Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
beckheuser

Virtumonde.O

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 16:20:33, on 7/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\WINDOWS\tsnppro.exe

C:\WINDOWS\vsnppro.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\tecnobyte\lembrete\lembrete.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\D-Link\DSL-210\CnxDslTb.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\D o w n l o a d s\Programas\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [imageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe

O4 - HKLM\..\Run: [tsnppro] C:\WINDOWS\tsnppro.exe

O4 - HKLM\..\Run: [snppro] C:\WINDOWS\vsnppro.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Tecnobyte Lembrete] C:\tecnobyte\lembrete\lembrete.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\D-Link\DSL-210\CnxDslTb.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D9CF90C7-606C-4EB9-9E4B-8857D9361420}: NameServer = 10.1.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Eraser Service (EraserSvc10732) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Validação de senha de Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

AJUDA!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia beckheuser!

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • LOG DO COMBOFIX

    ComboFix 07-09-08.7 - "USER" 2007-09-08 11:43:38.1 - FAT32x86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502 [GMT -3:00]

    * Created a new restore point

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Program Files\gbplugin\Bb.gpc

    C:\Program Files\gbplugin\Bb.gpc . . . . failed to delete

    C:\Program Files\gbplugin\gbieh.gmd

    C:\WINDOWS\system32\_000006_.tmp.dll

    C:\WINDOWS\system32\_000007_.tmp.dll

    C:\WINDOWS\system32\_000008_.tmp.dll

    C:\WINDOWS\system32\_000009_.tmp.dll

    C:\WINDOWS\system32\_000010_.tmp.dll

    C:\WINDOWS\system32\awvvu.dll

    C:\WINDOWS\system32\drivers\npf.sys

    C:\WINDOWS\system32\packet.dll

    C:\WINDOWS\system32\pthreadVC.dll

    C:\WINDOWS\system32\uvvwa.bak1

    C:\WINDOWS\system32\uvvwa.bak2

    C:\WINDOWS\system32\uvvwa.ini

    C:\WINDOWS\system32\uvvwa.ini2

    C:\WINDOWS\system32\uvvwa.tmp

    C:\WINDOWS\system32\WanPacket.dll

    C:\WINDOWS\system32\wpcap.dll

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    -------\LEGACY_NPF

    -------\NPF

    ((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))

    .

    2007-09-08 11:37 51,200 --a------ C:\WINDOWS\NirCmd.exe

    2007-09-05 00:51 <DIR> d-------- C:\{8001B2E0-0000-0000-9B57-8C752F9A24F6}

    2007-09-04 22:46 <DIR> d-------- C:\{8001B2E0-0000-0000-9848-E26C653FFE6C}

    2007-09-04 17:18 <DIR> d-------- C:\{8001B2E0-0000-0000-3317-AA14EFF40AF7}

    2007-09-04 17:08 <DIR> d-------- C:\{8001B2E0-0000-0000-8CE8-AD4940251856}

    2007-09-04 13:14 <DIR> d-------- C:\Program Files\Windows Live Safety Center

    2007-09-02 15:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

    2007-08-21 15:53 <DIR> d-------- C:\VIDEOS

    2007-08-17 14:32 3,648 --a------ C:\WINDOWS\system32\hnhmtivn.dll

    2007-08-16 16:25 43,264 --a------ C:\WINDOWS\system32\drivers\ser2pl.sys

    2007-08-16 10:40 <DIR> d-------- C:\WINDOWS\pss

    2007-08-16 10:38 <DIR> d-------- C:\TEMP

    2007-08-15 00:03 <DIR> d-------- C:\DOCUME~1\USER\APPLIC~1\Lavasoft

    2007-08-14 17:13 383,488 --a------ C:\WINDOWS\system32\midas.dll

    2007-08-14 17:05 <DIR> d-------- C:\Program Files\SisBECK 2.0

    2007-08-14 08:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

    2007-08-10 20:37 <DIR> d-------- C:\Program Files\Lavasoft

    2007-08-10 20:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

    2007-08-09 21:22 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2007-08-07 23:52 21504 --a------ C:\WINDOWS\system32\wineak32.dll

