|
|||||||
|
|
|
 |
|
|
Strumenti |
26-06-2009, 09:19
|
#1 |
|
Member
Iscritto dal: Dec 2008
Messaggi: 37
|
[win vista]infestazione rootkit generico apertura finestre internet
Credo di essere infettato da un rootkit generico che apre finestre di internet durante la navigazione. Non so dove posso averlo preso(magari navigando nei siti porno
 )ma era gia successa una cosa simile al mio pc. Allego il log di hjt. |
|
|
|
26-06-2009, 09:21
|
#2 |
|
Member
Iscritto dal: Dec 2008
Messaggi: 37
|
Codice:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9.18.32, on 26/06/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Prevx\prevx.exe C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Steam\steam.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\ehome\ehtray.exe C:\Users\porko\AppData\Local\igykoau.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Xfire\Xfire.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [igykoau] "c:\users\porko\appdata\local\igykoau.exe" igykoau O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe O23 - Service: Servizio di Google Update (gupdate1c9e2acec6955e7) (gupdate1c9e2acec6955e7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 8771 bytes Ultima modifica di xcdegasp : 26-06-2009 alle 10:20. |
|
|
|
|
26-06-2009, 09:37
|
#3 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Fai girare Prevx 3.0 come indicato al Punto 9 della presente Guida http://www.hwupgrade.it/forum/showthread.php?t=1599737 al termine dovrebbe proporti la rimozione gratutita
Alllega il log che puoi ottenere cliccando su Tools - Salva file di log
__________________
Try again and you will be luckier.
|
|
|
|
|
26-06-2009, 11:39
|
#4 |
|
Utente sospeso
Iscritto dal: Jun 2009
Città: Sassari
Messaggi: 1160
|
ciao guarda per i rootkit ce il buon e ottimo programma come al solito della avg si chiama propio avg rotkit provalo e non te ne pentirai
|
|
|
|
|
26-06-2009, 20:39
|
#5 | |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
Quote:
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 10:16.
