Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Keyboard causing strange problems


  • Please log in to reply
1 reply to this topic

#1 Fedebass

Fedebass

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 05 April 2012 - 07:21 AM

Hi Guys, hope I'll get some help here. I saw you are real professionals about viruses and infections.
Here's the problem.
I bought a new workstation for 3d graphic. While installing various softwares I installed Adobe Indesign and unfortunately cliked the Core10k.exe file. Actually nothing happened, and that's why I became worried, as one has to worry about a .exe file when you push and noting happens (you think nothing happens :-))
After a while I began having google page redirected to nginx page. Someone told me it could be a malaware, not a virus. Actually yesterday I began having a terribly annoyng behavior that slows my daily work, that is my keybord is beginning acting strangely. it's not very visible, but affects all autocad software. Drawing has become problematic.
The effect can be widely seen if I play music on VLC player: if I start a song it begins to shuffle trough songs insanely, never stopping. This is also the cause of malfunction of autocad etc...
I have microsoft security essentials and Adaware. None reports infection (except a troian in a key generator)...
My system is Windows 7 Home edition.
Any help or tip? my keyboard is wireless, but changed the battery yesterday and the problem is still persisting...
Please help

Thanks in advance
Federico

Edited by Fedebass, 05 April 2012 - 08:03 AM.


BC AdBot (Login to Remove)

 


#2 Fedebass

Fedebass
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 06 April 2012 - 08:50 AM

No one can give me an advice? I searched the forum and made some scans, as noone told me anything:
I hope some one could just give me an opinion...
I don't know if core10k.exe and Nginx are correlated, nor if this is the cause of my keybord behaving strangely...

aswMBR LOG:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-05 17:08:02
-----------------------------
17:08:02.319 OS Version: Windows x64 6.1.7601 Service Pack 1
17:08:02.319 Number of processors: 8 586 0x2A07
17:08:02.320 ComputerName: UTENTE-PC UserName: Utente
17:08:02.500 Initialize success
17:09:19.839 AVAST engine defs: 12040500
17:10:13.055 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:10:13.058 Disk 0 Vendor: ST1000DL002-9TT153 CC3C Size: 953869MB BusType: 11
17:10:13.060 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
17:10:13.063 Disk 1 Vendor: Corsair_Force_3_SSD 1.3.3 Size: 114473MB BusType: 11
17:10:13.068 Disk 1 MBR read successfully
17:10:13.071 Disk 1 MBR scan
17:10:13.075 Disk 1 Windows 7 default MBR code
17:10:13.078 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:10:13.098 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
17:10:13.130 Disk 1 scanning C:\Windows\system32\drivers
17:10:16.747 Service scanning
17:10:27.464 Modules scanning
17:10:27.465 Disk 1 trace - called modules:
17:10:27.471 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:10:27.472 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800d03a790]
17:10:27.473 3 CLASSPNP.SYS[fffff880019a843f] -> nt!IofCallDriver -> [0xfffffa800cdb31e0]
17:10:27.473 5 ACPI.sys[fffff88000ec47a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800cde7060]
17:10:27.647 AVAST engine scan C:\Windows
17:10:28.570 AVAST engine scan C:\Windows\system32
17:11:56.063 AVAST engine scan C:\Windows\system32\drivers
17:12:00.113 AVAST engine scan C:\Users\Utente
17:13:10.032 AVAST engine scan C:\ProgramData
17:14:04.361 Scan finished successfully
17:16:41.278 Disk 1 MBR has been saved successfully to "C:\Users\Utente\Desktop\RIMOZIONE MALAWARE\MBR.dat"
17:16:41.309 The log file has been saved successfully to "C:\Users\Utente\Desktop\RIMOZIONE MALAWARE\aswMBR log (2012 04 05).txt"

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-05 17:42:17
Windows 6.1.7601 Service Pack 1
Running: n63l0ygr.exe

GMER LOG:

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002683153f56
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002683153f56 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

MINITOOLBOX LOG:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Utente (administrator) on 05-04-2012 at 17:18:27
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR5007UG Wireless Network Adapter = Connessione rete wireless 4 (Connected)
Intel® 82579V Gigabit Network Connection = Connessione alla rete locale (LAN) (Media disconnected)
Dispositivo Bluetooth (Personal Area Network) = Connessione di rete Bluetooth (Media disconnected)


# ----------------------------------
# Configurazione IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# Fine configurazione IPv4



Configurazione IP di Windows

Nome host . . . . . . . . . . . . . . : Utente-PC
Suffisso DNS primario . . . . . . . . :
Tipo nodo . . . . . . . . . . . . . . : Ibrido
Routing IP abilitato. . . . . . . . . : No
Proxy WINS abilitato . . . . . . . . : No

Scheda LAN wireless Connessione rete wireless 4:

Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Atheros AR5007UG Wireless Network Adapter #4
Indirizzo fisico. . . . . . . . . . . : 00-19-E0-6E-31-C1
DHCP abilitato. . . . . . . . . . . . : SŤ
Configurazione automatica abilitata : SŤ
Indirizzo IPv6 locale rispetto al collegamento . : fe80::f0bd:a8a4:d105:e657%18(Preferenziale)
Indirizzo IPv4. . . . . . . . . . . . : 192.168.0.100(Preferenziale)
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Lease ottenuto. . . . . . . . . . . . : giovedŤ 5 aprile 2012 16:07:39
Scadenza lease . . . . . . . . . . . : domenica 8 aprile 2012 16:07:39
Gateway predefinito . . . . . . . . . : 192.168.0.1
Server DHCP . . . . . . . . . . . . . : 192.168.0.1
IAID DHCPv6 . . . . . . . . . . . : 402659808
DUID Client DHCPv6. . . . . . . . : 00-01-00-01-16-AA-ED-C8-14-DA-E9-4C-6E-39
Server DNS . . . . . . . . . . . . . : 192.168.0.1
NetBIOS su TCP/IP . . . . . . . . . . : Attivato

