Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Tweed

Protejaseudrive, nadadevirus e gladiator! Por favor, verifiquem os logs!

Recommended Posts

Olá, antes de tudo gostaria de agradecer a boa vontade de quem ajuda a todos como eu!

Estou postando esse novo tópico como último recurso, percebo que o volume de pedidos de ajuda é muito grande, tentei resolver o problema "sozinho", ou seja, lendo sobre o problema de outros com o mesmo tipo de infecção, mas não obtive resultado!

Já fiz a utilização da ferramenta: Combo.fix, mas acho que não obtive sucesso, acho que ainda há algo que deva ser feito, quando entro no messenger e abro minha página de emails, as janelas do IE continuam abrindo sozinhas e com aquelas malditas propagandas que vocês todos conhecem!!!

Gostaria então que avaliassem estes logs e se possivel indicar a direção para a correção do problema!

Agradeço desde já a ajuda!!!!

Logfile of HijackThis v1.99.1

Scan saved at 15:47:36, on 19/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=150.164.255.201:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ufmg.br

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [bM174e0128] Rundll32.exe "C:\WINDOWS\system32\fvbmhycu.dll",s

O4 - HKLM\..\Run: [147d32b4] rundll32.exe "C:\WINDOWS\system32\khtmrxud.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Anti-virus web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143932335953

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

omboFix 08-05-15.3 - Borelli 2008-05-19 15:05:00.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.264 [GMT -7:00]

Running from: C:\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\dMUuCccf.ini

C:\WINDOWS\system32\dMUuCccf.ini2

C:\WINDOWS\system32\dvhnccbj.ini

C:\WINDOWS\system32\dvhnccbj.ini2

C:\WINDOWS\system32\dvhnccbj.tmp

C:\WINDOWS\system32\fxycegen.tmp

C:\WINDOWS\system32\fxycegen.tmp2

C:\WINDOWS\system32\gcaeijgf.ini

C:\WINDOWS\system32\kavo.exe

C:\WINDOWS\system32\kavo0.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\qvbkhxco.exe

C:\WINDOWS\system32\sjjbdflv.exe

.

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))

.

2008-05-19 14:55 . 2008-05-19 14:55 1,916,951 --a------ C:\ComboFix.exe

2008-05-19 14:19 . 2008-05-19 14:19 <DIR> d-------- C:\VundoFix Backups

2008-05-19 13:58 . 2008-05-19 13:58 6,862 --a------ C:\show-vundo.vbs

2008-05-19 10:41 . 2008-05-19 10:41 114,688 --a------ C:\WINDOWS\system32\negecyxf.dll

2008-05-19 10:39 . 2008-05-19 10:39 124,928 --a------ C:\WINDOWS\system32\kqgcfxcq.dll

2008-05-18 11:24 . 2008-05-18 11:24 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

2008-05-18 10:02 . 2008-05-18 10:02 117,248 --a------ C:\WINDOWS\system32\jbccnhvd.dll

2008-05-18 09:59 . 2008-05-19 15:15 109,807 --a------ C:\WINDOWS\BM174e0128.xml

2008-05-18 09:58 . 2008-05-18 09:58 124,928 --a------ C:\WINDOWS\system32\tpuykelg.dll

2008-05-17 17:07 . 2008-05-17 17:07 <DIR> d-------- C:\WINDOWS\MSApps

2008-05-17 17:00 . 2008-05-17 17:00 58,880 --a------ C:\WINDOWS\system32\nnnKEUMg.dll

2008-05-17 16:59 . 2008-05-17 17:02 <DIR> d-------- C:\Program Files\coolpro2

2008-05-17 16:59 . 2008-05-17 16:59 58,880 --a------ C:\WINDOWS\system32\ljJATLBu.dll

2008-05-17 16:56 . 2008-05-17 16:56 58,880 --a------ C:\WINDOWS\system32\ljJDTKCu.dll

2008-05-17 16:54 . 2008-05-17 16:54 58,880 --a------ C:\WINDOWS\system32\nnnnKDtu.dll

2008-05-17 16:53 . 2008-05-17 16:53 58,880 --a------ C:\WINDOWS\system32\jkkKcYPH.dll

