Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
APU

Trojan.Linkoptimizer

Posts recomendados

como remover o (trojan.linkoptimizer) ? Meu antivírus detectou a presença do mesmo, mas não consegue remover. Alguém pode me ajudar nesse caso ?

Obrigado,

Rafael Nunes

Compartilhar este post


Link para o post
Compartilhar em outros sites

APU,

@- Faça um scan on-line em um desses links disponíveis: PANDA ou BITDEFENDER

...em todos os discos; reserve log...

@- Baixe o HijackThis, colocando numa pasta em C:\HIJACK\HijackThis.exe

- Para executá-lo, feche todas as janelas abertas e clique em Do a system scan and save a logfile.

- Post um log do hijack, do scan on-line e cole-os na sequência.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mr. Coruja....segue os logs solicitado.

Obrigado,

Rafael Nunes

LOG DO SCAN ONLINE

Incident Status Location

Adware:adware/intcodec Not disinfected Windows Registry

Adware:adware/ieloader Not disinfected Windows Registry

Potentially unwanted tool:application/kill&clean Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF69DF00-2734-477F-8257-27CD04F88779}

Adware:adware/systemdoctor Not disinfected Windows Registry

Dialer:dialer.min Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB893839-10F0-4AF9-92FA-B23528F530AF}

Adware:adware/spywaresheriff Not disinfected Windows Registry

Adware:adware/adrotator Not disinfected Windows Registry

Adware:adware/netword Not disinfected Windows Registry

Adware:adware/wetoffice Not disinfected Windows Registry

Adware:adware/spywaresoftstop Not disinfected Windows Registry

Virus:trj/downloader.imy Disinfected Operating system

Potentially unwanted tool:Application/Psexec.A Not disinfected C:\backup_rafa\programas\remote\automatos.zip[psexec.exe]

Potentially unwanted tool:Application/Psexec.A Not disinfected C:\backup_rafa\programas\remote\client\psexec.exe

Potentially unwanted tool:Application/Psexec.A Not disinfected C:\backup_rafa\programas\remote\client.zip[client/psexec.exe]

Potentially unwanted tool:Application/Psexec.A Not disinfected C:\backup_rafa\programas\remote\psexec.exe

Potentially unwanted tool:Application/Psexec.A Not disinfected C:\backup_rafa\programas\remote\valter\psexec.exe

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@acesso.uol.com[1].txt

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt

Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@as1.falkag[1].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[3].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@de.uol.com[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@google.com[1].txt

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@terra.com[1].txt

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@uol.com[1].txt

Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@valueclick[1].txt

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt

SEGUE ABAIXO O LOG DO HIJACKTHIS

Logfile of HijackThis v1.99.1

Scan saved at 11:14:05, on 22/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Drivers\trcboot.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\Program Files\c4ebreg\c4ebreg.exe

c:\sdwork\issimsvc.exe

C:\notes\ntmulti.exe

C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\TPHDEXLG.EXE

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\Drivers\ldlcserv.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\IBM\Personal Communications\tpam.exe

C:\Program Files\c4ebreg\isamtray.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\CheckPoint\Integrity Client\iclient.exe

C:\IBMTOOLS\UTILS\ibmprc.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Lotus\Sametime Client\Connect.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3-1.ibm.com/sales/americas/br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/

R3 - Default URLSearchHook is missing

O1 - Hosts: 172.19.33.146 extranet.bancoreal.com.br

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2987AADB-222B-E844-9561-07C71A2446F2} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"

O4 - HKLM\..\Run: [iSAMTray] "C:\Program Files\c4ebreg\isamtray.exe"

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [bLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CheckPoint\Integrity Client\iclient.exe"

O4 - HKLM\..\Run: [defergui] C:\Sdwork\defergui.exe

O4 - HKLM\..\Run: [iSSI EZUpdate Service] "c:\sdwork\issimsvc.exe"

O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q

O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe

O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [socksSNI] C:\Program Files\SNISocks\SocksSNI.exe

O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpStart.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Lotus QuickStart.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Program Files\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?95a3eb71e19f4b51880b4de6baa9a72f

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Program Files\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?95a3eb71e19f4b51880b4de6baa9a72f

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe

O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com

O16 - DPF: {0C89E27C-DD69-44BB-A32E-4D093E859FB2} (strprint.trprints) - https://mcp.microsoft.com/mcp/tools/MCPTranscriptPrint.CAB

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtual...iveXClient1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...wlscbase969.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121293151687

O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBM.COM

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBM.COM

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll

O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\Program Files\c4ebreg\c4ebreg.exe

O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe

O23 - Service: IBM Enterprise estender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe

O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe

O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rafael,

@- Baixe, mas não execute ainda.

- Copie as instruções para o bloco de notas ou imprima!

Observação: Como o Blacklight busca arquivos escondidos. Não rode-o com algum programa, ativo, que "esconda" pastas e arquivos.

@- Em modo normal, execute a Ferramenta Blacklight (blbeta.exe) e aceite o acordo: Next >... Como queremos apenas o log, não remova nenhum arquivo que o programa encontrar, pois algum poderá ser legítimo. Clique em Scan e aguarde...

- Na finalização do scan, o botão Show all processes aparecerá, clique em Close.

- Reserve o log: fsb-xxxxx.log (xxxxx, são números), que estará no mesmo diretório.

--|--

- Feche todas as janelas abertas e execute o Hijack. Clique em Open the Misc Tools section. Em Generate StartupList log, marque as duas opções e clique no botão: "Generate StartupList log". Aguarde...

@- Post os log do StartupList log, do Blacklight (fsb-xxxxx.log) e cole-os na sequência.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mr. Coruja, segue os logs do Blacklight e Hijackthis...

Obrigado,

Rafael Nunes

Blacklight

09/25/06 12:22:21 [info]: BlackLight Engine 1.0.46 initialized

09/25/06 12:22:21 [info]: OS: 5.1 build 2600 (Service Pack 2)

09/25/06 12:22:22 [Note]: 7019 4

09/25/06 12:22:22 [Note]: 7005 0

09/25/06 12:22:46 [Note]: 7006 0

09/25/06 12:22:46 [Note]: 7011 3460

09/25/06 12:22:46 [Note]: 7026 0

09/25/06 12:22:47 [Note]: 7026 0

09/25/06 12:23:04 [Note]: FSRAW library version 1.7.1019

09/25/06 12:28:18 [Note]: 7007 0

Hijackthis (startuplist)

StartupList report, 25/9/2006, 12:30:10

StartupList version: 1.52.2

Started from : C:\HijackThis\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Drivers\trcboot.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\Program Files\c4ebreg\c4ebreg.exe

c:\sdwork\issimsvc.exe

C:\notes\ntmulti.exe

C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE

C:\WINDOWS\System32\TPHDEXLG.EXE

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\Drivers\ldlcserv.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\IBM\Personal Communications\tpam.exe

C:\Program Files\c4ebreg\isamtray.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\CheckPoint\Integrity Client\iclient.exe

C:\IBMTOOLS\UTILS\ibmprc.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

*No files*

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

Lotus QuickStart.lnk = ?

