 0 (0x0) "NoWinKeys" = 0 (0x0) "NoFileAssociate" = 0 (0x0) "NoDFSTab" = 0 (0x0) "NoInstrumentation" = 0 (0x0) "NoCustomizeThisFolder" = 0 (0x0) "NoWebView" = 0 (0x0) "DontShowSuperHidden" = 0 (0x0) "NoOnlinePrintsWizard" = 0 (0x0) "NoPublishingWizard" = 0 (0x0) "NoRun" = 0 (0x0) "NoSMConfigurePrograms" = 0 (0x0) "NoSMMyPictures" = 0 (0x0) "NoStartMenuMyMusic" = 0 (0x0) "NoFavoritesMenu" = 0 (0x0) "NoHelp" = 0 (0x0) "NoCommonGroups" = 0 (0x0) "NoFind" = 0 (0x0) "NoFolderOptions" = 0 (0x0) "NoStartMenuMFUprogramsList" = 0 (0x0) "NoStartMenuPinnedList" = 0 (0x0) "NoUserNameInStartMenu" = 0 (0x0) "NoStartMenuMorePrograms" = 0 (0x0) "NoStartMenuEjectPC" = 0 (0x0) "NoSimpleStartMenu" = 0 (0x0) "ForceStartMenuLogoff" = 0 (0x0) "StartMenuLogoff" = 0 (0x0) "NoStartMenuSubFolders" = 0 (0x0) "NoDisconnect" = 0 (0x0) "NoNtSecurity" = 0 (0x0) "NoSetFolders" = 0 (0x0) "GreyMSIAds" = 0 (0x0) "ForceMaxRecentDocs" = 0 (0x0) "NoSMBalloonTip" = 0 (0x0) "NoSMBalloonTips" = 0 (0x0) "NoTrayContextMenu" = 0 (0x0) "LockTaskbar" = 0 (0x0) "HideClock" = 0 (0x0) "NoTaskGrouping" = 0 (0x0) "NoActiveDesktopChanges" = 0 (0x0) "NoWebServices" = 0 (0x0) "NoFileUrl" = 0 (0x0) "NoBandCustomize" = 0 (0x0) "NoToolbarCustomize" = 0 (0x0) "NoExpandedNewMenu" = 0 (0x0) "SpecifyDefaultButtons" = 0 (0x0) "NoRecentDocsNetHood" = 0 (0x0) "EnforceShellExtensionSecurity" = 0 (0x0) "NoClose" = 0 (0x0) "NoLogOff" = 0 (0x0) "NoRunasInstallPrompt" = 0 (0x0) "PromptRunasInstallNetPath" = 1 (0x1) "NoResolveTrack" = 0 (0x0) "NoResolveSearch" = 0 (0x0) "NoDevMgrUpdate" = 0 (0x0) "NoThumbnailCache" = 0 (0x0) "ForceCopyAclwithFile" = 0 (0x0) "StartRunNoHOMEPATH" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ LMIinit] LMIinit.dll 2007-11-15 18:46 87352 C: \ WINDOWS \ system32 \ LMIinit.dll [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Caffe-Server] - un ------ 2006-07-09 15:27 4803072 C: \ Program Files \ Caffe \ server.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Cmaudio] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ctfmon.exe] - un ------ 2004-08-19 08:42 30208 C: \ WINDOWS \ system32 \ ctfmon.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxhkcmd] - un ------ 2005-09-20 10:32 77824 C: \ WINDOWS \ system32 \ hkcmd.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxpers] - un ------ 2005-09-20 10:36 114688 C: \ WINDOWS \ system32 \ igfxpers.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxtray] - un ------ 2005-09-20 10:35 94208 C: \ WINDOWS \ system32 \ igfxtray.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ kis] C: \ Archivos de programa \ Kaspersky Lab \ Kaspersky Internet Security 6.0 \ avp.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ msnmsgr] C: \ Archivos de programa \ MSN Messenger \ msnmsgr.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ TaskSwitchXP] C: \ Archivos de programa \ TaskSwitchXP \ TaskSwitchXP.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WinampAgent] C: \ Archivos de programa \ Winamp \ winampa.exe R1 NtFsLdf20; NtFsLdf20; C: \ WINDOWS \ system32 \ drivers \ Nt FsLdf20.sys [2002-07-04 13:52] R2 LMIInfo; LogMeIn Kernel Information Provider; C: \ Archivos de programa \ LogMeIn \ x86 \ RaInfo.sys [2007-08-03 15:09] R2 LMIRfsDriver; LogMeIn Remote File System Driver; C: \ WINDOWS \ system32 \ drivers \ LMIRfsDriver.sy s [2007-08-03 15:09] R3 usbscan; Controlador de escáner USB; C: \ WINDOWS \ system32 \ drivers \ usbscan.sys [2006-08-17 21:32] S2 ABBYY.Licensing.FineReader.Professional.9.0; ABBYY FineReader 9,0 Licensing Service; "C: \ Archivos de programa \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe" [2007-09-25 