Welcome Guest ( Log In | Register )

 
 Closed TopicStart new topic
> Virus?
Di0g0
post Jul 11 2008, 02:20 PM
Post #1


Regular Poster
**

Group: Regular Bitdefender Poster
Posts: 116
Joined: 8-June 08
Member No.: 13,796
Mi firewall me dice que el processo ./system esta tentando conectar-se a la red www.youtube.com.
El /system conectando-se a www.youtube.com?

BitDefender no detecta virus.

HIJACKTHIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 15:44:58, on 11-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programas\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programas\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\BitDefender\BitDefender 2008\bdagent.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programas\Skype\Phone\Skype.exe
C:\Programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programas\ATI Technologies\ATI.ACE\cli.exe
C:\Programas\ATI Technologies\ATI.ACE\cli.exe
C:\Programas\Skype\Plugin Manager\skypePM.exe
C:\Programas\Valve\Steam\Steam.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Diogo\Ambiente de trabalho\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programas\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programas\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programas\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Programas\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programas\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)


Ordene al firewall que bloquea-se.
Go to the top of the page
 
+Quote Post
Raül
post Jul 14 2008, 07:06 PM
Post #2


Soporte Técnico
***

Group: Soporte Técnico
Posts: 781
Joined: 4-February 08
Member No.: 9,656
Buenas noches Di0g0,

El informe de Hijackthis no refleja anomalías en el sistema.

Para poder investigar qué tipo de aplicación es la que has bloqueado en el Cortafuego, envíanos los archivos de a continuación:

profiles.xml ubicado en C:\Archivos de programa\BitDefender\BitDefender 2008\Firewall\Profiles

bdfirewall.txt ubicado en C:\Archivos de programa\Archivos comunes\BitDefender\BitDefender Firewall

Saludos,
Go to the top of the page
 
+Quote Post
Di0g0
post Jul 14 2008, 11:15 PM
Post #3


Regular Poster
**

Group: Regular Bitdefender Poster
Posts: 116
Joined: 8-June 08
Member No.: 13,796
Aqui estan!


Attached File(s)
Attached File  profiles.xml ( 1.59K ) Number of downloads: 1
Attached File  bdfirewall.txt ( 329.22K ) Number of downloads: 1
 
Go to the top of the page
 
+Quote Post
Raül
post Jul 15 2008, 09:06 AM
Post #4


Soporte Técnico
***

Group: Soporte Técnico
Posts: 781
Joined: 4-February 08
Member No.: 9,656
Buenos días Di0g0,

Observo que hay una IP externa Bloqueada que consulta muchas veces un puerto TCP.

Sigue los pasos de a continuación:

Accede a BitDefender > Opciones > Cortafuego > Tráfico > Restaurar perfil > Red de confianza > Aceptar > Seleccionar Red personal o doméstica.

Accede a la pestaña Avanzado y selecciona Utilizar el mismo perfil (genérico) para todas las nuevas redes.

Verifica si el proceso ./system vuelve a aparecer de nuevo y observa si aparece justo después de acceder a alguna aplicación del equipo que conecte con Internet.

Saludos,
Go to the top of the page
 
+Quote Post
« Next Oldest · Discusión sobre Virus y Malware · Next Newest »
 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

RSS Lo-Fi Version Time is now: 22nd May 2013 - 09:27 AM
Powered By IP.Board © 2013  IPS, Inc.