Guest ANDERSON Posted March 11, 2008 Share Posted March 11, 2008 Hi, My computer have a big problem in security system. He was infected by ISASS malware, a WORM that hide in windows system folders and share my conection with anothers users without my autorization. In firewall i can see a lot of ports opened without my UAC identify. Anti vÃÂrus like norton or kaspersky don't solve my problem. Spybot did not help me too. I tried windows defender, and tried RegistryBooster 2, both without sucess. I studied a internet forum about the problems and i believed that i will solve the problem with a tool of microsoft: http://www.microsoft.com/downloads/details...&displaylang=en but after dowloaded and scanner computer, the tool dont find any problem... I finded a soluction for WINDOWS XP in this link: http://www.microsoft.com/technet/security/...n/ms04-011.mspx but its a soluction of 2004 year, and dont help windows vista users. My firewall keep blocking some ports but it isn't a solucion for a problem. I keep have problem, a critical problem, and i dont know how solve. I founded a tool to solve a problem in "host file", on folder system, but i dont believe that this tool will solve my problem. His name is RRT 4.6 and was made for solve this kind of problem, but only remove malware problems if i pay for this, and i dont believe that i will need this paralel soluction. This is the log of HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 8:51:28 PM, on 3/11/2008 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Camera Assistant Software for Gateway\traybar.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Spare Backup\SpareBackup.exe C:\Program Files\Napster\napster.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\BigFix\bigfix.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE c:\users\anderson\desktop\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...ys=PTB&M=M-6834 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...ys=PTB&M=M-6834 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...ys=PTB&M=M-6834 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [cmpe] C:\Windows\system32\cmpe.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\9\Config\ereg.ini" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/...NPUpldpt-br.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://www.onlineregister.com/gateway/serial/gwCID.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4D29593B-A1B0-4198-A748-A05CC3CC023B}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel Quote Link to comment Share on other sites More sharing options...
Guest Carey Frisch [MVP] Posted March 12, 2008 Share Posted March 12, 2008 Your computer is massively infected with malware and requires a clean install of Windows Vista. Cleaning a Compromised System http://www.microsoft.com/technet/community...gmt/sm0504.mspx -- Carey Frisch Microsoft MVP Windows Shell/User --------------------------------------------------------------- "ANDERSON" wrote: Hi, My computer have a big problem in security system. He was infected by ISASS malware, a WORM that hide in windows system folders and share my conection with anothers users without my autorization. In firewall i can see a lot of ports opened without my UAC identify. Anti vÃÂrus like norton or kaspersky don't solve my problem. Spybot did not help me too. I tried windows defender, and tried RegistryBooster 2, both without sucess. I studied a internet forum about the problems and i believed that i will solve the problem with a tool of microsoft: http://www.microsoft.com/downloads/details...&displaylang=en but after dowloaded and scanner computer, the tool dont find any problem... I finded a soluction for WINDOWS XP in this link: http://www.microsoft.com/technet/security/...n/ms04-011.mspx but its a soluction of 2004 year, and dont help windows vista users. My firewall keep blocking some ports but it isn't a solucion for a problem. I keep have problem, a critical problem, and i dont know how solve. I founded a tool to solve a problem in "host file", on folder system, but i dont believe that this tool will solve my problem. His name is RRT 4.6 and was made for solve this kind of problem, but only remove malware problems if i pay for this, and i dont believe that i will need this paralel soluction. This is the log of HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 8:51:28 PM, on 3/11/2008 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Camera Assistant Software for Gateway\traybar.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Spare Backup\SpareBackup.exe C:\Program Files\Napster\napster.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\BigFix\bigfix.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE c:\users\anderson\desktop\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...ys=PTB&M=M-6834 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...ys=PTB&M=M-6834 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...ys=PTB&M=M-6834 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [cmpe] C:\Windows\system32\cmpe.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [PPort9reminder] "C:\Program Files\ScanSoft\PaperPort\WebEreg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\9\Config\ereg.ini" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/...NPUpldpt-br.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://www.onlineregister.com/gateway/serial/gwCID.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4D29593B-A1B0-4198-A748-A05CC3CC023B}: NameServer = 200.165.132.148 200.165.132.155 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel Quote Link to comment Share on other sites More sharing options...