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

vptray = C:\PROGRA~1\SYMANT~1\VPTray.exe

Tpam.exe = "C:\Program Files\IBM\Personal Communications\tpam.exe"

ISAMTray = "C:\Program Files\c4ebreg\isamtray.exe"

TPHOTKEY = C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

BMMGAG = RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

BMMLREF = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

BMMMONWND = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

BLOG = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

TP4EX = tp4ex.exe

TPKMAPHELPER = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

TpShocks = TpShocks.exe

Zone Labs Client = "C:\Program Files\CheckPoint\Integrity Client\iclient.exe"

defergui = C:\Sdwork\defergui.exe

ISSI EZUpdate Service = "c:\sdwork\issimsvc.exe"

C4EBReg = "C:\Program Files\c4ebreg\c4ebreg.exe" /q

IBMPRC = C:\IBMTOOLS\UTILS\ibmprc.exe

stgclean = c:\sdwork\w32main2.exe /cleanup

PCSuiteTrayApplication = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

SocksSNI = C:\Program Files\SNISocks\SocksSNI.exe

ACTray = C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

ACWLIcon = C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

MyHelpService = "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpStart.exe"

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

PcSync = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]

*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *

StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\IBME-B~1.SCR

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - (no file) - {2987AADB-222B-E844-9561-07C71A2446F2}

(no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

G-Buster Browser Defense ABN AMRO - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll - {C41A1C0E-EA6C-11D4-B1B8-444553540007}

--------------------------------------------------

Enumerating Task Scheduler jobs:

BMMTask.job

Check Updates for Windows Live Toolbar.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[strprint.trprints]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MCPTranscriptPrint.ocx

CODEBASE = https://mcp.microsoft.com/mcp/tools/MCPTranscriptPrint.CAB

[Microsoft Virtual Server VMRC Advanced Control]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\VMRCActiveXClient.dll

CODEBASE = https://www.microsoft.com/resources/virtual...iveXClient1.cab

[bDSCANONLINE Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx

CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[Windows Live Safety Center Base Module]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll

CODEBASE = http://scan.safety.live.com/resource/downl...wlscbase969.cab

[WUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\wuweb.dll

CODEBASE = http://update.microsoft.com/windowsupdate/...b?1121293151687

[LNWebAssist Class]

InProcServer32 = C:\WINDOWS\DOWNLO~1\LNWEBA~1.DLL

CODEBASE = http://w3.ibm.com/bluepages/scripts/lnwebassist.cab

[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll

CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[GbPluginObj Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

CODEBASE = https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\WINDOWS\system32\Hummingbird\Connectivity\8.00\Socks\\hclsock5.dll

Protocol #1: C:\WINDOWS\system32\Hummingbird\Connectivity\8.00\Socks\\hclsock5.dll

Protocol #2: C:\WINDOWS\system32\Hummingbird\Connectivity\8.00\Socks\\hclsock5.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\mswsock.dll

Protocol #5: C:\WINDOWS\system32\mswsock.dll

Protocol #6: C:\WINDOWS\system32\rsvpsp.dll

Protocol #7: C:\WINDOWS\system32\rsvpsp.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\Hummingbird\Connectivity\8.00\Socks\\hclsock5.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\mswsock.dll

Protocol #20: C:\WINDOWS\system32\mswsock.dll

Protocol #21: C:\WINDOWS\system32\mswsock.dll

Protocol #22: C:\WINDOWS\system32\mswsock.dll

Protocol #23: C:\WINDOWS\system32\mswsock.dll

Protocol #24: C:\WINDOWS\system32\mswsock.dll

Protocol #25: C:\WINDOWS\system32\mswsock.dll

Protocol #26: C:\WINDOWS\system32\mswsock.dll

Protocol #27: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: system32\DRIVERS\ABP480N5.SYS (system)

Net Firewall Miniport Interface: system32\DRIVERS\abvpn2k.sys (manual start)

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)

Microsoft Embedded Controller Driver: system32\DRIVERS\ACPIEC.sys (system)

Ac Profile Manager Service: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (autostart)

ACU Configuration Service: C:\WINDOWS\system32\acs.exe (manual start)

Access Connections Main Service: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (autostart)

Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)

adpu160m: system32\DRIVERS\adpu160m.sys (system)

aeaudio: system32\drivers\aeaudio.sys (manual start)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AEGIS Protocol (IEEE 802.1x) v3.4.10.0: system32\DRIVERS\AegisP.sys (autostart)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)

Compaq AGP Bus Filter: system32\DRIVERS\agpCPQ.sys (system)

Aha154x: system32\DRIVERS\aha154x.sys (system)

aic78u2: system32\DRIVERS\aic78u2.sys (system)

aic78xx: system32\DRIVERS\aic78xx.sys (system)

Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

AliIde: system32\DRIVERS\aliide.sys (system)

ALI AGP Bus Filter: system32\DRIVERS\alim1541.sys (system)

AMD AGP Bus Filter Driver: system32\DRIVERS\amdagp.sys (system)

amsint: system32\DRIVERS\amsint.sys (system)

ANC: System32\drivers\ANC.SYS (system)

ANCSQ: System32\drivers\ANCSQ.sys (system)

Anydlc: \SystemRoot\System32\drivers\anydlc.sys (manual start)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Appn: \SystemRoot\System32\drivers\appn.sys (manual start)

AppnApi: \SystemRoot\System32\drivers\appnapi.sys (autostart)

AppnBase: \SystemRoot\System32\drivers\AppnBase.sys (manual start)

AppnNode: C:\WINDOWS\system32\Drivers\appnnode.exe (manual start)

Dual-band Wi-Fi Wireless Mini PCI Adapter: system32\DRIVERS\ar5211.sys (manual start)

asc: system32\DRIVERS\asc.sys (system)

asc3350p: system32\DRIVERS\asc3350p.sys (system)

asc3550: system32\DRIVERS\asc3550.sys (system)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)

RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)

Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)

ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)

ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)

AGN Virtual Network Adapter: system32\DRIVERS\avpnnic.sys (manual start)

Broadcom NetXtreme Gigabit Ethernet: system32\DRIVERS\b57xp32.sys (manual start)

Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

cbidf: system32\DRIVERS\cbidf2k.sys (system)

Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)

Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)

Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)

cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system)

CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

Microsoft AC Adapter Driver: system32\DRIVERS\CmBatt.sys (manual start)

CmdIde: system32\DRIVERS\cmdide.sys (system)

Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)

COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cpqarray: system32\DRIVERS\cpqarray.sys (system)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Cisco Systems VPN Adapter: system32\DRIVERS\CVirtA.sys (manual start)

Cisco Systems, Inc. VPN Service: "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" (autostart)

Cisco Systems IPsec Driver: \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (autostart)

dac2w2k: system32\DRIVERS\dac2w2k.sys (system)

dac960nt: system32\DRIVERS\dac960nt.sys (system)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Symantec AntiVirus Definition Watcher: "C:\Program Files\Symantec AntiVirus\DefWatch.exe" (autostart)

DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Disk Driver: system32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

Deterministic Network Enhancer Miniport: system32\DRIVERS\dne2000.sys (manual start)

DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

dpti2o: system32\DRIVERS\dpti2o.sys (system)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Intel® PRO/1000 Adapter Driver: system32\DRIVERS\e1000325.sys (manual start)

IBM Access Support: \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS (autostart)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)

Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\DRIVERS\fltMgr.sys (system)

Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)

Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)

gwiopm: \??\C:\Program Files\wst\gwiopm.sys (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)

hpn: system32\DRIVERS\hpn.sys (system)

HSFHWICH: system32\DRIVERS\HSFHWICH.sys (manual start)