    2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys

    2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

    2007-08-05 20:50 --------- d-------- C:\Program Files\GbPlugin

    2007-08-05 20:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GbPlugin

    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll

    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll

    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe

    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll

    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll

    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll

    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll

    2007-07-27 14:08 --------- d-------- C:\Program Files\ATMEL

    2007-07-19 04:00 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll

    2007-07-12 20:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

    2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys

    2007-06-27 11:35 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll

    2007-06-27 11:35 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll

    2007-06-27 11:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll

    2007-06-27 11:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

    2007-06-27 11:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

    2007-06-27 11:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll

    2007-06-27 11:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

    2007-06-27 11:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll

    2007-06-27 11:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll

    2007-06-27 11:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

    2007-06-27 11:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll

    2007-06-27 11:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

    2007-06-27 11:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll

    2007-06-27 11:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll

    2007-06-27 11:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll

    2007-06-27 11:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll

    2007-06-27 11:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll

    2007-06-27 11:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll

    2007-06-27 11:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll

    2007-06-27 11:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll

    2007-06-27 05:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe

    2007-06-27 05:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe

    2007-06-27 05:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

    2007-06-27 04:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll

    2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe

    2007-06-26 03:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

    2007-06-26 03:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll

    2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

    2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll

    2007-06-13 07:23 1033216 --a------ C:\WINDOWS\system32\dllcache\explorer.exe

    2007-06-13 07:23 1033216 --a------ C:\WINDOWS\explorer.exe

    2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll

    2006-12-04 13:14 9232 --a------ C:\DOCUME~1\USER\mqdmmdfl.sys

    2006-12-04 13:14 92064 --a------ C:\DOCUME~1\USER\mqdmmdm.sys

    2006-12-04 13:14 79328 --a------ C:\DOCUME~1\USER\mqdmserd.sys

    2006-12-04 13:14 66656 --a------ C:\DOCUME~1\USER\mqdmbus.sys

    2006-12-04 13:14 6208 --a------ C:\DOCUME~1\USER\mqdmcmnt.sys

    2006-12-04 13:14 5936 --a------ C:\DOCUME~1\USER\mqdmwhnt.sys

    2006-12-04 13:14 4048 --a------ C:\DOCUME~1\USER\mqdmcr.sys

    2006-12-04 13:14 25600 --a------ C:\DOCUME~1\USER\usbsermptxp.sys

    2006-12-04 13:14 22768 --a------ C:\DOCUME~1\USER\usbsermpt.sys

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "LaunchApp"="Alaunch" []

    "AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 C:\WINDOWS\AGRSMMSG.exe]

    "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 C:\WINDOWS\RTHDCPL.exe]

    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 14:21]

    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 07:17]

    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 07:16]

    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]

    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15]

    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00]

    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00]

    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]

    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]

    "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39]

    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55]

    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52]

    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55]

    "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 18:08]

    "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12]

    "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 13:56]

    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43]

    "ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02]

    "tsnppro"="C:\WINDOWS\tsnppro.exe" [2005-10-25 16:13]

    "snppro"="C:\WINDOWS\vsnppro.exe" [2005-08-18 14:20]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]

    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-21 19:08]

    "Tecnobyte Lembrete"="C:\tecnobyte\lembrete\lembrete.exe" [2004-06-10 15:59]

    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]

    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 14:22]

    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]

    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]

    "CnxDslTaskBar"="C:\Program Files\D-Link\DSL-210\CnxDslTb.exe" [2004-07-23 19:36]

    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 09:52]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-11-06 10:09]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\

    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58]

    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-31 19:03:16]

    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\Program Files\GbPlugin\gbieh.dll [2007-06-25 09:24 332616]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghhig]

    hgghhig.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineak32]

    wineak32.dll 2007-08-07 23:52 21504 C:\WINDOWS\system32\wineak32.dll

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys

    R2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

    R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys

    R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys

    R2 EraserSvc10732;Symantec Eraser Service;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

    R2 GbpSv;Gbp Service;C:\Program Files\GbPlugin\GbpSv.exe

    R2 int15;int15;\??\C:\WINDOWS\system32\drivers\int15.sys

    R2 tvicport;tvicport;\??\C:\WINDOWS\system32\drivers\tvicport.sys

    R2 WIBUKEY;WIBU-KEY Kernel Driver;C:\WINDOWS\system32\DRIVERS\Wibukey.sys

    R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys

    R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS

    S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys

    S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys

    S3 CnxEtP;Conexant AccessRunner USB ADSL LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys

    S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys

    S3 CnxTgN;Conexant AccessRunner USB ADSL LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys

    S3 psdfilter;psdfilter;\??\C:\WINDOWS\system32\Drivers\psdfilter.sys

    S3 psdvdisk;psdvdisk;\??\C:\WINDOWS\system32\Drivers\psdvdisk.sys

    S3 SNPPRO;USB PC Camera (snppro);C:\WINDOWS\system32\DRIVERS\snppro.sys

    .

    Contents of the 'Scheduled Tasks' folder

    "2007-09-08 14:59:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

    - C:\Program Files\Windows Defender\MpCmdRun.exe

    "2007-09-06 14:35:42 C:\WINDOWS\Tasks\Norton AntiVirus - Verificação completa no sistema - USER.job"

    "2007-09-08 14:45:14 C:\WINDOWS\Tasks\gustavo_g.job"

    - C:\WINDOWS\system32\ntbackup.exe

    .

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-09-08 11:57:27

    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    Completion time: 2007-09-08 11:59:51

    C:\ComboFix-quarantined-files.txt ... 2007-09-08 11:59

    .

