C:\DOCUME~1\METALS~1\IMPOST~1\Temp\11exinjs.i.exe

boletusatanas · 15-10-2006, 08:09

salve raga....
ho bisogno di una mano...è ormai una settimana che combatto con questo trojan...
premetto che non sono espertissimo, ma su internet ho trovato poco, cmq antivir mi segnala circa ogni 10 minuti la presenza di questo file e altri con dicitura molto simile, spesso cambiano i numeri nella dicitura, oppure mi segnala un altro troyan tipo '32exmodul... .exe'.
mi aiutate? avete già trovato qualcosa di simile???

Logfile of HijackThis v1.99.1
Scan saved at 8.07.03, on 15/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Logitech\MediaLife\MediaLifeService.exe
C:\Programmi\File comuni\TerraTec\Remote\TTTVRC.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe
C:\Programmi\ObjectDock\ObjectDock.exe
C:\Programmi\UberIcon\UberIcon Manager.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\Programmi\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\METALS~1\IMPOST~1\Temp\11exinjs.i.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\Program\System\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [MediaLifeService] "C:\Programmi\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programmi\File comuni\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [ObjectDock] C:\Programmi\ObjectDock\ObjectDock.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Programmi\UberIcon\UberIcon Manager.exe"
O4 - Startup: Collegamento a SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Programmi\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

squall15 · 15-10-2006, 08:29

Posta il log nella sezione apposita http://www.hwupgrade.it/forum/showthread.php?t=937676

stesio54 · 15-10-2006, 14:32

Quote:

Originariamente inviato da squall15

Posta il log nella sezione apposita http://www.hwupgrade.it/forum/showthread.php?t=937676

15-10-2006, 08:09	#1
boletusatanas Member Iscritto dal: Oct 2005 Città: in ogni dove Messaggi: 231	C:\DOCUME~1\METALS~1\IMPOST~1\Temp\11exinjs.i.exe salve raga.... ho bisogno di una mano...è ormai una settimana che combatto con questo trojan... premetto che non sono espertissimo, ma su internet ho trovato poco, cmq antivir mi segnala circa ogni 10 minuti la presenza di questo file e altri con dicitura molto simile, spesso cambiano i numeri nella dicitura, oppure mi segnala un altro troyan tipo '32exmodul... .exe'. mi aiutate? avete già trovato qualcosa di simile??? Logfile of HijackThis v1.99.1 Scan saved at 8.07.03, on 15/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Logitech\MediaLife\MediaLifeService.exe C:\Programmi\File comuni\TerraTec\Remote\TTTVRC.exe C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe C:\Programmi\ObjectDock\ObjectDock.exe C:\Programmi\UberIcon\UberIcon Manager.exe C:\Programmi\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE C:\Programmi\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Programmi\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\DOCUME~1\METALS~1\IMPOST~1\Temp\11exinjs.i.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE D:\Program\System\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [MediaLifeService] "C:\Programmi\Logitech\MediaLife\MediaLifeService.exe" O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programmi\File comuni\TerraTec\Remote\TTTVRC.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\FILECO~1\TerraTec\SCHEDU~1\TTTimer.exe O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O4 - HKCU\..\Run: [ObjectDock] C:\Programmi\ObjectDock\ObjectDock.exe O4 - HKCU\..\Run: [UberIcon] "C:\Programmi\UberIcon\UberIcon Manager.exe" O4 - Startup: Collegamento a SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Programmi\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100 O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe __________________ Onesto è colui che cambia il proprio pensiero per accordarlo alla verità. Disonesto è colui che cambia la verità per accordarla al proprio pensiero. IMPOSSIBLE IS NOTHING Apple iPhone 4 16gb - Samsung T220HD 22" - Dell XPS 1530 - Acer Aspire Timeline 1810tz PearlWhite - Play Station 3 - Logitech G27 with Driving Relax - Samsung LCD TV LED 46B7000

15-10-2006, 08:29	#2
squall15 Senior Member Iscritto dal: Sep 2006 Messaggi: 876	Posta il log nella sezione apposita http://www.hwupgrade.it/forum/showthread.php?t=937676

Strumenti
Mostra una versione stampabile Invia questa pagina per email