2008-05-17 16:48 . 2008-05-17 16:48 371,712 --a------ C:\WINDOWS\system32\fccCuUMd.dll

2008-05-17 16:43 . 2008-05-17 16:43 58,880 --a------ C:\WINDOWS\system32\opnmNGVo.dll

2008-05-14 08:51 . 2008-05-14 08:51 <DIR> d-------- C:\WINDOWS\Sun

2008-05-12 18:14 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-05-12 18:14 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-05-12 18:14 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-05-12 18:11 . 2006-10-31 13:11 57,344 --a------ C:\WINDOWS\Signet32.dll

2008-05-08 14:38 . 2008-05-08 15:51 493 --a------ C:\WINDOWS\OmSearch.INI

2008-05-08 08:30 . 2008-05-08 08:40 <DIR> d-------- C:\JCO

2008-05-01 14:26 . 2008-05-01 14:26 <DIR> d-------- C:\Documents and Settings\Borelli\Application Data\Syntrillium

2008-04-28 00:13 . 2008-04-08 18:36 117,637 -r-hs---- C:\i.bat

2008-04-27 23:05 . 2008-04-27 23:05 <DIR> d-------- C:\Program Files\MegauploadToolbar

2008-04-27 23:05 . 2008-04-27 23:18 <DIR> d-------- C:\Documents and Settings\Borelli\Application Data\MegauploadToolbar

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-19 22:16 127,837,728 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-19 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-05-19 22:11 859,936 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-19 22:11 81,524 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-05-19 22:11 1,713,140 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-19 09:30 --------- d-----w C:\Documents and Settings\Borelli\Application Data\Skype

2008-05-19 09:13 --------- d-----w C:\Documents and Settings\Borelli\Application Data\skypePM

2008-05-19 05:12 --------- d-----w C:\Program Files\eMule

2008-05-09 05:49 --------- d-----w C:\Documents and Settings\Borelli\Application Data\AdobeUM

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-04 01:21 24,192 ----a-w C:\Documents and Settings\Borelli\usbsermptxp.sys

2008-03-04 01:21 22,768 ----a-w C:\Documents and Settings\Borelli\usbsermpt.sys

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 00:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-06-14 07:15 41,248 ----a-w C:\Documents and Settings\Borelli\Application Data\GDIPFONTCACHEV1.DAT

2007-06-26 02:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll

2007-06-26 02:30 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll

.

------- Sigcheck -------

2002-09-10 06:46 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe

2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe

2002-09-10 06:46 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll

2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2002-08-28 20:41 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe

2002-08-28 19:09 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2002-09-10 06:45 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe

2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe

2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe

2002-08-28 20:41 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe

2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe

2002-08-28 20:41 13312 414de7cf9d3f19c3ea902f1bb38ec116 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe

2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2309EAA2-E2A0-4C06-9DC1-FC3603B5C808}]

2008-05-17 16:48 371712 --a------ C:\WINDOWS\system32\fccCuUMd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]

2008-05-17 16:43 58880 --a------ C:\WINDOWS\system32\opnmNGVo.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57 143360]

"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 17:22 7618560]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-06-01 17:22 86016]

"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [ ]

"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 16:25 212992]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 05:42 176128]

"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37 229437]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02 200768]

"BM174e0128"="C:\WINDOWS\system32\fvbmhycu.dll" [2008-05-19 15:24 124928]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{522E0112-EDD9-413D-A99E-C311A54B6676}"= C:\WINDOWS\system32\opnmNGVo.dll [2008-05-17 16:43 58880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmNGVo]

opnmNGVo.dll 2008-05-17 16:43 58880 C:\WINDOWS\system32\opnmNGVo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\fccCuUMd

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

--a------ 2003-05-21 19:37 229437 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a------ 2003-04-11 16:25 212992 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2003-06-25 12:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2003-09-01 05:42 176128 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]

--a------ 2005-06-08 22:31 96256 C:\Program Files\iolo\System Mechanic Professional 6\delay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\MSMSGS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

--a------ 2005-10-17 05:51 548864 C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]

