Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Tweed

Protejaseudrive, nadadevirus e gladiator! Por favor, verifiquem os logs!

Recommended Posts

Olá, antes de tudo gostaria de agradecer a boa vontade de quem ajuda a todos como eu!

Estou postando esse novo tópico como último recurso, percebo que o volume de pedidos de ajuda é muito grande, tentei resolver o problema "sozinho", ou seja, lendo sobre o problema de outros com o mesmo tipo de infecção, mas não obtive resultado!

Já fiz a utilização da ferramenta: Combo.fix, mas acho que não obtive sucesso, acho que ainda há algo que deva ser feito, quando entro no messenger e abro minha página de emails, as janelas do IE continuam abrindo sozinhas e com aquelas malditas propagandas que vocês todos conhecem!!!

Gostaria então que avaliassem estes logs e se possivel indicar a direção para a correção do problema!

Agradeço desde já a ajuda!!!!

Logfile of HijackThis v1.99.1

Scan saved at 15:47:36, on 19/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=150.164.255.201:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ufmg.br

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [bM174e0128] Rundll32.exe "C:\WINDOWS\system32\fvbmhycu.dll",s

O4 - HKLM\..\Run: [147d32b4] rundll32.exe "C:\WINDOWS\system32\khtmrxud.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Anti-virus web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143932335953

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

omboFix 08-05-15.3 - Borelli 2008-05-19 15:05:00.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.264 [GMT -7:00]

Running from: C:\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\dMUuCccf.ini

C:\WINDOWS\system32\dMUuCccf.ini2

C:\WINDOWS\system32\dvhnccbj.ini

C:\WINDOWS\system32\dvhnccbj.ini2

C:\WINDOWS\system32\dvhnccbj.tmp

C:\WINDOWS\system32\fxycegen.tmp

C:\WINDOWS\system32\fxycegen.tmp2

C:\WINDOWS\system32\gcaeijgf.ini

C:\WINDOWS\system32\kavo.exe

C:\WINDOWS\system32\kavo0.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\qvbkhxco.exe

C:\WINDOWS\system32\sjjbdflv.exe

.

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))

.

2008-05-19 14:55 . 2008-05-19 14:55 1,916,951 --a------ C:\ComboFix.exe

2008-05-19 14:19 . 2008-05-19 14:19 <DIR> d-------- C:\VundoFix Backups

2008-05-19 13:58 . 2008-05-19 13:58 6,862 --a------ C:\show-vundo.vbs

2008-05-19 10:41 . 2008-05-19 10:41 114,688 --a------ C:\WINDOWS\system32\negecyxf.dll

2008-05-19 10:39 . 2008-05-19 10:39 124,928 --a------ C:\WINDOWS\system32\kqgcfxcq.dll

2008-05-18 11:24 . 2008-05-18 11:24 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

2008-05-18 10:02 . 2008-05-18 10:02 117,248 --a------ C:\WINDOWS\system32\jbccnhvd.dll

2008-05-18 09:59 . 2008-05-19 15:15 109,807 --a------ C:\WINDOWS\BM174e0128.xml

2008-05-18 09:58 . 2008-05-18 09:58 124,928 --a------ C:\WINDOWS\system32\tpuykelg.dll

2008-05-17 17:07 . 2008-05-17 17:07 <DIR> d-------- C:\WINDOWS\MSApps

2008-05-17 17:00 . 2008-05-17 17:00 58,880 --a------ C:\WINDOWS\system32\nnnKEUMg.dll

2008-05-17 16:59 . 2008-05-17 17:02 <DIR> d-------- C:\Program Files\coolpro2

2008-05-17 16:59 . 2008-05-17 16:59 58,880 --a------ C:\WINDOWS\system32\ljJATLBu.dll

2008-05-17 16:56 . 2008-05-17 16:56 58,880 --a------ C:\WINDOWS\system32\ljJDTKCu.dll