HSF_DP: system32\DRIVERS\HSF_DP.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i2omp: system32\DRIVERS\i2omp.sys (system)

i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)

IBM Rapid Restore Ultra Service: "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe" (autostart)

ibmfilter: \??\C:\WINDOWS\system32\drivers\ibmfilter.sys (autostart)

IBMPMDRV: system32\DRIVERS\ibmpmdrv.sys (manual start)

IBM PM Service: %SystemRoot%\system32\ibmpmsvc.exe (autostart)

IBM Shared RAM Token-Ring Adapter Miniport: system32\DRIVERS\IBMTOK.sys (manual start)

IBMTPCHK: \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys (system)

IBM Personal Communications LLC2 Driver: system32\DRIVERS\llc2.sys (autostart)

CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)

ini910u: system32\DRIVERS\ini910u.sys (system)

IntelIde: system32\DRIVERS\intelide.sys (system)

Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)

IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)

IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)

IPSEC driver: system32\DRIVERS\ipsec.sys (system)

IrDA Protocol: system32\DRIVERS\irda.sys (autostart)

IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)

Infrared Monitor: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

IBM Standard Asset Manager Service: C:\Program Files\c4ebreg\c4ebreg.exe (autostart)

PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)

ISSI EZUpdate: c:\sdwork\issimsvc.exe (autostart)

Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)

KLOGNT: \SystemRoot\System32\drivers\klognt.sys (manual start)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

IBM Enterprise estender: C:\WINDOWS\system32\Drivers\ldlcserv.exe (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)

Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)

Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)

Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)

mraid35x: system32\DRIVERS\mraid35x.sys (system)

WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)

Microsoft IR Communications Driver: system32\DRIVERS\MSIRCOMM.sys (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)

Multi-user Cleanup Service: C:\notes\ntmulti.exe (autostart)

My Help: C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe (autostart)

NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060920.052\naveng.sys (manual start)

NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060920.052\navex15.sys (manual start)

Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: system32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)

Network Configuration Service: C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE (autostart)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\system32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

NSC Infrared Device Driver: system32\DRIVERS\nscirda.sys (manual start)

NsTrcNT: \SystemRoot\System32\drivers\nstrcnt.sys (autostart)

NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)

Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)

Parallel port driver: system32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

PCIIde: system32\DRIVERS\pciide.sys (system)

Pcmcia: system32\DRIVERS\pcmcia.sys (system)

PDLC Adapter -- COM: \SystemRoot\System32\drivers\pdlnacom.sys (manual start)

PDLC Adapter Factory: \SystemRoot\System32\drivers\pdlnafac.sys (manual start)

Twinax Adapter Common: \SystemRoot\System32\drivers\pdlnatcm.sys (manual start)

Twinax Adapter: \SystemRoot\System32\drivers\pdlnatdl.sys (manual start)

PDLC CxM Classes: \SystemRoot\System32\drivers\pdlncbas.sys (manual start)

PDLC Connection Manager: \SystemRoot\System32\drivers\pdlncfwk.sys (manual start)

Twinax CUT Adapter: \SystemRoot\System32\drivers\pdlnctdl.sys (autostart)

PDLC DLC Classes: \SystemRoot\System32\drivers\pdlndint.sys (manual start)

IBM Enterprise estender (HPR/IP): \SystemRoot\System32\drivers\pdlndldl.sys (autostart)

PDLC LAPB: \SystemRoot\System32\drivers\pdlndlpb.sys (manual start)

PDLC OEM Interface: \SystemRoot\System32\drivers\pdlndoem.sys (manual start)

PDLC QLLC: \SystemRoot\System32\drivers\pdlndqll.sys (manual start)

PDLC SDLC: \SystemRoot\System32\drivers\pdlndsdl.sys (manual start)

Twinax DLC: \SystemRoot\System32\drivers\pdlndtdl.sys (manual start)

PDLC Environment: \SystemRoot\System32\drivers\pdlnebas.sys (manual start)

PDLC Configuration: \SystemRoot\System32\drivers\pdlnecfg.sys (manual start)

PDLC Mapper: \SystemRoot\System32\drivers\pdlnemap.sys (manual start)

PDLC Message Driver: \SystemRoot\System32\drivers\pdlnemsg.sys (manual start)

PDLC Buffer Manager: \SystemRoot\System32\drivers\pdlnepkt.sys (manual start)

PDLC Hayes At signalling: \SystemRoot\System32\drivers\pdlnshay.sys (manual start)

PDLC SDLC Leased: \SystemRoot\System32\drivers\pdlnslea.sys (manual start)

PDLC V25bis signalling: \SystemRoot\System32\drivers\pdlnsv25.sys (manual start)

PDLC X.25: \SystemRoot\System32\drivers\pdlnsx25.sys (manual start)

perc2: system32\DRIVERS\perc2.sys (system)

perc2hib: system32\DRIVERS\perc2hib.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

PMEM: \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS (autostart)

IPSEC Services: %SystemRoot%\system32\lsass.exe (manual start)

WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

IBM PSA Access Driver: \??\C:\WINDOWS\system32\Drivers\psadd.sys (manual start)

IBM PSA Access Driver Control: C:\WINDOWS\system32\PsaSrv.exe (manual start)

Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)

PxHelp20: System32\Drivers\PxHelp20.sys (system)

ql1080: system32\DRIVERS\ql1080.sys (system)

Ql10wnt: system32\DRIVERS\ql10wnt.sys (system)

ql12160: system32\DRIVERS\ql12160.sys (system)

ql1240: system32\DRIVERS\ql1240.sys (system)

ql1280: system32\DRIVERS\ql1280.sys (system)

Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

WAN Miniport (IrDA): system32\DRIVERS\rasirda.sys (manual start)

WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

SAVRoam: "C:\Program Files\Symantec AntiVirus\SavRoam.exe" (manual start)

SAVRT: \??\C:\Program Files\Symantec AntiVirus\savrt.sys (system)

SAVRTPEL: \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys (autostart)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (disabled)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: system32\DRIVERS\secdrv.sys (manual start)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)

Serial port driver: system32\DRIVERS\serial.sys (system)

ServiceLayer: "C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe" (manual start)

High-Capacity Floppy Disk Drive: system32\DRIVERS\sfloppy.sys (manual start)

Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

SIS AGP Bus Filter: system32\DRIVERS\sisagp.sys (system)

Smapint: System32\drivers\Smapint.sys (system)

smwdm: system32\drivers\smwdm.sys (manual start)

Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)

Sparrow: system32\DRIVERS\sparrow.sys (system)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

System Restore Filter Driver: system32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)

Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{70BEF680-FB0F-4516-A343-97C83A5A78F6} (manual start)

Symantec AntiVirus: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" (autostart)

symc810: system32\DRIVERS\symc810.sys (system)

symc8xx: system32\DRIVERS\symc8xx.sys (system)

SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)

SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)

SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)

sym_hi: system32\DRIVERS\sym_hi.sys (system)

sym_u3: system32\DRIVERS\sym_u3.sys (system)

Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)

TDSMAPI: System32\drivers\TDSMAPI.SYS (system)

Terminal Device Driver: system32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)

TosIde: system32\DRIVERS\toside.sys (system)

IBM HDD APS Logging Service: System32\TPHDEXLG.EXE (autostart)

IBM KCU Service: C:\WINDOWS\system32\TpKmpSVC.exe (autostart)

TPPWR: System32\drivers\Tppwr.sys (system)

IBM Trace Facility: C:\WINDOWS\system32\Drivers\trcboot.exe (autostart)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

TSMAPIP: System32\drivers\TSMAPIP.SYS (system)

ultra: system32\DRIVERS\ultra.sys (system)

Microcode Update Driver: system32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

LGE CDMA Composite USB Device: system32\DRIVERS\lgusbbus.sys (manual start)

LGE CDMA USB Serial Port Drivers: system32\DRIVERS\lgUsbDiag.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)

USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)

LGE CDMA USB Modem: system32\DRIVERS\lgusbmodem.sys (manual start)

USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)

Serviço Messenger Sharing USN Journal Reader: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start)

VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system)

ViaIde: system32\DRIVERS\viaide.sys (system)

vsdatant: System32\vsdatant.sys (system)

TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (manual start)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 45.086 bytes

Report generated in 0,461 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rafael, saberia dizer em qual arquivo e a localização referentes a este alerta do anti-vírus? Seria no registro?