--a------ 2005-10-17 05:51 453632 C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 IoloFilter;IoloFilter;C:\WINDOWS\system32\drivers\IoloFltr.sys [2005-10-10 19:11]

R3 PAC207;SoC PC-Camera Beta3;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-12 13:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d593795-24fb-11dd-9cb9-000ea6aa09d8}]

\Shell\AutoRun\command - E:\i.bat

\Shell\explore\Command - E:\i.bat

\Shell\open\Command - E:\i.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75e37fa6-0809-11dc-9f18-000ea6aa09d8}]

\Shell\AutoRun\command - E:\i.bat

\Shell\explore\Command - E:\i.bat

\Shell\open\Command - E:\i.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8d20db8-cbbb-11db-9e41-000ea6aa09d8}]

\Shell\AutoRun\command - E:\i.bat

\Shell\explore\Command - E:\i.bat

\Shell\open\Command - E:\i.bat

.

Contents of the 'Scheduled Tasks' folder

"2008-05-03 15:35:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-04-04 00:50:06 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3500#TH4461736876.job"

- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet3500#TH4461736876

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-19 15:16:02

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\yaKSCcdd.ini 345 bytes

C:\WINDOWS\system32\yaKSCcdd.ini2 345 bytes

C:\WINDOWS\system32\ddcCSKay.dll 371712 bytes executable

scan completed successfully

hidden files: 3

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\opnmNGVo.dll

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\fvbmhycu.dll

-> C:\WINDOWS\system32\fccCuUMd.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\PAStiSvc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2008-05-19 15:27:32 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-19 22:26:43

Pre-Run: 3,522,633,728 bytes free

Post-Run: 3,547,287,552 bytes free

228 --- E O F --- 2008-04-11 22:25:21

Aguardo ansioso por uma resposta! Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Tweed

Antes de executar este procedimento,insira sua(s) unidade(s) removíveis,na entrada USB.

<!> Delete:

C:\ComboFix.txt << Log anterior do ComboFix.

----------------------

>@< Selecione e copie,todo o conteúdo que está na área do Código,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

File::
C:\i.bat
E:\i.bat
C:\WINDOWS\system32\negecyxf.dll
C:\WINDOWS\system32\kqgcfxcq.dll
C:\WINDOWS\system32\jbccnhvd.dll
C:\WINDOWS\BM174e0128.xml
C:\WINDOWS\system32\tpuykelg.dll
C:\WINDOWS\system32\nnnKEUMg.dll
C:\WINDOWS\system32\ljJATLBu.dll
C:\WINDOWS\system32\ljJDTKCu.dll
C:\WINDOWS\system32\nnnnKDtu.dll
C:\WINDOWS\system32\jkkKcYPH.dll
C:\WINDOWS\system32\fccCuUMd.dll
C:\WINDOWS\system32\opnmNGVo.dll
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d593795-24fb-11dd-9cb9-000ea6aa09d8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75e37fa6-0809-11dc-9f18-000ea6aa09d8}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8d20db8-cbbb-11db-9e41-000ea6aa09d8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2309EAA2-E2A0-4C06-9DC1-FC3603B5C808}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmNGVo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM174e0128"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{522E0112-EDD9-413D-A99E-C311A54B6676}"=-
Folder::
C:\VundoFix Backups

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

cpiadecfscriptxt7.gif

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Caso não reinicie,faça-o manualmente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite, Joram! Obrigado pela atenção!

Antes, gostaria de avisar que não possuo unidade(s) removíveis para entradas USB.

Seguem os logs!