Scheda Ethernet Connessione di rete Bluetooth:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Dispositivo Bluetooth (Personal Area Network)
Indirizzo fisico. . . . . . . . . . . : 00-26-83-15-3F-56
DHCP abilitato. . . . . . . . . . . . : SŤ
Configurazione automatica abilitata : SŤ

Scheda Ethernet Connessione alla rete locale (LAN):

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection
Indirizzo fisico. . . . . . . . . . . : 14-DA-E9-4C-6E-39
DHCP abilitato. . . . . . . . . . . . : SŤ
Configurazione automatica abilitata : SŤ

Scheda Tunnel isatap.{918117DA-A173-4386-85A2-F7A8297A0EA5}:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Microsoft ISATAP Adapter
Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : SŤ

Scheda Tunnel Teredo Tunneling Pseudo-Interface:

Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : SŤ
Indirizzo IPv6 . . . . . . . . . . . . . . . . . : 2001:0:5ef5:79fd:100d:b8a:3f57:ff9b(Preferenziale)
Indirizzo IPv6 locale rispetto al collegamento . : fe80::100d:b8a:3f57:ff9b%14(Preferenziale)
Gateway predefinito . . . . . . . . . : ::
NetBIOS su TCP/IP . . . . . . . . . . : Disattivato
Server: UnKnown
Address: 192.168.0.1

Nome: google.com
Addresses: 173.194.35.40
173.194.35.41
173.194.35.46
173.194.35.32
173.194.35.33
173.194.35.34
173.194.35.35
173.194.35.36
173.194.35.37
173.194.35.38
173.194.35.39


Esecuzione di Ping google.com [173.194.35.37] con 32 byte di dati:
Risposta da 173.194.35.37: byte=32 durata=45ms TTL=53
Risposta da 173.194.35.37: byte=32 durata=44ms TTL=53

Statistiche Ping per 173.194.35.37:
Pacchetti: Trasmessi = 2, Ricevuti = 2,
Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
Minimo = 44ms, Massimo = 45ms, Medio = 44ms
Server: UnKnown
Address: 192.168.0.1

Nome: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Esecuzione di Ping yahoo.com [209.191.122.70] con 32 byte di dati:
Risposta da 209.191.122.70: byte=32 durata=184ms TTL=51
Risposta da 209.191.122.70: byte=32 durata=196ms TTL=52

Statistiche Ping per 209.191.122.70:
Pacchetti: Trasmessi = 2, Ricevuti = 2,
Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
Minimo = 184ms, Massimo = 196ms, Medio = 190ms
Server: UnKnown
Address: 192.168.0.1

Nome: bleepingcomputer.com
Address: 208.43.87.2


Esecuzione di Ping bleepingcomputer.com [208.43.87.2] con 32 byte di dati:
Risposta da 208.43.87.2: Host di destinazione non raggiungibile.
Risposta da 208.43.87.2: Host di destinazione non raggiungibile.

Statistiche Ping per 208.43.87.2:
Pacchetti: Trasmessi = 2, Ricevuti = 2,
Persi = 0 (0% persi),

Esecuzione di Ping 127.0.0.1 con 32 byte di dati:
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128
Risposta da 127.0.0.1: byte=32 durata<1ms TTL=128

Statistiche Ping per 127.0.0.1:
Pacchetti: Trasmessi = 2, Ricevuti = 2,
Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
Minimo = 0ms, Massimo = 0ms, Medio = 0ms
===========================================================================
Elenco interfacce
18...00 19 e0 6e 31 c1 ......Atheros AR5007UG Wireless Network Adapter #4
12...00 26 83 15 3f 56 ......Dispositivo Bluetooth (Personal Area Network)
11...14 da e9 4c 6e 39 ......Intel® 82579V Gigabit Network Connection
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Tabella route
===========================================================================
Route attive:
Indirizzo rete Mask Gateway Interfaccia Metrica
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.100 281
192.168.0.100 255.255.255.255 On-link 192.168.0.100 281
192.168.0.255 255.255.255.255 On-link 192.168.0.100 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.100 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.100 281
===========================================================================
Route permanenti:
Nessuna

IPv6 Tabella route
===========================================================================
Route attive:
Interf Metrica Rete Destinazione Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:5ef5:79fd:100d:b8a:3f57:ff9b/128
On-link
18 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::100d:b8a:3f57:ff9b/128
On-link
18 281 fe80::f0bd:a8a4:d105:e657/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
18 281 ff00::/8 On-link
===========================================================================
Route permanenti:
Nessuna
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

**** End of log ****

MBAM LOG:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Versione database: v2012.04.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Utente :: UTENTE-PC [amministratore]

05/04/2012 17:29:27
mbam-log-2012-04-05 (17-29-27).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 217716
Tempo impiegato: 1 minuti, 13 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users