curiosul Posted September 9, 2011 Report Posted September 9, 2011 (edited) De cateva zile primesc erorile urmatoare cand vreau sa intru pe siturile de genul hf, enchanceviewsm, project honeypot si altele:Am WIN XP SP3, Avast Internet Security updatat la zi, look'n'stop firewall si nu iese nimic din pc la mine fara sa fiu anuntat! Sa fie oare buba transmisa prin adobe sau altele "de incredere" la care le-am permis conexiunea la internet?Acuma a mai aparut si kktul asta de eroare: Edited September 9, 2011 by curiosul Quote
nedo Posted September 9, 2011 Report Posted September 9, 2011 tot ce este posibil, Sau pur si simplu sa fie un rootkit.Incearca sa faci o scanare dupa un live cd. Eventual scoate totul de la exceptiile firewall-ului si vezi daca iti da aceeasi eroare. Quote
Paul4games Posted September 10, 2011 Report Posted September 10, 2011 Este posibil sa fi infectat cu un malware care se injecteaza in default browser/explorer/procese de genul care nu sunt suspicioase, descarca hijackthis si dai un scan, posteaza aici logul sa vad si eu ce si cum si instealeaza ca firewall comodo. Quote
curiosul Posted September 10, 2011 Author Report Posted September 10, 2011 Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:30:13 PM, on 9/10/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVAST Software\Avast\afwServ.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\AVAST Software\Avast\avastUI.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\looknstop\looknstop.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exeC:\Documents and Settings\Virus\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Virus\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Virus\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Virus\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Virus\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Virus\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Virus\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Virus\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Virus\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Virus\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\AIMP2\AIMP2.exeC:\Documents and Settings\Virus\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Documents and Settings\Virus\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GoogleR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = BingR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = BingR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dllO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dllO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exeO4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\looknstop\looknstop.exe" -autoO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -tO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Virus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exeO23 - Service: DFServ - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 8385 bytesNu stiu sigur cum e cu procesele alea din system32. Quote