Logfile of HijackThis v1.99.1

Scan saved at 00:51:06, on 21/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=150.164.255.201:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ufmg.br

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143932335953

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

ComboFix 08-05-15.3 - Borelli 2008-05-21 0:26:31.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.280 [GMT -7:00]

Running from: C:\ComboFix.exe

Command switches used :: C:\Documents and Settings\Borelli\Desktop\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\i.bat

C:\WINDOWS\BM174e0128.xml

C:\WINDOWS\system32\fccCuUMd.dll

C:\WINDOWS\system32\jbccnhvd.dll

C:\WINDOWS\system32\jkkKcYPH.dll

C:\WINDOWS\system32\kqgcfxcq.dll

C:\WINDOWS\system32\ljJATLBu.dll

C:\WINDOWS\system32\ljJDTKCu.dll

C:\WINDOWS\system32\negecyxf.dll

C:\WINDOWS\system32\nnnKEUMg.dll

C:\WINDOWS\system32\nnnnKDtu.dll

C:\WINDOWS\system32\opnmNGVo.dll

C:\WINDOWS\system32\tpuykelg.dll

E:\i.bat

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\i.bat

C:\WINDOWS\BM174e0128.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\dMUuCccf.ini

C:\WINDOWS\system32\dMUuCccf.ini2

C:\WINDOWS\system32\duxrmthk.ini

C:\WINDOWS\system32\fccCuUMd.dll

C:\WINDOWS\system32\jbccnhvd.dll

C:\WINDOWS\system32\jkkKcYPH.dll

C:\WINDOWS\system32\jygotucn.ini

C:\WINDOWS\system32\kqgcfxcq.dll

C:\WINDOWS\system32\ljJATLBu.dll

C:\WINDOWS\system32\ljJDTKCu.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\negecyxf.dll

C:\WINDOWS\system32\nnnKEUMg.dll

C:\WINDOWS\system32\nnnnKDtu.dll

C:\WINDOWS\system32\opnmNGVo.dll

C:\WINDOWS\system32\tpuykelg.dll

.

((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))

.

2008-05-20 23:11 . 2008-05-20 23:11 <DIR> d-------- C:\Program Files\Uniblue

2008-05-20 23:11 . 2008-05-20 23:11 <DIR> d-------- C:\Documents and Settings\Borelli\Application Data\Uniblue

2008-05-20 21:34 . 2008-05-20 21:34 117,248 --a------ C:\WINDOWS\system32\ncutogyj.dll

2008-05-20 21:31 . 2008-05-20 21:31 2,560 --a------ C:\WINDOWS\system32\ppvqikvr.exe

2008-05-20 21:30 . 2008-05-20 21:30 126,976 --a------ C:\WINDOWS\system32\krbwhiax.dll

2008-05-19 15:24 . 2008-05-19 15:24 124,928 --a------ C:\WINDOWS\system32\fvbmhycu.dll

2008-05-19 15:24 . 2008-05-19 15:24 2,560 --a------ C:\WINDOWS\system32\seckedlt.exe

2008-05-19 14:55 . 2008-05-19 14:55 1,916,951 --a------ C:\ComboFix.exe

2008-05-18 11:24 . 2008-05-18 11:24 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

2008-05-17 17:07 . 2008-05-17 17:07 <DIR> d-------- C:\WINDOWS\MSApps

2008-05-17 16:59 . 2008-05-17 17:02 <DIR> d-------- C:\Program Files\coolpro2

2008-05-14 08:51 . 2008-05-14 08:51 <DIR> d-------- C:\WINDOWS\Sun

2008-05-12 18:14 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-05-12 18:14 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-05-12 18:14 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-05-12 18:11 . 2006-10-31 13:11 57,344 --a------ C:\WINDOWS\Signet32.dll

2008-05-08 14:38 . 2008-05-08 15:51 493 --a------ C:\WINDOWS\OmSearch.INI

2008-05-08 08:30 . 2008-05-08 08:40 <DIR> d-------- C:\JCO

2008-05-01 14:26 . 2008-05-01 14:26 <DIR> d-------- C:\Documents and Settings\Borelli\Application Data\Syntrillium

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-20 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-05-19 23:02 --------- d-----w C:\Documents and Settings\Borelli\Application Data\skypePM

2008-05-19 23:02 --------- d-----w C:\Documents and Settings\Borelli\Application Data\Skype

2008-05-19 05:12 --------- d-----w C:\Program Files\eMule

2008-05-09 05:49 --------- d-----w C:\Documents and Settings\Borelli\Application Data\AdobeUM

2008-03-04 01:21 24,192 ----a-w C:\Documents and Settings\Borelli\usbsermptxp.sys

2008-03-04 01:21 22,768 ----a-w C:\Documents and Settings\Borelli\usbsermpt.sys

2008-02-20 00:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-06-14 07:15 41,248 ----a-w C:\Documents and Settings\Borelli\Application Data\GDIPFONTCACHEV1.DAT

2007-06-26 02:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll

2007-06-26 02:30 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll

.