    --- E O F ---

    ----------------------------------------------------------------

    LOG DO COMBOFIX - QUARENTINE FILES


    2004-08-04 05:00 111104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000010_.tmp.dll.vir
    2004-08-04 05:00 1835904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000008_.tmp.dll.vir
    2004-08-04 05:00 34304 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000009_.tmp.dll.vir
    2004-08-04 05:00 721920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000007_.tmp.dll.vir
    2004-08-04 05:00 983552 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
    2005-11-02 14:32 233472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
    2005-11-02 14:32 32512 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
    2005-11-02 14:32 53299 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir
    2005-11-02 14:32 81920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
    2005-11-03 10:02 61440 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\WanPacket.dll.vir
    2007-07-08 21:23 15399 --a------ C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
    2007-08-08 09:08 231520 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\awvvu.dll.vir
    2007-08-08 16:08 716991 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uvvwa.tmp.vir
    2007-08-08 17:59 717042 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uvvwa.ini.vir
    2007-08-31 13:27 648743 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uvvwa.bak1.vir
    2007-09-06 15:21 46027 --a------ C:\Qoobox\Quarantine\C\Program Files\GbPlugin\Bb.gpc.vir
    2007-09-08 11:34 1368560 --a------ C:\Qoobox\Quarantine\C\Program Files\GbPlugin\gbieh.gmd.vir
    2007-09-08 11:37 677144 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uvvwa.bak2.vir
    2007-09-08 11:48 1326 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NPF.reg.cf
    2007-09-08 11:48 1352 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NPF.reg.cf
    2007-09-08 11:48 673682 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uvvwa.ini2.vir


    Folder PATH listing for volume GUSTAVO
    Volume serial number is 735C-9FB7
    C:\QOOBOX\QUARANTINE
    +---C
    | +---ComboFix
    | | FProps.vbs.vir
    | |
    | +---WINDOWS
    | | \---system32
    | | | _000006_.tmp.dll.vir
    | | | _000007_.tmp.dll.vir
    | | | _000008_.tmp.dll.vir
    | | | _000009_.tmp.dll.vir
    | | | _000010_.tmp.dll.vir
    | | | uvvwa.tmp.vir
    | | | uvvwa.ini.vir
    | | | uvvwa.bak1.vir
    | | | uvvwa.bak2.vir
    | | | uvvwa.ini2.vir
    | | | packet.dll.vir
    | | | pthreadVC.dll.vir
    | | | WanPacket.dll.vir
    | | | wpcap.dll.vir
    | | | awvvu.dll.vir
    | | |
    | | \---drivers
    | | npf.sys.vir
    | |
    | \---Program Files
    | \---GbPlugin
    | Bb.gpc.vir
    | gbieh.gmd.vir
    |
    \---Registry_backups
    LEGACY_NPF.reg.cf
    services_NPF.reg.cf

    -----------------------------------------------------------------

    Logfile of HijackThis v1.99.1

    Scan saved at 12:03:05, on 8/9/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\Program Files\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

    C:\WINDOWS\system32\wbem\unsecapp.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

    C:\WINDOWS\tsnppro.exe

    C:\WINDOWS\vsnppro.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\tecnobyte\lembrete\lembrete.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\WINDOWS\system32\igfxext.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    D:\D o w n l o a d s\Programas\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll

    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [LaunchApp] Alaunch

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

    O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

    O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

    O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe

    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

    O4 - HKLM\..\Run: [imageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe

    O4 - HKLM\..\Run: [tsnppro] C:\WINDOWS\tsnppro.exe

    O4 - HKLM\..\Run: [snppro] C:\WINDOWS\vsnppro.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [Tecnobyte Lembrete] C:\tecnobyte\lembrete\lembrete.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\D-Link\DSL-210\CnxDslTb.exe"

    O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

    O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Acer Empowering Technology.lnk = ?

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D9CF90C7-606C-4EB9-9E4B-8857D9361420}: NameServer = 10.1.1.1

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll

    O20 - Winlogon Notify: hgghhig - hgghhig.dll (file missing)

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: wineak32 - C:\WINDOWS\SYSTEM32\wineak32.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

    O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Symantec Eraser Service (EraserSvc10732) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

    O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Program Files\GbPlugin\GbpSv.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Validação de senha de Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia beckheuser!

    >@< Faça o download do Avenger.

    >@< Descompacte-o e crie uma pasta para o programa!Coloque esta pasta no Disco Local-C ou Desktop!

    >@< Rode o programa e marque Input script manually.

    >@< Clique no ícone da lupa!

    Files to delete:

    C:\WINDOWS\system32\hnhmtivn.dll

    C:\WINDOWS\system32\wineak32.dll

    C:\WINDOWS\system32\hgghhig.dll

    Registry values to replace with dummy:

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify |hgghhig

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify |wineak32

    Folders to delete:

    C:\Qoobox\Quarantine

    C:\{8001B2E0-0000-0000-9B57-8C752F9A24F6}

    C:\{8001B2E0-0000-0000-9848-E26C653FFE6C}

    C:\{8001B2E0-0000-0000-3317-AA14EFF40AF7}

    C:\{8001B2E0-0000-0000-8CE8-AD4940251856}

    >@< Na caixa que abrir,cole o que foi copiado na área da Citação,logo àcima!

    >@< Clique em Done.

    >@< Clique no ícone do semáforo!

    >@< Clique em Ok.

    >@< O computador irá reiniciar!

    _________________

    >@< Faça e poste um nôvo log,do HijackThis + Avenger.txt,na sua resposta.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×