Guest Dwarf Posted March 13, 2008 Share Posted March 13, 2008 Hi ANDERSON, I agree with Carey. You have got a variant of the 'Sasser' malware on your system. This malware is notoriously difficult to remove and in many cases the best solution is to reinstall Vista. In your case, from reading your post, there are so many errors that this is really the only sensible option for you. Make sure that when you do you choose the full format option and not the quick format. Dwarf "ANDERSON" wrote: <span style="color:blue"> > Hi, > > My computer have a big problem in security system. He was infected by ISASS > malware, a WORM that hide in windows system folders and share my conection > with anothers users without my autorization. > > In firewall i can see a lot of ports opened without my UAC identify. Anti > vÃÂrus like norton or kaspersky don't solve my problem. Spybot did not help me > too. I tried windows defender, and tried RegistryBooster 2, both without > sucess. > > I studied a internet forum about the problems and i believed that i will > solve the problem with a tool of microsoft: > > http://www.microsoft.com/downloads/details...&displaylang=en > > but after dowloaded and scanner computer, the tool dont find any problem... > > I finded a soluction for WINDOWS XP in this link: > > http://www.microsoft.com/technet/security/...n/ms04-011.mspx > > but its a soluction of 2004 year, and dont help windows vista users. > > My firewall keep blocking some ports but it isn't a solucion for a problem. > I keep have problem, a critical problem, and i dont know how solve. > > I founded a tool to solve a problem in "host file", on folder system, but i > dont believe that this tool will solve my problem. His name is RRT 4.6 and > was made for solve this kind of problem, but only remove malware problems if > i pay for this, and i dont believe that i will need this paralel soluction. > > This is the log of HijackThis: > > Logfile of HijackThis v1.99.1 > Scan saved at 8:51:28 PM, on 3/11/2008 > Platform: Unknown Windows (WinNT 6.00.1904) > MSIE: Internet Explorer v8.00 (8.00.6001.17184) > > Running processes: > C:Windowssystem32Dwm.exe > C:Windowssystem32taskeng.exe > C:WindowsExplorer.EXE > C:Program FilesWindows DefenderMSASCui.exe > C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe > C:Program FilesCamera Assistant Software for Gatewaytraybar.exe > C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe > C:Program FilesSpare BackupSpareBackup.exe > C:Program FilesNapsternapster.exe > C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe > C:WindowsSystem32igfxtray.exe > C:WindowsSystem32hkcmd.exe > C:Windowssystem32igfxsrvc.exe > C:WindowsSystem32igfxpers.exe > C:Program FilesScanSoftPaperPortpptd40nt.exe > C:Program FilesCamera Assistant Software for GatewayCEC_MAIN.exe > C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe > C:Windowssystem32wbemunsecapp.exe > C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe > C:Windowsehomeehtray.exe > C:Program FilesSkypePhoneSkype.exe > C:Program FilesPicasa2PicasaMediaDetector.exe > C:Program FilesWindows LiveMessengermsnmsgr.exe > C:Program FilesSpybot - Search & DestroyTeaTimer.exe > C:Windowsehomeehmsas.exe > C:Program FilesWindows Media Playerwmpnscfg.exe > C:Program FilesBigFixbigfix.exe > C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE > C:Program FilesSkypePlugin ManagerskypePM.exe > C:Windowssystem32conime.exe > C:Program FilesMozilla Firefoxfirefox.exe > C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE > c:usersandersondesktophijackthis.exe > > R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = > about:blank > R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank > R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = > http://www.gateway.com/g/startpage.html?Ch...ys=PTB&M=M-6834 > R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = > about:blank > R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank > R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = > http://www.gateway.com/g/startpage.html?Ch...ys=PTB&M=M-6834 > R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = > http://www.gateway.com/g/sidepanel.html?Ch...ys=PTB&M=M-6834 > R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = > R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = about:blank > R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = about:blank > R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = > O1 - Hosts: ::1 localhost > O2 - BHO: Adobe PDF Reader Link Helper - > {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon > FilesAdobeAcrobatActiveXAcroIEHelper.dll > O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} > - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll > O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} > - C:PROGRA~1SPYBOT~1SDHelper.dll > O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) > O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} > - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll > O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - > c:program filesgooglegoogletoolbar1.dll > O2 - BHO: Windows Live Toolbar Helper - > {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live > Toolbarmsntb.dll > O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - > "C:Program FilesMe.diumMe.dium IE Add-onMediumIEAddOn.dll" (file missing) > O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program > filesgooglegoogletoolbar1.dll > O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} > - C:Program FilesWindows Live Toolbarmsntb.dll > O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows > DefenderMSASCui.exe -hide > O4 - HKLM..Run: [iAAnotif] "C:Program FilesIntelIntel Matrix Storage > ManagerIaanotif.exe" > O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe > O4 - HKLM..Run: [Camera Assistant Software] "C:Program FilesCamera > Assistant Software for Gatewaytraybar.exe" > O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle > Desktop SearchGoogleDesktop.exe" /startup > O4 - HKLM..Run: [spare Backup] "C:Program FilesSpare > BackupSpareBackup.exe" /silent > O4 - HKLM..Run: [NapsterShell] C:Program FilesNapsternapster.exe /systray > O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft > OfficeOffice12GrooveMonitor.exe" > O4 - HKLM..Run: [igfxTray] C:Windowssystem32igfxtray.exe > O4 - HKLM..Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe > O4 - HKLM..Run: [Persistence] C:Windowssystem32igfxpers.exe > O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program > FilesAdobeReader 8.0ReaderReader_sl.exe" > O4 - HKLM..Run: [cmpe] C:Windowssystem32cmpe.exe > O4 - HKLM..Run: [sSBkgdUpdate] "C:Program FilesCommon FilesScansoft > SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot > O4 - HKLM..Run: [PaperPort PTD] C:Program > FilesScanSoftPaperPortpptd40nt.exe > O4 - HKLM..Run: [indexSearch] C:Program > FilesScanSoftPaperPortIndexSearch.exe > O4 - HKLM..Run: [PPort9reminder] "C:Program > FilesScanSoftPaperPortWebEregEreg.exe" -r > "C:ProgramDataScanSoftPaperPort9Configereg.ini" > O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Internet > Security 7.0avp.exe" > O4 - HKLM..RunOnce: [Launcher] %WINDIR%SMINSTlauncher.exe > O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe > O4 - HKCU..Run: [skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash > /minimized > O4 - HKCU..Run: [Picasa Media Detector] C:Program > FilesPicasa2PicasaMediaDetector.exe > O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows > LiveMessengermsnmsgr.exe" /background > O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & > DestroyTeaTimer.exe > O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media > PlayerWMPNSCFG.exe > O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program > FilesMicrosoft OfficeOffice12ONENOTEM.EXE > O4 - Global Startup: BigFix.lnk = C:Program FilesBigFixbigfix.exe > O8 - Extra context menu item: Add to Anti-Banner - C:Program > FilesKaspersky LabKaspersky Internet Security 7.0ie_banner_deny.htm > O9 - Extra button: Web Anti-Virus statistics - > {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky > LabKaspersky Internet Security 7.0SCIEPlgn.dll > O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} > - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll > O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - > {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows > LiveWriterWriterBrowserExtension.dll > O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} > - C:PROGRA~1MICROS~3Office12ONBttnIE.dll > O9 - Extra 'Tools' menuitem: S&end to OneNote - > {2670000A-7350-4f3c-8081-5663EE0C6C49} - > C:PROGRA~1MICROS~3Office12ONBttnIE.dll > O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - > "C:Program FilesMe.diumMe.dium IE Add-onMediumIEAddOn.dll" (file missing) > O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - > C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - > C:PROGRA~1MICROS~3Office12REFIEBAR.DLL > O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - > C:PROGRA~1SPYBOT~1SDHelper.dll > O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - > {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll > O10 - Unknown file in Winsock LSP: c:windowssystem32nlaapi.dll > O10 - Unknown file in Winsock LSP: c:windowssystem32napinsp.dll > O11 - Options group: [iNTERNATIONAL] International > O13 - Gopher Prefix: > O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare > safety scanner control) - > http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab > O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - > http://gfx2.hotmail.com/mail/w2/resources/...NPUpldpt-br.cab > O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - > http://www.eset.eu/buxus/docs/OnlineScanner.cab > O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - > http://www.onlineregister.com/gateway/serial/gwCID.cab > O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - > http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab > O17 - > HKLMSystemCCSServicesTcpip..