@- Faça o download do(s) programa(s) relacionado(s) abaixo, mas não execute ainda.

- Copie as instruções para o bloco de notas ou imprima!

- Execute a Ferramenta ComboFix.

  • Digite "Y" e <Enter> para continuar.
  • Não abra, nem feche nenhum programa. Aguarde pacientemente pelo scan.

@- Reinicie em modo normal...

- Reserve o log: C:\ComboFix.txt

@- Copie outro log do Hijack (atualizado), do ComboFix.txt e cole-os na sequência.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mr. Coruja, segue os logs solicitado.

Obrigado,

Rafael Nunes

Abaixo segue o caminho do vírus informado, porém não existe nada nesse caminho.

Scan type: Auto-Protect Scan

Event: Threat Found!

Threat: Trojan.Linkoptimizer

File: C:\WINDOWS\system32\nul

Location: C:\WINDOWS\system32

Log Hijackthis

StartupList report, 26/9/2006, 14:57:10

StartupList version: 1.52.2

Started from : C:\HijackThis\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Drivers\trcboot.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\Program Files\c4ebreg\c4ebreg.exe

c:\sdwork\issimsvc.exe

C:\notes\ntmulti.exe

C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\TPHDEXLG.EXE

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\Drivers\ldlcserv.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\IBM\Personal Communications\tpam.exe

C:\Program Files\c4ebreg\isamtray.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\CheckPoint\Integrity Client\iclient.exe

C:\IBMTOOLS\UTILS\ibmprc.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\IBM\My Help\MyHelp.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\IBM\My Help\jre\bin\javaw.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\notes\NLNOTES.EXE

C:\notes\ntaskldr.EXE

C:\Program Files\Common Files\Microsoft Shared\Help\dexplore.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AT&T Network Client\NetClient.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\WINDOWS\system32\notepad.exe

c:\sdwork\issimgui.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:

[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

*No files*

Shell folders AltStartup:

*Folder not found*

User shell folders Startup:

*Folder not found*

User shell folders AltStartup:

*Folder not found*

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

Lotus QuickStart.lnk = ?

Shell folders Common AltStartup:

*Folder not found*

User shell folders Common Startup:

*Folder not found*

User shell folders Alternate Common Startup:

*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

vptray = C:\PROGRA~1\SYMANT~1\VPTray.exe

Tpam.exe = "C:\Program Files\IBM\Personal Communications\tpam.exe"

ISAMTray = "C:\Program Files\c4ebreg\isamtray.exe"

TPHOTKEY = C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

BMMGAG = RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

BMMLREF = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

BMMMONWND = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

BLOG = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

TP4EX = tp4ex.exe

TPKMAPHELPER = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

TpShocks = TpShocks.exe

Zone Labs Client = "C:\Program Files\CheckPoint\Integrity Client\iclient.exe"

defergui = C:\Sdwork\defergui.exe

ISSI EZUpdate Service = "c:\sdwork\issimsvc.exe"

C4EBReg = "C:\Program Files\c4ebreg\c4ebreg.exe" /q

IBMPRC = C:\IBMTOOLS\UTILS\ibmprc.exe

stgclean = c:\sdwork\w32main2.exe /cleanup

PCSuiteTrayApplication = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

SocksSNI = C:\Program Files\SNISocks\SocksSNI.exe

ACTray = C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

ACWLIcon = C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

MyHelpService = "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpStart.exe"

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

NetVC - restore VNIC = "C:\PROGRA~1\AT&TNE~1\\NetVC.exe" -reset att_avpnnic

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

PcSync = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

NetSP - restore database = "C:\Program Files\AT&T Network Client\NetSP.exe" -show

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]

*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *

StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\IBME-B~1.SCR

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - (no file) - {2987AADB-222B-E844-9561-07C71A2446F2}

(no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

G-Buster Browser Defense ABN AMRO - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll - {C41A1C0E-EA6C-11D4-B1B8-444553540007}

--------------------------------------------------

Enumerating Task Scheduler jobs:

BMMTask.job

Check Updates for Windows Live Toolbar.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[strprint.trprints]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MCPTranscriptPrint.ocx

CODEBASE = https://mcp.microsoft.com/mcp/tools/MCPTranscriptPrint.CAB

[Microsoft Virtual Server VMRC Advanced Control]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\VMRCActiveXClient.dll

CODEBASE = https://www.microsoft.com/resources/virtual...iveXClient1.cab

[bDSCANONLINE Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx

CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[Windows Live Safety Center Base Module]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll

CODEBASE = http://scan.safety.live.com/resource/downl...wlscbase969.cab

[WUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\wuweb.dll

CODEBASE = http://update.microsoft.com/windowsupdate/...b?1121293151687

[LNWebAssist Class]

InProcServer32 = C:\WINDOWS\DOWNLO~1\LNWEBA~1.DLL

CODEBASE = http://w3.ibm.com/bluepages/scripts/lnwebassist.cab

[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll

CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[GbPluginObj Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

CODEBASE = https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\WINDOWS\system32\Hummingbird\Connectivity\8.00\Socks\\hclsock5.dll

Protocol #1: C:\WINDOWS\system32\Hummingbird\Connectivity\8.00\Socks\\hclsock5.dll

Protocol #2: C:\WINDOWS\system32\Hummingbird\Connectivity\8.00\Socks\\hclsock5.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\mswsock.dll

Protocol #5: C:\WINDOWS\system32\mswsock.dll

Protocol #6: C:\WINDOWS\system32\rsvpsp.dll

Protocol #7: C:\WINDOWS\system32\rsvpsp.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\Hummingbird\Connectivity\8.00\Socks\\hclsock5.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\mswsock.dll

Protocol #20: C:\WINDOWS\system32\mswsock.dll

Protocol #21: C:\WINDOWS\system32\mswsock.dll

Protocol #22: C:\WINDOWS\system32\mswsock.dll

Protocol #23: C:\WINDOWS\system32\mswsock.dll

Protocol #24: C:\WINDOWS\system32\mswsock.dll

Protocol #25: C:\WINDOWS\system32\mswsock.dll

Protocol #26: C:\WINDOWS\system32\mswsock.dll

Protocol #27: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: system32\DRIVERS\ABP480N5.SYS (system)

Net Firewall Miniport Interface: system32\DRIVERS\abvpn2k.sys (manual start)

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)