2008-05-17 16:54 . 2008-05-17 16:54 58,880 --a------ C:\WINDOWS\system32\nnnnKDtu.dll

2008-05-17 16:53 . 2008-05-17 16:53 58,880 --a------ C:\WINDOWS\system32\jkkKcYPH.dll

2008-05-17 16:48 . 2008-05-17 16:48 371,712 --a------ C:\WINDOWS\system32\fccCuUMd.dll

2008-05-17 16:43 . 2008-05-17 16:43 58,880 --a------ C:\WINDOWS\system32\opnmNGVo.dll

2008-05-14 08:51 . 2008-05-14 08:51 <DIR> d-------- C:\WINDOWS\Sun

2008-05-12 18:14 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-05-12 18:14 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-05-12 18:14 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-05-12 18:11 . 2006-10-31 13:11 57,344 --a------ C:\WINDOWS\Signet32.dll

2008-05-08 14:38 . 2008-05-08 15:51 493 --a------ C:\WINDOWS\OmSearch.INI

2008-05-08 08:30 . 2008-05-08 08:40 <DIR> d-------- C:\JCO

2008-05-01 14:26 . 2008-05-01 14:26 <DIR> d-------- C:\Documents and Settings\Borelli\Application Data\Syntrillium

2008-04-28 00:13 . 2008-04-08 18:36 117,637 -r-hs---- C:\i.bat

2008-04-27 23:05 . 2008-04-27 23:05 <DIR> d-------- C:\Program Files\MegauploadToolbar

2008-04-27 23:05 . 2008-04-27 23:18 <DIR> d-------- C:\Documents and Settings\Borelli\Application Data\MegauploadToolbar

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-19 22:16 127,837,728 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-19 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-05-19 22:11 859,936 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-19 22:11 81,524 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-05-19 22:11 1,713,140 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-19 09:30 --------- d-----w C:\Documents and Settings\Borelli\Application Data\Skype

2008-05-19 09:13 --------- d-----w C:\Documents and Settings\Borelli\Application Data\skypePM

2008-05-19 05:12 --------- d-----w C:\Program Files\eMule

2008-05-09 05:49 --------- d-----w C:\Documents and Settings\Borelli\Application Data\AdobeUM

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-04 01:21 24,192 ----a-w C:\Documents and Settings\Borelli\usbsermptxp.sys

2008-03-04 01:21 22,768 ----a-w C:\Documents and Settings\Borelli\usbsermpt.sys

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 00:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-06-14 07:15 41,248 ----a-w C:\Documents and Settings\Borelli\Application Data\GDIPFONTCACHEV1.DAT

2007-06-26 02:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll

2007-06-26 02:30 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll

.

------- Sigcheck -------

2002-09-10 06:46 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe

2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe

2002-09-10 06:46 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll

2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2002-08-28 20:41 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe

2002-08-28 19:09 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2002-09-10 06:45 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe

2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe

2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe

2002-08-28 20:41 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe

2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe

2002-08-28 20:41 13312 414de7cf9d3f19c3ea902f1bb38ec116 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe

2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2309EAA2-E2A0-4C06-9DC1-FC3603B5C808}]

2008-05-17 16:48 371712 --a------ C:\WINDOWS\system32\fccCuUMd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]

2008-05-17 16:43 58880 --a------ C:\WINDOWS\system32\opnmNGVo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57 143360]

"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 17:22 7618560]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-06-01 17:22 86016]

"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [ ]

"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 16:25 212992]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 05:42 176128]

"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37 229437]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02 200768]

"BM174e0128"="C:\WINDOWS\system32\fvbmhycu.dll" [2008-05-19 15:24 124928]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{522E0112-EDD9-413D-A99E-C311A54B6676}"= C:\WINDOWS\system32\opnmNGVo.dll [2008-05-17 16:43 58880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmNGVo]

opnmNGVo.dll 2008-05-17 16:43 58880 C:\WINDOWS\system32\opnmNGVo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\fccCuUMd