------- Sigcheck -------

2002-09-10 06:46 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe

2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe

2002-09-10 06:46 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll

2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2002-08-28 20:41 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe

2002-08-28 19:09 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys

2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2002-09-10 06:45 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe

2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe

2004-08-04 00:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe

2002-08-28 20:41 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe

2004-08-04 00:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe

2002-08-28 20:41 13312 414de7cf9d3f19c3ea902f1bb38ec116 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe

2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe

2004-08-04 00:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 09:57 143360]

"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 17:22 7618560]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-06-01 17:22 86016]

"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [ ]

"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24 49152]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 16:25 212992]

"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 05:42 176128]

"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 19:37 229437]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

--a------ 2003-05-21 19:37 229437 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a------ 2003-04-11 16:25 212992 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2003-06-25 12:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2003-09-01 05:42 176128 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]

--a------ 2005-06-08 22:31 96256 C:\Program Files\iolo\System Mechanic Professional 6\delay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

--a------ 2005-10-17 05:51 548864 C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]

--a------ 2005-10-17 05:51 453632 C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

R0 IoloFilter;IoloFilter;C:\WINDOWS\system32\drivers\IoloFltr.sys [2005-10-10 19:11]

R3 PAC207;SoC PC-Camera Beta3;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-12 13:58]

.

Contents of the 'Scheduled Tasks' folder

"2008-05-03 15:35:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-04-04 00:50:06 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3500#TH4461736876.job"

- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet3500#TH4461736876

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-21 00:35:26

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\PAStiSvc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.41-delta.exe

C:\c51b37d58e8e8fffda1f115657e1\mrtstub.exe

C:\WINDOWS\system32\MRT.exe

C:\WINDOWS\SoftwareDistribution\Download\71346ae154833814462aa3a4477d3137\update\update.exe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2008-05-21 0:45:23 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-21 07:44:46

Pre-Run: 4,143,464,448 bytes free

Post-Run: 4,072,640,512 bytes free

196 --- E O F --- 2008-04-11 22:25:21

Mais uma vez, muito obrigado!

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Tweed

>@< Faça o download da EliStarA.

>@< Na página,clique no botão: Descargar EliStarA v xx.xx,que fica situado ao pé da página.

>@< Salve a ferramenta no Disco Local-C,em uma pasta própria.

>@< Faça o download do ELINOTIF.DLL.

>@< Salve-o,no interior da pasta criada para EliStarA! << Importante!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpyware.

>@< Reinicie o computador em Modo de Segurança.

>@< Vá ao ícone de EliStarA e execute-a!

>@< Aguarde,com paciência,o término do scan.

>@< Terminando,será gerado um relatório ( infoSat.txt ),no Disco Local-C.

>@< A ferramenta deletará a sua página inicial e,posteriormente você à configurará novamente.

>@< Reinicie,normalmente,o computador!

-----------------------

>@< Faça e poste,na sua resposta: infoSat.txt + HJT,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite, Joram! Desculpe a demora, estava trabalhando! Mais uma vez obrigado!

Seguem os logs:

Logfile of HijackThis v1.99.1

Scan saved at 23:09:54, on 21/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=150.164.255.201:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ufmg.br

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143932335953

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Wed May 21 22:46:57 2008

EliStartPage v16.31 ©2008 S.G.H. / Satinfo S.L. (Modificado el 20 de Mayo del 2008)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado SP3 de Windows XP

Restaurado fichero de Configuración del IE, (IERESET.INF)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Wed May 21 22:48:48 2008

EliStartPage v16.31 ©2008 S.G.H. / Satinfo S.L. (Modificado el 20 de Mayo del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Documents and Settings\Borelli\My Documents\Raul\HDT2004\system\SVGPPT.EXE --> Eliminado, DownLoader.VF