Microsoft Embedded Controller Driver: system32\DRIVERS\ACPIEC.sys (system)

Ac Profile Manager Service: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (autostart)

ACU Configuration Service: C:\WINDOWS\system32\acs.exe (manual start)

Access Connections Main Service: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (autostart)

Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)

adpu160m: system32\DRIVERS\adpu160m.sys (system)

aeaudio: system32\drivers\aeaudio.sys (manual start)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AEGIS Protocol (IEEE 802.1x) v3.4.10.0: system32\DRIVERS\AegisP.sys (autostart)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)

Compaq AGP Bus Filter: system32\DRIVERS\agpCPQ.sys (system)

Aha154x: system32\DRIVERS\aha154x.sys (system)

aic78u2: system32\DRIVERS\aic78u2.sys (system)

aic78xx: system32\DRIVERS\aic78xx.sys (system)

Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

AliIde: system32\DRIVERS\aliide.sys (system)

ALI AGP Bus Filter: system32\DRIVERS\alim1541.sys (system)

AMD AGP Bus Filter Driver: system32\DRIVERS\amdagp.sys (system)

amsint: system32\DRIVERS\amsint.sys (system)

ANC: System32\drivers\ANC.SYS (system)

ANCSQ: System32\drivers\ANCSQ.sys (system)

Anydlc: \SystemRoot\System32\drivers\anydlc.sys (manual start)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Appn: \SystemRoot\System32\drivers\appn.sys (manual start)

AppnApi: \SystemRoot\System32\drivers\appnapi.sys (autostart)

AppnBase: \SystemRoot\System32\drivers\AppnBase.sys (manual start)

AppnNode: C:\WINDOWS\system32\Drivers\appnnode.exe (manual start)

Dual-band Wi-Fi Wireless Mini PCI Adapter: system32\DRIVERS\ar5211.sys (manual start)

asc: system32\DRIVERS\asc.sys (system)

asc3350p: system32\DRIVERS\asc3350p.sys (system)

asc3550: system32\DRIVERS\asc3550.sys (system)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)

RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)

Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)

ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)

ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)

AGN Virtual Network Adapter: system32\DRIVERS\avpnnic.sys (manual start)

Broadcom NetXtreme Gigabit Ethernet: system32\DRIVERS\b57xp32.sys (manual start)

Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

cbidf: system32\DRIVERS\cbidf2k.sys (system)

Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)

Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)

Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)

cd20xrnt: system32\DRIVERS\cd20xrnt.sys (system)

CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

Microsoft AC Adapter Driver: system32\DRIVERS\CmBatt.sys (manual start)

CmdIde: system32\DRIVERS\cmdide.sys (system)

Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)

COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cpqarray: system32\DRIVERS\cpqarray.sys (system)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Cisco Systems VPN Adapter: system32\DRIVERS\CVirtA.sys (manual start)

Cisco Systems, Inc. VPN Service: "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" (autostart)

Cisco Systems IPsec Driver: \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (autostart)

dac2w2k: system32\DRIVERS\dac2w2k.sys (system)

dac960nt: system32\DRIVERS\dac960nt.sys (system)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Symantec AntiVirus Definition Watcher: "C:\Program Files\Symantec AntiVirus\DefWatch.exe" (autostart)

DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Disk Driver: system32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

Deterministic Network Enhancer Miniport: system32\DRIVERS\dne2000.sys (manual start)

DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

dpti2o: system32\DRIVERS\dpti2o.sys (system)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Intel® PRO/1000 Adapter Driver: system32\DRIVERS\e1000325.sys (manual start)

IBM Access Support: \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS (autostart)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)

Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\DRIVERS\fltMgr.sys (system)

Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)

Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)

gwiopm: \??\C:\Program Files\wst\gwiopm.sys (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)

hpn: system32\DRIVERS\hpn.sys (system)

HSFHWICH: system32\DRIVERS\HSFHWICH.sys (manual start)

HSF_DP: system32\DRIVERS\HSF_DP.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i2omp: system32\DRIVERS\i2omp.sys (system)

i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)

IBM Rapid Restore Ultra Service: "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe" (autostart)

ibmfilter: \??\C:\WINDOWS\system32\drivers\ibmfilter.sys (autostart)

IBMPMDRV: system32\DRIVERS\ibmpmdrv.sys (manual start)

IBM PM Service: %SystemRoot%\system32\ibmpmsvc.exe (autostart)

IBM Shared RAM Token-Ring Adapter Miniport: system32\DRIVERS\IBMTOK.sys (manual start)

IBMTPCHK: \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys (system)

IBM Personal Communications LLC2 Driver: system32\DRIVERS\llc2.sys (autostart)

CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)

ini910u: system32\DRIVERS\ini910u.sys (system)

IntelIde: system32\DRIVERS\intelide.sys (system)

Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)

IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)

IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)

IPSEC driver: system32\DRIVERS\ipsec.sys (system)

IrDA Protocol: system32\DRIVERS\irda.sys (autostart)

IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)

Infrared Monitor: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

IBM Standard Asset Manager Service: C:\Program Files\c4ebreg\c4ebreg.exe (autostart)

PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)

ISSI EZUpdate: c:\sdwork\issimsvc.exe (autostart)

Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)

KLOGNT: \SystemRoot\System32\drivers\klognt.sys (manual start)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

IBM Enterprise estender: C:\WINDOWS\system32\Drivers\ldlcserv.exe (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)

Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)

Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)

Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)

mraid35x: system32\DRIVERS\mraid35x.sys (system)

WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)

Microsoft IR Communications Driver: system32\DRIVERS\MSIRCOMM.sys (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)

Multi-user Cleanup Service: C:\notes\ntmulti.exe (autostart)

My Help: C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe (autostart)

NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060920.052\naveng.sys (manual start)

NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060920.052\navex15.sys (manual start)

Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: system32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)

Network Configuration Service: C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE (autostart)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\system32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

NSC Infrared Device Driver: system32\DRIVERS\nscirda.sys (manual start)

NsTrcNT: \SystemRoot\System32\drivers\nstrcnt.sys (autostart)

NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)

Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)

Parallel port driver: system32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

PCIIde: system32\DRIVERS\pciide.sys (system)

Pcmcia: system32\DRIVERS\pcmcia.sys (system)

PDLC Adapter -- COM: \SystemRoot\System32\drivers\pdlnacom.sys (manual start)

PDLC Adapter Factory: \SystemRoot\System32\drivers\pdlnafac.sys (manual start)

Twinax Adapter Common: \SystemRoot\System32\drivers\pdlnatcm.sys (manual start)

Twinax Adapter: \SystemRoot\System32\drivers\pdlnatdl.sys (manual start)

PDLC CxM Classes: \SystemRoot\System32\drivers\pdlncbas.sys (manual start)

PDLC Connection Manager: \SystemRoot\System32\drivers\pdlncfwk.sys (manual start)

Twinax CUT Adapter: \SystemRoot\System32\drivers\pdlnctdl.sys (autostart)

PDLC DLC Classes: \SystemRoot\System32\drivers\pdlndint.sys (manual start)

IBM Enterprise estender (HPR/IP): \SystemRoot\System32\drivers\pdlndldl.sys (autostart)

PDLC LAPB: \SystemRoot\System32\drivers\pdlndlpb.sys (manual start)

PDLC OEM Interface: \SystemRoot\System32\drivers\pdlndoem.sys (manual start)