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

--a------ 2003-05-21 19:37 229437 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a------ 2003-04-11 16:25 212992 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2003-06-25 12:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2003-09-01 05:42 176128 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]

--a------ 2005-06-08 22:31 96256 C:\Program Files\iolo\System Mechanic Professional 6\delay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\MSMSGS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

--a------ 2005-10-17 05:51 548864 C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]

--a------ 2005-10-17 05:51 453632 C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 IoloFilter;IoloFilter;C:\WINDOWS\system32\drivers\IoloFltr.sys [2005-10-10 19:11]

R3 PAC207;SoC PC-Camera Beta3;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-12 13:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d593795-24fb-11dd-9cb9-000ea6aa09d8}]

\Shell\AutoRun\command - E:\i.bat

\Shell\explore\Command - E:\i.bat

\Shell\open\Command - E:\i.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75e37fa6-0809-11dc-9f18-000ea6aa09d8}]

\Shell\AutoRun\command - E:\i.bat

\Shell\explore\Command - E:\i.bat

\Shell\open\Command - E:\i.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8d20db8-cbbb-11db-9e41-000ea6aa09d8}]

\Shell\AutoRun\command - E:\i.bat

\Shell\explore\Command - E:\i.bat

\Shell\open\Command - E:\i.bat

.

Contents of the 'Scheduled Tasks' folder

"2008-05-03 15:35:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-04-04 00:50:06 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3500#TH4461736876.job"

- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet3500#TH4461736876

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-19 15:16:02

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\yaKSCcdd.ini 345 bytes

C:\WINDOWS\system32\yaKSCcdd.ini2 345 bytes

C:\WINDOWS\system32\ddcCSKay.dll 371712 bytes executable

scan completed successfully

hidden files: 3

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\opnmNGVo.dll

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\fvbmhycu.dll

-> C:\WINDOWS\system32\fccCuUMd.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\PAStiSvc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2008-05-19 15:27:32 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-19 22:26:43

Pre-Run: 3,522,633,728 bytes free

Post-Run: 3,547,287,552 bytes free

228 --- E O F --- 2008-04-11 22:25:21

Aguardo ansioso por uma resposta! Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Tweed

Antes de executar este procedimento,insira sua(s) unidade(s) removíveis,na entrada USB.

<!> Delete:

C:\ComboFix.txt << Log anterior do ComboFix.

----------------------

>@< Selecione e copie,todo o conteúdo que está na área do Código,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

File::
C:\i.bat
E:\i.bat
C:\WINDOWS\system32\negecyxf.dll
C:\WINDOWS\system32\kqgcfxcq.dll
C:\WINDOWS\system32\jbccnhvd.dll
C:\WINDOWS\BM174e0128.xml
C:\WINDOWS\system32\tpuykelg.dll
C:\WINDOWS\system32\nnnKEUMg.dll
C:\WINDOWS\system32\ljJATLBu.dll
C:\WINDOWS\system32\ljJDTKCu.dll
C:\WINDOWS\system32\nnnnKDtu.dll
C:\WINDOWS\system32\jkkKcYPH.dll
C:\WINDOWS\system32\fccCuUMd.dll
C:\WINDOWS\system32\opnmNGVo.dll
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d593795-24fb-11dd-9cb9-000ea6aa09d8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75e37fa6-0809-11dc-9f18-000ea6aa09d8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8d20db8-cbbb-11db-9e41-000ea6aa09d8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2309EAA2-E2A0-4C06-9DC1-FC3603B5C808}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmNGVo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM174e0128"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{522E0112-EDD9-413D-A99E-C311A54B6676}"=-
Folder::
C:\VundoFix Backups

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

cpiadecfscriptxt7.gif

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Caso não reinicie,faça-o manualmente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Boa noite, Joram! Obrigado pela atenção!