00:11] S3 bepldr; BCL easyPDF SDK 5 Loader; "C: \ Archivos de programa \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe" [2007-08-22 16:19] S3 USBSTOR; Dispositivo de almacenamiento de datos masivo USB; C: \ WINDOWS \ system32 \ drivers \ Usbstor.sys [2004-08-03 23:08] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ svchost] LocalService REG_MULTI_SZ Alerter WebClient Lmhosts upnphost SSDPSRV [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (5714de88-a427-11dc-861c-00196604d2ae)] \ Shell \ Auto \ command - H: \ Cn911.exe \ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ RUNDLL32.EXE shell32.dll, ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (68ae8df5-aca4-11dc-81b1-00196604d2ae)] \ Shell \ AutoRun \ command - auto.exe \ Shell \ esplorare \ Command - RavMon.exe-e \ Shell \ Open \ Command - RavMon.exe [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (805ec9a7-a004-11dc-8615-00196604d2ae)] \ Shell \ AutoRun \ command - G: \ LaunchU3.exe-uno [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (92ef7850-A108-11dc-8619-00196604d2ae)] \ Shell \ Auto \ command - H: \ Cn911.exe \ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ RUNDLL32.EXE shell32.dll, ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (92ef78aa-A108-11dc-8619-00196604d2ae)] \ Shell \ Auto \ command - H: \ Cn911.exe \ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ RUNDLL32.EXE shell32.dll, ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (92ef78b4-A108-11dc-8619-00196604d2ae)] \ Shell \ Auto \ command - H: \ Cn911.exe \ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ RUNDLL32.EXE shell32.dll, ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (b05019b3-a665-11dc-a263-00196604d2ae)] \ Shell \ AutoRun \ command - ntde1ect.com \ Shell \ esplorare \ Command - ntde1ect.com \ Shell \ Open \ Command - ntde1ect.com [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (d79ae692-9f95-11dc-8614-00196604d2ae)] \ Shell \ AutoRun \ command - G: \ ntde1ect.com \ Shell \ esplorare \ Command - G: \ ntde1ect.com \ Shell \ Open \ Command - G: \ ntde1ect.com * * Servizio di nuova costituzione - COMSYSAPP * * Servizio di nuova costituzione - PROCEXP90 . Contenido de cartella 'Tareas Programadas' "2007-12-08 20:22:33 C: \ WINDOWS \ Tasks \ McDefragTask.job" . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-06 14:51:38 5/1/2600 Windows Service Pack 2 NTFS escaneando procesos ocultos ... escaneando messaggi autostart nascoste di ... escaneando archivos ocultos ... errore del disco: C: \ WINDOWS \ ************************************************** ************************ [HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ c atchme] "ImagePath" = "\? \ C: \ Windows \ Temp \ catchme.sys" . --------------------- DLLs cargados bajo los procesos en ejecución --------------------- PROCESSO: C: \ WINDOWS \ system32 \ winlogon.exe -> C: \ WINDOWS \ system32 \ usbmons.dll . Tiempo completado: 2008-01-06 14:52:51 ComboFix-quarantena-files.txt 2008-01-06 18:51:58 . 2007-12-18 03:51:13 --- EOF --- Logfile di Trend Micro HijackThis v2.0.2 Scan salvato a 03:32:28 pm, il 06/01/2008 Piattaforma: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Processi in esecuzione: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Archivos de programa \ LogMeIn \ x86 \ RaMaint.exe C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeIn.exe C: \ Archivos de programa \ Archivos comunes \ Microsoft Shared \ VS7DEBUG \ Mdm.exe C: \ WINDOWS \ system32 \ HPZipm12.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe C: \ Archivos de programa \ DAEMON Tools \ daemon.