PDLC QLLC: \SystemRoot\System32\drivers\pdlndqll.sys (manual start)

PDLC SDLC: \SystemRoot\System32\drivers\pdlndsdl.sys (manual start)

Twinax DLC: \SystemRoot\System32\drivers\pdlndtdl.sys (manual start)

PDLC Environment: \SystemRoot\System32\drivers\pdlnebas.sys (manual start)

PDLC Configuration: \SystemRoot\System32\drivers\pdlnecfg.sys (manual start)

PDLC Mapper: \SystemRoot\System32\drivers\pdlnemap.sys (manual start)

PDLC Message Driver: \SystemRoot\System32\drivers\pdlnemsg.sys (manual start)

PDLC Buffer Manager: \SystemRoot\System32\drivers\pdlnepkt.sys (manual start)

PDLC Hayes At signalling: \SystemRoot\System32\drivers\pdlnshay.sys (manual start)

PDLC SDLC Leased: \SystemRoot\System32\drivers\pdlnslea.sys (manual start)

PDLC V25bis signalling: \SystemRoot\System32\drivers\pdlnsv25.sys (manual start)

PDLC X.25: \SystemRoot\System32\drivers\pdlnsx25.sys (manual start)

perc2: system32\DRIVERS\perc2.sys (system)

perc2hib: system32\DRIVERS\perc2hib.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

PMEM: \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS (disabled)

IPSEC Services: %SystemRoot%\system32\lsass.exe (manual start)

WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

IBM PSA Access Driver: \??\C:\WINDOWS\system32\Drivers\psadd.sys (manual start)

IBM PSA Access Driver Control: C:\WINDOWS\system32\PsaSrv.exe (manual start)

Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)

PxHelp20: System32\Drivers\PxHelp20.sys (system)

ql1080: system32\DRIVERS\ql1080.sys (system)

Ql10wnt: system32\DRIVERS\ql10wnt.sys (system)

ql12160: system32\DRIVERS\ql12160.sys (system)

ql1240: system32\DRIVERS\ql1240.sys (system)

ql1280: system32\DRIVERS\ql1280.sys (system)

Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

WAN Miniport (IrDA): system32\DRIVERS\rasirda.sys (manual start)

WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

SAVRoam: "C:\Program Files\Symantec AntiVirus\SavRoam.exe" (manual start)

SAVRT: \??\C:\Program Files\Symantec AntiVirus\savrt.sys (system)

SAVRTPEL: \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys (autostart)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (disabled)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: system32\DRIVERS\secdrv.sys (manual start)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)

Serial port driver: system32\DRIVERS\serial.sys (system)

ServiceLayer: "C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe" (manual start)

High-Capacity Floppy Disk Drive: system32\DRIVERS\sfloppy.sys (manual start)

Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

SIS AGP Bus Filter: system32\DRIVERS\sisagp.sys (system)

Smapint: System32\drivers\Smapint.sys (system)

smwdm: system32\drivers\smwdm.sys (manual start)

Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)

Sparrow: system32\DRIVERS\sparrow.sys (system)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

System Restore Filter Driver: system32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)

Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{70BEF680-FB0F-4516-A343-97C83A5A78F6} (manual start)

Symantec AntiVirus: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" (autostart)

symc810: system32\DRIVERS\symc810.sys (system)

symc8xx: system32\DRIVERS\symc8xx.sys (system)

SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)

SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)

SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)

sym_hi: system32\DRIVERS\sym_hi.sys (system)

sym_u3: system32\DRIVERS\sym_u3.sys (system)

Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)

TDSMAPI: System32\drivers\TDSMAPI.SYS (system)

Terminal Device Driver: system32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)

TosIde: system32\DRIVERS\toside.sys (system)

IBM HDD APS Logging Service: System32\TPHDEXLG.EXE (autostart)

IBM KCU Service: C:\WINDOWS\system32\TpKmpSVC.exe (autostart)

TPPWR: System32\drivers\Tppwr.sys (system)

IBM Trace Facility: C:\WINDOWS\system32\Drivers\trcboot.exe (autostart)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

TSMAPIP: System32\drivers\TSMAPIP.SYS (system)

ultra: system32\DRIVERS\ultra.sys (system)

Microcode Update Driver: system32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

LGE CDMA Composite USB Device: system32\DRIVERS\lgusbbus.sys (manual start)

LGE CDMA USB Serial Port Drivers: system32\DRIVERS\lgUsbDiag.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)

USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)

LGE CDMA USB Modem: system32\DRIVERS\lgusbmodem.sys (manual start)

USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)

Serviço Messenger Sharing USN Journal Reader: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start)

VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system)

ViaIde: system32\DRIVERS\viaide.sys (system)

vsdatant: System32\vsdatant.sys (system)

TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (manual start)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 45.836 bytes

Report generated in 0,541 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

LOG COMBOFIT

Administrator - 06-09-26 11:46:09,42 Service Pack 2

ComboFix 06.09.26 - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-08-26 to 2006-09-26 ))))))))))))))))))))))))))))))))))

2006-09-16 18:55 8 --a------ C:\WINDOWS\system32\HJYWCPNGNWHY.SYS

2006-09-15 20:59 291,360 --a------ C:\iislockd.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-09-26 10:52 -------- d-------- C:\Program Files\C4ebreg

2006-09-25 12:42 -------- d-------- C:\Program Files\Symantec AntiVirus

2006-09-24 11:48 -------- d-------- C:\Program Files\WinRAR

2006-09-24 11:48 -------- d-------- C:\Program Files\Windows Live Toolbar

2006-09-24 11:48 -------- d-------- C:\Program Files\MSN Messenger

2006-09-24 11:48 -------- d-------- C:\Program Files\Internet Explorer

2006-09-24 11:48 -------- d-------- C:\Program Files\Common Files\Symantec Shared

2006-09-22 09:28 -------- d-------- C:\Program Files\Visual CertExam Suite

2006-09-16 18:55 -------- d-------- C:\Program Files\D'Accord Music Software

2006-09-09 09:45 -------- d-------- C:\Program Files\Common Files\Microsoft Shared

2006-09-08 12:53 -------- d-------- C:\Program Files\WST

2006-08-31 23:53 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft

2006-08-22 14:09 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003

2006-08-22 14:09 -------- d-------- C:\Program Files\Microsoft TechNet

2006-08-21 09:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-08-21 06:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

2006-08-21 06:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys

2006-08-20 19:39 -------- d-------- C:\Program Files\Trend Micro

2006-08-18 15:42 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2006-08-18 15:42 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Windows Live Safety Center

2006-08-18 13:36 -------- d-------- C:\Program Files\Windows Live Safety Center

2006-08-17 10:42 -------- d-------- C:\Program Files\Microsoft Office

2006-08-15 11:49 -------- d-------- C:\Program Files\IBM

2006-08-15 11:49 -------- d-------- C:\Program Files\Common Files\My Help

2006-08-15 11:49 -------- d-------- C:\Program Files\Common Files

2006-08-15 11:48 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-08-03 18:38 -------- d-------- C:\Program Files\Longman

2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

2006-07-28 16:28 57344 --a------ C:\WINDOWS\isamunin.exe

2006-07-28 16:21 7012 --------- C:\WINDOWS\system32\drivers\PMEMNT.SYS

2006-07-28 08:21 52328 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT

2006-07-27 15:51 8 --a------ C:\Documents and Settings\Administrator\Application Data\NMM-MetaData.db