    Antes, gostaria de avisar que não possuo unidade(s) removíveis para entradas USB.

    Seguem os logs!

    Logfile of HijackThis v1.99.1

    Scan saved at 00:51:06, on 21/5/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\PAStiSvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\explorer.exe

    C:\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=150.164.255.201:3128

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ufmg.br

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143932335953

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    ComboFix 08-05-15.3 - Borelli 2008-05-21 0:26:31.5 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.280 [GMT -7:00]

    Running from: C:\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Borelli\Desktop\CFScript.txt

    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\i.bat

    C:\WINDOWS\BM174e0128.xml

    C:\WINDOWS\system32\fccCuUMd.dll

    C:\WINDOWS\system32\jbccnhvd.dll

    C:\WINDOWS\system32\jkkKcYPH.dll

    C:\WINDOWS\system32\kqgcfxcq.dll

    C:\WINDOWS\system32\ljJATLBu.dll

    C:\WINDOWS\system32\ljJDTKCu.dll

    C:\WINDOWS\system32\negecyxf.dll

    C:\WINDOWS\system32\nnnKEUMg.dll

    C:\WINDOWS\system32\nnnnKDtu.dll

    C:\WINDOWS\system32\opnmNGVo.dll

    C:\WINDOWS\system32\tpuykelg.dll

    E:\i.bat

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\i.bat

    C:\WINDOWS\BM174e0128.xml

    C:\WINDOWS\pskt.ini

    C:\WINDOWS\system32\dMUuCccf.ini

    C:\WINDOWS\system32\dMUuCccf.ini2

    C:\WINDOWS\system32\duxrmthk.ini

    C:\WINDOWS\system32\fccCuUMd.dll

    C:\WINDOWS\system32\jbccnhvd.dll

    C:\WINDOWS\system32\jkkKcYPH.dll

    C:\WINDOWS\system32\jygotucn.ini

    C:\WINDOWS\system32\kqgcfxcq.dll

    C:\WINDOWS\system32\ljJATLBu.dll

    C:\WINDOWS\system32\ljJDTKCu.dll

    C:\WINDOWS\system32\mcrh.tmp

    C:\WINDOWS\system32\negecyxf.dll

    C:\WINDOWS\system32\nnnKEUMg.dll

    C:\WINDOWS\system32\nnnnKDtu.dll

    C:\WINDOWS\system32\opnmNGVo.dll

    C:\WINDOWS\system32\tpuykelg.dll

    .

    ((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))

    .

    2008-05-20 23:11 . 2008-05-20 23:11 <DIR> d-------- C:\Program Files\Uniblue

    2008-05-20 23:11 . 2008-05-20 23:11 <DIR> d-------- C:\Documents and Settings\Borelli\Application Data\Uniblue

    2008-05-20 21:34 . 2008-05-20 21:34 117,248 --a------ C:\WINDOWS\system32\ncutogyj.dll

    2008-05-20 21:31 . 2008-05-20 21:31 2,560 --a------ C:\WINDOWS\system32\ppvqikvr.exe

    2008-05-20 21:30 . 2008-05-20 21:30 126,976 --a------ C:\WINDOWS\system32\krbwhiax.dll

    2008-05-19 15:24 . 2008-05-19 15:24 124,928 --a------ C:\WINDOWS\system32\fvbmhycu.dll

    2008-05-19 15:24 . 2008-05-19 15:24 2,560 --a------ C:\WINDOWS\system32\seckedlt.exe

    2008-05-19 14:55 . 2008-05-19 14:55 1,916,951 --a------ C:\ComboFix.exe

    2008-05-18 11:24 . 2008-05-18 11:24 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