{4D29593B-A1B0-4198-A748-A05CC3CC023B}: > NameServer = 200.165.132.148 200.165.132.155 > O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - > C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll > O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - > C:PROGRA~1WI1F86~1MESSEN~1MSGRAP~1.DLL > O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - > C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll > O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - > C:PROGRA~1WI1F86~1MESSEN~1MSGRAP~1.DLL > O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - > C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL > O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - > C:Program FilesWindows LiveMailmailcomm.dll > O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - > C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL > O20 - AppInit_DLLs: > C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL,C:PROGRA~1KASPER~1KASPER~1.0r3hook.dll,C:PROGRA~1KASPER~1KASPER~1.0adialhk.dll > O20 - Winlogon Notify: igfxcui - C:WindowsSYSTEM32igfxdev.dll > O20 - Winlogon Notify: klogon - C:Windowssystem32klogon.dll > O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere > Systems - C:Windowssystem32agrsmsvc.exe > O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - > C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe" -r > (file missing) > O23 - Service: Context Manager Process Extension (cmpe) - LightComm - > C:Windowssystem32cmpe.exe > O23 - Service: @%SystemRoot%ehomeehstart.dll,-101 (ehstart) - Unknown > owner - %windir%system32svchost.exe (file missing) > O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program > FilesGateway GamesGateway Game ConsoleGameConsoleService.exe > O23 - Service: GoogleDesktopManager - Google - C:Program > FilesGoogleGoogle Desktop SearchGoogleDesktop.exe > O23 - Service: Google Updater Service (gusvc) - Google - C:Program > FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe > O23 - Service: Intel Quote Link to comment Share on other sites More sharing options...
Guest Hank Arnold (MVP) Posted March 16, 2008 Share Posted March 16, 2008 ANDERSON wrote:<span style="color:blue"> > Hi, > > My computer have a big problem in security system. He was infected by ISASS > malware, a WORM that hide in windows system folders and share my conection > with anothers users without my autorization. > > In firewall i can see a lot of ports opened without my UAC identify. Anti > vÃÂrus like norton or kaspersky don't solve my problem. Spybot did not help me > too. I tried windows defender, and tried RegistryBooster 2, both without > sucess. > > I studied a internet forum about the problems and i believed that i will > solve the problem with a tool of microsoft: > > http://www.microsoft.com/downloads/details...&displaylang=en > > but after dowloaded and scanner computer, the tool dont find any problem... > > I finded a soluction for WINDOWS XP in this link: > > http://www.microsoft.com/technet/security/...n/ms04-011.mspx > > but its a soluction of 2004 year, and dont help windows vista users. > > My firewall keep blocking some ports but it isn't a solucion for a problem. > I keep have problem, a critical problem, and i dont know how solve. > > I founded a tool to solve a problem in "host file", on folder system, but i > dont believe that this tool will solve my problem. His name is RRT 4.6 and > was made for solve this kind of problem, but only remove malware problems if > i pay for this, and i dont believe that i will need this paralel soluction. > > This is the log of HijackThis: > > Logfile of HijackThis v1.99.1 > Scan saved at 8:51:28 PM, on 3/11/2008 > Platform: Unknown Windows (WinNT 6.00.1904) > MSIE: Internet Explorer v8.00 (8.00.6001.17184) > > Running processes: > C:Windowssystem32Dwm.exe > C:Windowssystem32taskeng.exe > C:WindowsExplorer.EXE > C:Program FilesWindows DefenderMSASCui.exe > C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe > C:Program FilesCamera Assistant Software for Gatewaytraybar.exe > C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe > C:Program FilesSpare BackupSpareBackup.exe > C:Program FilesNapsternapster.exe > C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe > C:WindowsSystem32igfxtray.exe > C:WindowsSystem32hkcmd.exe > C:Windowssystem32igfxsrvc.exe > C:WindowsSystem32igfxpers.exe > C:Program FilesScanSoftPaperPortpptd40nt.exe > C:Program FilesCamera Assistant Software for GatewayCEC_MAIN.exe > C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe > C:Windowssystem32wbemunsecapp.exe > C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe > C:Windowsehomeehtray.exe > C:Program FilesSkypePhoneSkype.exe > C:Program FilesPicasa2PicasaMediaDetector.exe > C:Program FilesWindows LiveMessengermsnmsgr.exe > C:Program FilesSpybot - Search & DestroyTeaTimer.exe > C:Windowsehomeehmsas.exe > C:Program FilesWindows Media Playerwmpnscfg.exe > C:Program FilesBigFixbigfix.exe > C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE > C:Program FilesSkypePlugin ManagerskypePM.exe > C:Windowssystem32conime.exe > C:Program FilesMozilla Firefoxfirefox.exe > C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE > c:usersandersondesktophijackthis.exe > > R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = > about:blank > R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank > R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = > http://www.gateway.com/g/startpage.html?Ch...ys=PTB&M=M-6834 > R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = > about:blank > R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank > R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = > http://www.gateway.com/g/startpage.html?Ch...ys=PTB&M=M-6834 > R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = > http://www.gateway.com/g/sidepanel.html?Ch...ys=PTB&M=M-6834 > R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = > R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = about:blank > R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = about:blank > R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = > O1 - Hosts: ::1 localhost > O2 - BHO: Adobe PDF Reader Link Helper - > {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon > FilesAdobeAcrobatActiveXAcroIEHelper.dll > O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} > - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll > O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} > - C:PROGRA~1SPYBOT~1SDHelper.dll > O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) > O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} > - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll > O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - > c:program filesgooglegoogletoolbar1.dll > O2 - BHO: Windows Live Toolbar Helper - > {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live > Toolbarmsntb.dll > O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - > "C:Program FilesMe.diumMe.dium IE Add-onMediumIEAddOn.dll" (file missing) > O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program > filesgooglegoogletoolbar1.dll > O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} > - C:Program FilesWindows Live Toolbarmsntb.dll > O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows > DefenderMSASCui.exe -hide > O4 - HKLM..Run: [iAAnotif] "C:Program FilesIntelIntel Matrix Storage > ManagerIaanotif.exe" > O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe > O4 - HKLM..Run: [Camera Assistant Software] "C:Program FilesCamera > Assistant Software for Gatewaytraybar.exe" > O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle > Desktop SearchGoogleDesktop.exe" /startup > O4 - HKLM..Run: [spare Backup] "C:Program FilesSpare > BackupSpareBackup.exe" /silent > O4 - HKLM..Run: [NapsterShell] C:Program FilesNapsternapster.exe /systray > O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft > OfficeOffice12GrooveMonitor.exe" > O4 - HKLM..Run: [igfxTray] C:Windowssystem32igfxtray.exe > O4 - HKLM..Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe > O4 - HKLM..Run: [Persistence] C:Windowssystem32igfxpers.exe > O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program > FilesAdobeReader 8.0ReaderReader_sl.exe" > O4 - HKLM..Run: [cmpe] C:Windowssystem32cmpe.exe > O4 - HKLM..Run: [sSBkgdUpdate] "C:Program FilesCommon FilesScansoft > SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot > O4 - HKLM..Run: [PaperPort PTD] C:Program > FilesScanSoftPaperPortpptd40nt.exe > O4 - HKLM..Run: [indexSearch] C:Program > FilesScanSoftPaperPortIndexSearch.exe > O4 - HKLM..Run: [PPort9reminder] "C:Program > FilesScanSoftPaperPortWebEregEreg.exe" -r > "C:ProgramDataScanSoftPaperPort9Configereg.ini" > O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Internet > Security 7.0avp.exe" > O4 - HKLM..RunOnce: [Launcher] %WINDIR%SMINSTlauncher.exe > O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe > O4 - HKCU..Run: [skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash > /minimized > O4 - HKCU..Run: [Picasa Media Detector] C:Program > FilesPicasa2PicasaMediaDetector.exe > O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows > LiveMessengermsnmsgr.exe" /background > O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & > DestroyTeaTimer.exe > O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media > PlayerWMPNSCFG.exe > O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program > FilesMicrosoft OfficeOffice12ONENOTEM.EXE > O4 - Global Startup: BigFix.lnk = C:Program FilesBigFixbigfix.exe > O8 - Extra context menu item: Add to Anti-Banner - C:Program > FilesKaspersky LabKaspersky Internet Security 7.0ie_banner_deny.htm > O9 - Extra button: Web Anti-Virus statistics - > {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky > LabKaspersky Internet Security 7.0SCIEPlgn.dll > O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} > - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll > O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - > {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows > LiveWriterWriterBrowserExtension.dll > O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} > - C:PROGRA~1MICROS~3Office12ONBttnIE.dll > O9 - Extra 'Tools' menuitem: S&end to OneNote - > {2670000A-7350-4f3c-8081-5663EE0C6C49} - > C:PROGRA~1MICROS~3Office12ONBttnIE.dll > O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - > "C:Program FilesMe.diumMe.dium IE Add-onMediumIEAddOn.dll" (file missing) > O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - > C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - > C:PROGRA~1MICROS~3Office12REFIEBAR.DLL > O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - > C:PROGRA~1SPYBOT~1SDHelper.dll > O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - > {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll > O10 - Unknown file in Winsock LSP: c:windowssystem32nlaapi.dll > O10 - Unknown file in Winsock LSP: c:windowssystem32napinsp.dll > O11 - Options group: [iNTERNATIONAL] International > O13 - Gopher Prefix: > O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare > safety scanner control) - > http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab > O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - > http://gfx2.hotmail.com/mail/w2/resources/...NPUpldpt-br.cab > O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - > http://www.eset.eu/buxus/docs/OnlineScanner.cab > O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - > http://www.onlineregister.com/gateway/serial/gwCID.cab > O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - > http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab > O17 - > HKLMSystemCCSServicesTcpip..{4D29593B-A1B0-4198-A748-A05CC3CC023B}: > NameServer = 200.165.132.148 200.165.132.155 > O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - > C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll > O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - > C:PROGRA~1WI1F86~1MESSEN~1MSGRAP~1.DLL > O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - > C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll > O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - > C:PROGRA~1WI1F86~1MESSEN~1MSGRAP~1.DLL > O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - > C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL > O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - > C:Program FilesWindows LiveMailmailcomm.dll > O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - > C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL > O20 - AppInit_DLLs: > C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL,C:PROGRA~1KASPER~1KASPER~1.0r3hook.dll,C:PROGRA~1KASPER~1KASPER~1.0adialhk.dll > O20 - Winlogon Notify: igfxcui - C:WindowsSYSTEM32igfxdev.dll > O20 - Winlogon Notify: klogon - C:Windowssystem32klogon.dll > O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere > Systems - C:Windowssystem32agrsmsvc.exe > O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - > C:Program FilesKaspersky LabKaspersky Internet Security 7.0avp.exe" -r > (file missing) > O23 - Service: Context Manager Process Extension (cmpe) - LightComm - > C:Windowssystem32cmpe.exe > O23 - Service: @%SystemRoot%ehomeehstart.dll,-101 (ehstart) - Unknown > owner - %windir%system32svchost.exe (file missing) > O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program > FilesGateway GamesGateway Game ConsoleGameConsoleService.exe > O23 - Service: GoogleDesktopManager - Google - C:Program > FilesGoogleGoogle Desktop SearchGoogleDesktop.exe > O23 - Service: Google Updater Service (gusvc) - Google - C:Program > FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe > O23 - Service: Intel Quote Link to comment Share on other sites More sharing options...
Guest ANDERSON Posted March 17, 2008 Share Posted March 17, 2008 Thanks, i did a full format... but i dont believe that a worm of 2004 make me to do this... I hate bill gates. see u guys, thank you Anderson <span style="color:blue"><span style="color:green"> > > > > Thanks</span> > > I'll third Carey and Dwarf's suggestion. You are WAY past any chance > of a successful cleanup. Back up critical files and do a clean install > (boot from the XP - VISTA!!! - CD). Be sure to install an AV application and scan any > backed up files before restoring them.... > > -- > > Regards, > Hank Arnold > Microsoft MVP > Windows Server - Directory Services > </span> Quote Link to comment Share on other sites More sharing options...
Guest FromTheRafters Posted March 17, 2008 Share Posted March 17, 2008 "ANDERSON" <ANDERSON@discussions.microsoft.com> wrote in message news:E14205C1-D0FA-49C8-BE27-FF0AA0CBF470@microsoft.com...<span style="color:blue"> > Thanks, i did a full format... > but i dont believe that a worm of 2004 make me to do this...</span> Sasser? Wasn't there a patch for that vulnerability very shortly after its discovery? How could it possibly work its exploit against the new Vista OS!? <span style="color:blue"> > I hate bill gates.</span> Rich geniuses piss me off sometimes too... but that's not really on point. style_emoticons/) Clearly you did the right thing by not wasting time chasing down what might have been done by some unknown malware, but I don't think Bill Gates is the problem here. Sasser, aside from exploit code, abuses functionality that is otherwise beneficial. Blame the malware, not the rich genius. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.