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ WINDOWS \ system32 \ Dllhost.exe C: \ WINDOWS \ explorer.exe C: \ Archivos de programa \ Mozilla Firefox \ firefox.exe C: \ Archivos de programa \ Microsoft Office \ Office11 \ WINWORD.EXE C: \ Archivos de programa \ Trend Micro \ HijackThis \ asdf.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = circa: bianco R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Archivos de programa \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll O4 - HKLM \ .. \ Run: [LogMeIn GUI] "C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeInSystray.exe" O4 - HKCU \ .. \ Run: [DAEMON Tools] "C: \ Archivos de programa \ DAEMON Tools \ daemon.exe"-lang 1033 O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Archivos de programa \ Windows Live \ Messenger \ MsnMsgr.Exe" / background O4 - HKCU \ .. \ Run: [Comrade.exe] C: \ Archivos de programa \ GameSpy \ Comrade \ Comrade.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe (User 'SERVICIO LOCALE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe (User 'Servicio de rossi') O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe (User 'Default user') O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Toolbars \ Restrictions presenti O8 - Extra contesto voce di menu: E & xportar a Microsoft Excel - res: / / C: \ ARCHIV ~ 1 \ micros ~ 1 \ Office11 \ EXCEL.EXE/3000 O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de programa \ Java \ jre1.5.0_09 \ bin \ ssv.dll O9 - Extra pulsante: Referencia - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ ARCHIV ~ 1 \ micros ~ 1 \ Office11 \ REFIEBAR.DLL Ø16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813 Ø16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl Class) -- http://messenger.zone.msn.com/ES-LA/.../GAME_UNO1.cab Ø16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab Ø16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (BAA62A6B-DD15-4E55-A719-401AF676E3A9): NameServer = 10.0.0.1,10.0.0.2 O23 - Service: ABBYY FineReader 9,0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C: \ Archivos de programa \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C: \ Archivos de programa \ Ares \ chatServer.exe O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Sconosciuto proprietario - C: \ Archivos de programa \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe O23 - Service: Servizio di indicizzazione (CiSvc) - Sconosciuto proprietario - C: \ WINDOWS \ system32 \ cisvc.exe (file mancanti) O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C: \ Archivos de programa \ LogMeIn \ x86 \ RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C: \ Archivos de programa \ LogMeIn \ x86 \ LogMeIn.exe O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C: \ Archivos de programa \ Spyware Doctor \ svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C: \ Archivos de programa \ Spyware Doctor \ swdsvc.exe -- Fine del file - 4754 bytes |
|
#6
5 gennaio 2008, 12:52
| |||
| |||
| Che ha portato alcuni di loro, ma vi è ancora di più. Scaricare SDFix.exe e salvarlo sul desktop. Fare doppio clic SDFix.exe e si estrarre i file in% systemdrive% (Unità che contiene la directory di Windows, di solito C: \ SDFix) Si prega di riavviare il computer in Safe Mode facendo quanto segue:
Next post SDFix Accedi Nuovo log HijackThis
__________________ |
|
#7
6 Gennaio 2008, 09:58
| |||
| |||
| problema risolto. :) Thnx |
|
#8
6. Gen 2008, 12:47
| |||
| |||
| Citazione:
Esprimi la tua mente postando i log?
__________________ |
|
#9
9 Gennaio 2008, 09:36
| |||
| |||
| nessun problema. |