    2008-05-17 17:07 . 2008-05-17 17:07 <DIR> d-------- C:\WINDOWS\MSApps

    2008-05-17 16:59 . 2008-05-17 17:02 <DIR> d-------- C:\Program Files\coolpro2

    2008-05-14 08:51 . 2008-05-14 08:51 <DIR> d-------- C:\WINDOWS\Sun

    2008-05-12 18:14 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

    2008-05-12 18:14 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

    2008-05-12 18:14 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

    2008-05-12 18:11 . 2006-10-31 13:11 57,344 --a------ C:\WINDOWS\Signet32.dll

    2008-05-08 14:38 . 2008-05-08 15:51 493 --a------ C:\WINDOWS\OmSearch.INI

    2008-05-08 08:30 . 2008-05-08 08:40 <DIR> d-------- C:\JCO

    2008-05-01 14:26 . 2008-05-01 14:26 <DIR> d-------- C:\Documents and Settings\Borelli\Application Data\Syntrillium

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-05-20 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

    2008-05-19 23:02 --------- d-----w C:\Documents and Settings\Borelli\Application Data\skypePM

    2008-05-19 23:02 --------- d-----w C:\Documents and Settings\Borelli\Application Data\Skype

    2008-05-19 05:12 --------- d-----w C:\Program Files\eMule

    2008-05-09 05:49 --------- d-----w C:\Documents and Settings\Borelli\Application Data\AdobeUM

    2008-03-04 01:21 24,192 ----a-w C:\Documents and Settings\Borelli\usbsermptxp.sys

    2008-03-04 01:21 22,768 ----a-w C:\Documents and Settings\Borelli\usbsermpt.sys

    2008-02-20 00:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

    2007-06-14 07:15 41,248 ----a-w C:\Documents and Settings\Borelli\Application Data\GDIPFONTCACHEV1.DAT

    2007-06-26 02:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll

    2007-06-26 02:30 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll

    .

    ------- Sigcheck -------

    2002-09-10 06:46 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

    2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe

    2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe

    2002-09-10 06:46 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

    2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll

    2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

    2002-08-28 20:41 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

    2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

    2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe

    2002-08-28 19:09 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

    2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys

    2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

    2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys

    2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

    2002-09-10 06:45 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe

    2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe

    2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe

    2002-08-28 20:41 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

    2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe

    2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe

    2002-08-28 20:41 13312 414de7cf9d3f19c3ea902f1bb38ec116 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

    2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe

    2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57 143360]

    "nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]

    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 17:22 7618560]

    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-06-01 17:22 86016]

    "KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [ ]

    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]

    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 16:25 212992]

    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 05:42 176128]

    "DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37 229437]

    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [ ]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "VIDC.YV12"= yv12vfw.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

    --a------ 2003-05-21 19:37 229437 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

    --a------ 2003-04-11 16:25 212992 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

    --a------ 2003-06-25 12:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

    --a------ 2003-09-01 05:42 176128 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]

    --a------ 2005-06-08 22:31 96256 C:\Program Files\iolo\System Mechanic Professional 6\delay.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

    --a------ 2005-10-17 05:51 548864 C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]

    --a------ 2005-10-17 05:51 453632 C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

    -ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

    R0 IoloFilter;IoloFilter;C:\WINDOWS\system32\drivers\IoloFltr.sys [2005-10-10 19:11]

    R3 PAC207;SoC PC-Camera Beta3;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-12 13:58]

    .

    Contents of the 'Scheduled Tasks' folder

    "2008-05-03 15:35:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

    "2008-04-04 00:50:06 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3500#TH4461736876.job"

    - C:\Program Files\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet3500#TH4461736876

    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-05-21 00:35:26

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    ------------------------ Other Running Processes ------------------------

    .

    C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\system32\PAStiSvc.exe

    C:\WINDOWS\system32\wdfmgr.exe

    C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.41-delta.exe

    C:\c51b37d58e8e8fffda1f115657e1\mrtstub.exe

    C:\WINDOWS\system32\MRT.exe

    C:\WINDOWS\SoftwareDistribution\Download\71346ae154833814462aa3a4477d3137\update\update.exe

    C:\WINDOWS\system32\imapi.exe

    .