C:\QooBox\Quarantine\C\I.BAT.VIR --> Eliminado, PWS-OnLineGames.KAVO

C:\QooBox\Quarantine\C\WINDOWS\system32\FCCCUUMD.DLL.VIR --> Eliminado, Vundo9

C:\QooBox\Quarantine\C\WINDOWS\system32\JBCCNHVD.DLL.VIR --> Eliminado, Vundo5

C:\QooBox\Quarantine\C\WINDOWS\system32\JKKKCYPH.DLL.VIR --> Eliminado, DownLoader.ConHook(notify)

C:\QooBox\Quarantine\C\WINDOWS\system32\LJJATLBU.DLL.VIR --> Eliminado, DownLoader.ConHook(notify)

C:\QooBox\Quarantine\C\WINDOWS\system32\LJJDTKCU.DLL.VIR --> Eliminado, DownLoader.ConHook(notify)

C:\QooBox\Quarantine\C\WINDOWS\system32\NNNKEUMG.DLL.VIR --> Eliminado, DownLoader.ConHook(notify)

C:\QooBox\Quarantine\C\WINDOWS\system32\NNNNKDTU.DLL.VIR --> Eliminado, DownLoader.ConHook(notify)

C:\QooBox\Quarantine\C\WINDOWS\system32\OPNMNGVO.DLL.VIR --> Eliminado, DownLoader.ConHook(notify)

Nº Total de Directorios: 5759

Nº Total de Ficheros: 46964

Nº de Ficheros analisados: 15646

Nº de Ficheros Infectados: 10

Nº de Ficheros Limpiados: 10

Valeu, abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Tweed

<!> No Executar,digite: ComboFix.exe /u >> Clique: OK

<!> Na solicitação,escolha o dois. ( 2 ) >> Aguarde a desinstalação!

----------------------

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em: < I Agree >

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

<!> Leia o Tutorial: < Link >

>@< Poste,então: Relatório do BitDefender + Log do HijackThis,atualizado.

>@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.log

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Joram!

Seguem os logs:

Logfile of HijackThis v1.99.1

Scan saved at 00:25:47, on 26/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=150.164.255.201:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ufmg.br

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143932335953

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Relatório do BitDefender

[General]

App = "BitDefender Online Scanner v8"

Date = 26:05:2008

Time = 00:08:00

Scan Path = A:\;C:\;D:\;H:\;

[Engines Info]

Virus Definitions = 1237588

Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"

Scan plugins = 16

Archive plugins = 42

Unpack plugins = 7

E-mail plugins = 6

System plugins = 5

[scan Statistics]

Folders = 5797

Files = 231393

Archives = 1529

Packed files = 5683

Identified viruses = 2

Infected files = 2

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 2

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 28

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

[scan Results]

Line00000003 = "C:\WINDOWS\system32\fvbmhycu.dll Infected with: Trojan.Generic.272758"

Line00000002 = "C:\WINDOWS\system32\fvbmhycu.dll Deleted"

Line00000001 = "C:\WINDOWS\system32\krbwhiax.dll Infected with: Trojan.Generic.269315"

Line00000000 = "C:\WINDOWS\system32\krbwhiax.dll Deleted"

Obrigado, abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Tweed

<@> No Executar,digite: ComboFix.exe /u --> Clique: OK

<@> Na solicitação,escolha o dois. ( 2 ) >> Aguarde a desinstalação!

----------------------

>@< Faça o download do UnHook.

>@< Baixe-o para o Desktop!

>@< Execute,agora,a ferramenta da Symantec. ( UnHookExec.inf )

>@< Clique com o lado direito,do Mouse. >> Clique em Instalar.

>@< Reinicie o computador!

----------------------

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

<@> O log está limpo! :D

<@> Bom trabalho!

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite joram!! :lol:

Bom trabalho foi você quem fez!!!!! :D

Muito obrigado pela disposição, sua ajuda foi fundamental!! Espero que outros possam contar também com sua boa vontade e de seus colegas aqui do forum! A atitude de vocês é exemplar!

Abraços!:)

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×