2006-07-27 10:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-07-21 05:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

2006-06-28 11:23 2336424 --a------ C:\WINDOWS\system32\AS_Storage.dll

2006-06-28 11:23 115880 --------- C:\WINDOWS\system32\pxinsi64.exe

2006-06-28 11:23 114856 --------- C:\WINDOWS\system32\pxcpyi64.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]

"NetSP - restore database"="\"C:\\Program Files\\AT&T Network Client\\NetSP.exe\" -show"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"

"Tpam.exe"="\"C:\\Program Files\\IBM\\Personal Communications\\tpam.exe\""

"ISAMTray"="\"C:\\Program Files\\c4ebreg\\isamtray.exe\""

"TPHOTKEY"="C:\\PROGRA~1\\ThinkPad\\PkgMgr\\HOTKEY\\

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rafael, agora falta pouco..., estamos quase lá. Porém, o log do ComboFix saiu cortado, pois excedeu o limite de caracteres do post e, também, o log do Hijack não era esse, e sim o padrão (...clique em Do a system scan and save a logfile), como especificado no Post nº #3. Desculpe-me por não ter explicado corretamente. Mas, não tem problema. Faremos o seguinte:

@- Edite o seu post acima, retirando o log do StartupList e deixe apenas a informação solicitada do arquivo (...File: C:\WINDOWS\system32\nul...) e o log completo do ComboFix (...até, Completion time: ... 16:00...).

@- Vá até o site abaixo para fazer um scan completo dos AVs neste arquivo "bizarro" em vermelho:

http://www.virustotal.com/en/indexf.html

- Em "Select file", clique em "Arquivo" para localizá-lo e em seguida em "Send".

C:\WINDOWS\system32\HJYWCPNGNWHY.SYS

Aguarde até sair o resultado, copie a(s) lista(s) do(s) resultado(s) e retorne...

--|--

@- Baixe o: Prevx Removal Tool (reserve-o)

@- Baixe o: Registry Search Tool;

- Execute o RegSrch.vbs e cole na caixa: HJYWCPNGNWHY

Obs: Caso o Av não deixe rodá-la, desabilite-o.

- Copie o resultado do scan da vbs e retorne também...

--|--

- Saia da internet > Se for o seu caso: retire os cabos de sua conexão/desplug completamente o computador da internet > Desabilite o(s) programas de proteção (Avs e Spys).

- Feche todos os programas e rode o prevxremovaltool.exe > Scan > OK > Sim > OK para reiniciar.

- Assim que a ferrmaneta terminar, reserve o log: C:\gromozon_removal.log...

--|--

@- Reinicie em modo normal.

@- Post os log do Hijack (Do a system scan and save a logfile), resultado do scan do arquivo (HJYWCPNGNWHY.SYS), scan da vbs , gromozon_removal e cole-os na sequência.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mr. Coruja, segue os novos logs solicitado.

detalhe, a notificação do antivírus para o linkoptimizer não aparece mais, isso depois que executei o prevxremovaltool.exe

Caso já esteja resolvido, agradeço por todo esse trabalho e a atenção que foi prestada !!!

Rafael Nunes

Abaixo segue o caminho do vírus informado, porém não existe nada nesse caminho.

Scan type: Auto-Protect Scan

Event: Threat Found!

Threat: Trojan.Linkoptimizer

File: C:\WINDOWS\system32\nul

Location: C:\WINDOWS\system32

Combofix

Administrator - 06-09-28 14:43:41,85 Service Pack 2

ComboFix 06.09.26 - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-08-28 to 2006-09-28 ))))))))))))))))))))))))))))))))))

2006-09-16 18:55 8 --a------ C:\WINDOWS\system32\HJYWCPNGNWHY.SYS

2006-09-15 20:59 291,360 --a------ C:\iislockd.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-09-28 14:04 -------- d-------- C:\Program Files\C4ebreg

2006-09-26 15:45 -------- d-------- C:\Program Files\Symantec AntiVirus

2006-09-24 11:48 -------- d-------- C:\Program Files\WinRAR

2006-09-24 11:48 -------- d-------- C:\Program Files\Windows Live Toolbar

2006-09-24 11:48 -------- d-------- C:\Program Files\MSN Messenger

2006-09-24 11:48 -------- d-------- C:\Program Files\Internet Explorer

2006-09-24 11:48 -------- d-------- C:\Program Files\Common Files\Symantec Shared

2006-09-22 09:28 -------- d-------- C:\Program Files\Visual CertExam Suite

2006-09-16 18:55 -------- d-------- C:\Program Files\D'Accord Music Software

2006-09-13 15:05 57344 --a------ C:\WINDOWS\isamunin.exe

2006-09-09 09:45 -------- d-------- C:\Program Files\Common Files\Microsoft Shared

2006-09-08 12:53 -------- d-------- C:\Program Files\WST

2006-08-31 23:53 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft

2006-08-22 14:09 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003

2006-08-22 14:09 -------- d-------- C:\Program Files\Microsoft TechNet

2006-08-21 09:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-08-21 06:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

2006-08-21 06:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys

2006-08-20 19:39 -------- d-------- C:\Program Files\Trend Micro

2006-08-18 15:42 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2006-08-18 15:42 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Windows Live Safety Center

2006-08-18 13:36 -------- d-------- C:\Program Files\Windows Live Safety Center

2006-08-17 10:42 -------- d-------- C:\Program Files\Microsoft Office

2006-08-15 11:49 -------- d-------- C:\Program Files\IBM

2006-08-15 11:49 -------- d-------- C:\Program Files\Common Files\My Help

2006-08-15 11:49 -------- d-------- C:\Program Files\Common Files

2006-08-15 11:48 -------- d--h----- C:\Program Files\InstallShield Installation Information

2006-08-03 18:38 -------- d-------- C:\Program Files\Longman

2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

2006-07-28 16:21 7012 --------- C:\WINDOWS\system32\drivers\PMEMNT.SYS

2006-07-28 08:21 52328 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT

2006-07-27 15:51 8 --a------ C:\Documents and Settings\Administrator\Application Data\NMM-MetaData.db

2006-07-27 10:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-07-21 05:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

2006-06-28 11:23 2336424 --a------ C:\WINDOWS\system32\AS_Storage.dll

2006-06-28 11:23 115880 --------- C:\WINDOWS\system32\pxinsi64.exe

2006-06-28 11:23 114856 --------- C:\WINDOWS\system32\pxcpyi64.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]

"NetSP - restore database"="\"C:\\Program Files\\AT&T Network Client\\NetSP.exe\" -show"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"

"Tpam.exe"="\"C:\\Program Files\\IBM\\Personal Communications\\tpam.exe\""

"ISAMTray"="\"C:\\Program Files\\c4ebreg\\isamtray.exe\""

"TPHOTKEY"="C:\\PROGRA~1\\ThinkPad\\PkgMgr\\HOTKEY\\TPHKMGR.exe"

"BMMGAG"="RunDll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\pwrmonit.dll,StartPwrMonitor"

"BMMLREF"="C:\\Program Files\\ThinkPad\\Utilities\\BMMLREF.EXE"

"BMMMONWND"="rundll32.exe C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatInfEx.dll,BMMAutonomicMonitor"

"BLOG"="rundll32.exe C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatLogEx.DLL,StartBattLog"