    **************************************************************************

    .

    Completion time: 2008-05-21 0:45:23 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-05-21 07:44:46

    Pre-Run: 4,143,464,448 bytes free

    Post-Run: 4,072,640,512 bytes free

    196 --- E O F --- 2008-04-11 22:25:21

    Mais uma vez, muito obrigado!

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia! Tweed

    >@< Faça o download da EliStarA.

    >@< Na página,clique no botão: Descargar EliStarA v xx.xx,que fica situado ao pé da página.

    >@< Salve a ferramenta no Disco Local-C,em uma pasta própria.

    >@< Faça o download do ELINOTIF.DLL.

    >@< Salve-o,no interior da pasta criada para EliStarA! << Importante!

    >@< Desabilite as proteções residentes de AntiVírus e AntiSpyware.

    >@< Reinicie o computador em Modo de Segurança.

    >@< Vá ao ícone de EliStarA e execute-a!

    >@< Aguarde,com paciência,o término do scan.

    >@< Terminando,será gerado um relatório ( infoSat.txt ),no Disco Local-C.

    >@< A ferramenta deletará a sua página inicial e,posteriormente você à configurará novamente.

    >@< Reinicie,normalmente,o computador!

    -----------------------

    >@< Faça e poste,na sua resposta: infoSat.txt + HJT,atualizado.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa Noite, Joram! Desculpe a demora, estava trabalhando! Mais uma vez obrigado!

    Seguem os logs:

    Logfile of HijackThis v1.99.1

    Scan saved at 23:09:54, on 21/5/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\PAStiSvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=150.164.255.201:3128

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ufmg.br

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143932335953

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    Wed May 21 22:46:57 2008

    EliStartPage v16.31 ©2008 S.G.H. / Satinfo S.L. (Modificado el 20 de Mayo del 2008)

    --------------------------------------------------

    Lista de Acciones (por Acción Directa):

    No detectado SP3 de Windows XP

    Restaurado fichero de Configuración del IE, (IERESET.INF)

    Eliminadas las Paginas de Inicio y de Busqueda del IE

    Eliminados Ficheros Temporales del IE

    Wed May 21 22:48:48 2008

    EliStartPage v16.31 ©2008 S.G.H. / Satinfo S.L. (Modificado el 20 de Mayo del 2008)

    --------------------------------------------------

    Lista de Acciones (por Exploración):

    Explorando Unidad C:\

    C:\Documents and Settings\Borelli\My Documents\Raul\HDT2004\system\SVGPPT.EXE --> Eliminado, DownLoader.VF

    C:\QooBox\Quarantine\C\I.BAT.VIR --> Eliminado, PWS-OnLineGames.KAVO

    C:\QooBox\Quarantine\C\WINDOWS\system32\FCCCUUMD.DLL.VIR --> Eliminado, Vundo9

    C:\QooBox\Quarantine\C\WINDOWS\system32\JBCCNHVD.DLL.VIR --> Eliminado, Vundo5

    C:\QooBox\Quarantine\C\WINDOWS\system32\JKKKCYPH.DLL.VIR --> Eliminado, DownLoader.ConHook(notify)

    C:\QooBox\Quarantine\C\WINDOWS\system32\LJJATLBU.DLL.VIR --> Eliminado, DownLoader.ConHook(notify)

    C:\QooBox\Quarantine\C\WINDOWS\system32\LJJDTKCU.DLL.VIR --> Eliminado, DownLoader.ConHook(notify)

    C:\QooBox\Quarantine\C\WINDOWS\system32\NNNKEUMG.DLL.VIR --> Eliminado, DownLoader.ConHook(notify)

    C:\QooBox\Quarantine\C\WINDOWS\system32\NNNNKDTU.DLL.VIR --> Eliminado, DownLoader.ConHook(notify)

    C:\QooBox\Quarantine\C\WINDOWS\system32\OPNMNGVO.DLL.VIR --> Eliminado, DownLoader.ConHook(notify)

    Nº Total de Directorios: 5759

    Nº Total de Ficheros: 46964

    Nº de Ficheros analisados: 15646

    Nº de Ficheros Infectados: 10

    Nº de Ficheros Limpiados: 10

    Valeu, abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia! Tweed

    <!> No Executar,digite: ComboFix.exe /u >> Clique: OK

    <!> Na solicitação,escolha o dois. ( 2 ) >> Aguarde a desinstalação!

    ----------------------

    >@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

    >@< Abrirá a página: < BitDefender OnLine Scanner >

    >@< Clique em: < I Agree >

    >@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

    <!> Leia o Tutorial: < Link >

    >@< Poste,então: Relatório do BitDefender + Log do HijackThis,atualizado.

    >@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.log

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Bom dia Joram!

    Seguem os logs:

    Logfile of HijackThis v1.99.1

    Scan saved at 00:25:47, on 26/5/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    C:\WINDOWS\System32\PAStiSvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\MSN Messenger\usnsvc.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=150.164.255.201:3128

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ufmg.br

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143932335953

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    Relatório do BitDefender

    [General]

    App = "BitDefender Online Scanner v8"

    Date = 26:05:2008

    Time = 00:08:00

    Scan Path = A:\;C:\;D:\;H:\;

    [Engines Info]

    Virus Definitions = 1237588

    Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"

    Scan plugins = 16

    Archive plugins = 42

    Unpack plugins = 7

    E-mail plugins = 6

    System plugins = 5

    [scan Statistics]

    Folders = 5797

    Files = 231393

    Archives = 1529

    Packed files = 5683

    Identified viruses = 2

    Infected files = 2

    Warnings = 0

    Suspect files = 0

    Disinfected files = 0

    Deleted files = 2

    Copied files = 0

    Moved files = 0

    Renamed files = 0

    I/O Errors = 28

    [scan Settings]

    SecondAction = Delete

    FirstAction = Disinfect

    Heuristics = 1

    Enable Warnings = 1

    Exclude Ext =

    Extensions = *;

    Scan Emails = 1

    Scan Archives = 1

    Scan Packed = 1

    Scan Files = 1

    Scan Boot = 1

    Verify Memory = 0

    [scan Results]

    Line00000003 = "C:\WINDOWS\system32\fvbmhycu.dll Infected with: Trojan.Generic.272758"

    Line00000002 = "C:\WINDOWS\system32\fvbmhycu.dll Deleted"

    Line00000001 = "C:\WINDOWS\system32\krbwhiax.dll Infected with: Trojan.Generic.269315"

    Line00000000 = "C:\WINDOWS\system32\krbwhiax.dll Deleted"

    Obrigado, abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia! Tweed

    <@> No Executar,digite: ComboFix.exe /u --> Clique: OK

    <@> Na solicitação,escolha o dois. ( 2 ) >> Aguarde a desinstalação!

    ----------------------

    >@< Faça o download do UnHook.

    >@< Baixe-o para o Desktop!

    >@< Execute,agora,a ferramenta da Symantec. ( UnHookExec.inf )

    >@< Clique com o lado direito,do Mouse. >> Clique em Instalar.

    >@< Reinicie o computador!

    ----------------------

    Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

    Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

    Depois,desmarque novamente! >> Aplicar >> Ok.

    Para maiores detalhes,vá em:< Docs >

    <@> O log está limpo! :D

    <@> Bom trabalho!

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa noite joram!! :lol:

    Bom trabalho foi você quem fez!!!!! :D

    Muito obrigado pela disposição, sua ajuda foi fundamental!! Espero que outros possam contar também com sua boa vontade e de seus colegas aqui do forum! A atitude de vocês é exemplar!

    Abraços!:)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×