"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"

"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"

"TP4EX"="tp4ex.exe"

"TPKMAPHELPER"="C:\\Program Files\\ThinkPad\\Utilities\\TpKmapAp.exe -helper"

"TpShocks"="TpShocks.exe"

"Zone Labs Client"="\"C:\\Program Files\\CheckPoint\\Integrity Client\\iclient.exe\""

"defergui"="C:\\Sdwork\\defergui.exe"

"ISSI EZUpdate Service"="\"c:\\sdwork\\issimsvc.exe\""

"C4EBReg"="\"C:\\Program Files\\c4ebreg\\c4ebreg.exe\" /q"

"IBMPRC"="C:\\IBMTOOLS\\UTILS\\ibmprc.exe"

"stgclean"="c:\\sdwork\\w32main2.exe /cleanup"

"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"

"SocksSNI"="C:\\Program Files\\SNISocks\\SocksSNI.exe"

"ACTray"="C:\\Program Files\\ThinkPad\\ConnectUtilities\\ACTray.exe"

"ACWLIcon"="C:\\Program Files\\ThinkPad\\ConnectUtilities\\ACWLIcon.exe"

"MyHelpService"="\"C:\\Program Files\\IBM\\My Help\\plugins\\com.ibm.myhelp.installer\\service\\MyHelpStart.exe\""

"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\

65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\e-mail]

"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]

"NetVC - restore VNIC"="\"C:\\PROGRA~1\\AT&TNE~1\\\\NetVC.exe\" -reset att_avpnnic"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,d4,01,00,00,00,00,00,00,2c,02,00,00,de,02,00,00,00,\

00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c0,02,\

00,00,04,00,00,40

"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c0,02,\

00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"="GbPlugin ShlObj"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

"NoDevMgrUpdate"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders

securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\BMMTask.job

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Completion time: Thu 28/09/2006 14:49:43.68

ComboFix.txt

ComboFix2.txt

REGISTRY RESEARCH

REGEDIT4

; RegSrch.vbs © Bill James

; Registry search results for string "HJYWCPNGNWHY" 28/9/2006 15:50:47

; NOTE: This file will be deleted when you close WordPad.

; You must manually save this file to a new location if you want to refer to it again later.

; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_USERS\S-1-5-21-3343496804-1096030924-2384905580-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]

"e"="C:\\WINDOWS\\system32\\HJYWCPNGNWHY.SYS"

[HKEY_USERS\S-1-5-21-3343496804-1096030924-2384905580-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\SYS]

"a"="C:\\WINDOWS\\system32\\HJYWCPNGNWHY.SYS"

HIJACKTHIS

Logfile of HijackThis v1.99.1

Scan saved at 17:28:05, on 28/9/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Drivers\trcboot.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\Program Files\c4ebreg\c4ebreg.exe

c:\sdwork\issimsvc.exe

C:\notes\ntmulti.exe

C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\TPHDEXLG.EXE

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\Drivers\ldlcserv.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\IBM\Personal Communications\tpam.exe

C:\Program Files\c4ebreg\isamtray.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\CheckPoint\Integrity Client\iclient.exe

C:\IBMTOOLS\UTILS\ibmprc.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\IBM\My Help\MyHelp.exe

C:\Program Files\IBM\My Help\jre\bin\javaw.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3-1.ibm.com/sales/americas/br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/

R3 - Default URLSearchHook is missing

O1 - Hosts: 172.19.33.146 extranet.bancoreal.com.br

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2987AADB-222B-E844-9561-07C71A2446F2} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"

O4 - HKLM\..\Run: [iSAMTray] "C:\Program Files\c4ebreg\isamtray.exe"

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [bLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CheckPoint\Integrity Client\iclient.exe"

O4 - HKLM\..\Run: [defergui] C:\Sdwork\defergui.exe

O4 - HKLM\..\Run: [iSSI EZUpdate Service] "c:\sdwork\issimsvc.exe"

O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q

O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe

O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [socksSNI] C:\Program Files\SNISocks\SocksSNI.exe

O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpStart.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Lotus QuickStart.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Program Files\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?95a3eb71e19f4b51880b4de6baa9a72f

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Program Files\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?95a3eb71e19f4b51880b4de6baa9a72f

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe

O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com

O16 - DPF: {0C89E27C-DD69-44BB-A32E-4D093E859FB2} (strprint.trprints) - https://mcp.microsoft.com/mcp/tools/MCPTranscriptPrint.CAB

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtual...iveXClient1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...wlscbase969.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121293151687

O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBM.COM

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBM.COM

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll

O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\Program Files\c4ebreg\c4ebreg.exe

O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe

O23 - Service: IBM Enterprise estender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe

O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe

O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

GROMOZON_REMOVAL.LOG

Removal tool loaded into memory

------------------------------------

Executing rootkit removal engine....

------------------------------------

Disabling rootkit file: \\?\C:\WINDOWS\system32\nul.hxg

\\?\C:\WINDOWS\system32\nul.hxg

Resetting file permissions...

Clearing attributes...

Removing file...

Rootkit removed! Cleaning up...

Removing temp files...

Scanning: C:\WINDOWS

Gromozon-Related Malicious Code Detected!

FileName: C:\WINDOWS\pjnfa1.dll

Removed!

Scanning: C:\Program Files\Common Files

Trojan.Gromozon Removed!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rafael, beleza então... só faltou mesmo o resultado do scan do arquivo: HJYWCPNGNWHY.SYS

Precisamos saber se ele é ruim. Por favor, vá até o site abaixo para fazer um scan completo dos AVs neste arquivo abaixo em vermelho:

http://www.virustotal.com/en/indexf.html

- Em "Select file", clique em "Arquivo" para localizá-lo e em seguida em "Send".

-.-(Ou copie o caminho completo abaixo (Ctrl+c) e cole (Ctrl+v) dentro da box)-.-

C:\WINDOWS\system32\HJYWCPNGNWHY.SYS

Aguarde até sair o resultado, copie a(s) lista(s) do(s) resultado(s) e cole na sequência.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites

Mr. Coruja segue o log do virustotal solicitado

cara....realmente resolveu, minha maquina está agora com comportamento normal, sem consumo excessivo de ram...enfim, está normal agora.....

Obrigado pela ajuda e paciência !!!

[ ]'s

Antivirus Version Update Result

AntiVir 7.2.0.22 09.29.2006 no virus found

Authentium 4.93.8 09.29.2006 no virus found

Avast 4.7.892.0 09.29.2006 no virus found

AVG 386 09.29.2006 no virus found

BitDefender 7.2 09.29.2006 no virus found

CAT-QuickHeal 8.00 09.29.2006 no virus found

ClamAV devel-20060426 09.28.2006 no virus found

DrWeb n - no virus found

eTrust-InoculateIT 23.73.8 09.29.2006 no virus found

eTrust-Vet 30.3.3105 09.29.2006 no virus found

Ewido 4.0 09.29.2006 no virus found

Fortinet 2.82.0.0 09.29.2006 no virus found

F-Prot 3.16f 09.29.2006 no virus found

F-Prot4 4.2.1.29 09.29.2006 no virus found

Ikarus 0.2.65.0 09.29.2006 no virus found

Kaspersky 4.0.2.24 09.29.2006 no virus found

McAfee 4863 09.29.2006 no virus found

Microsoft 1.1603 09.29.2006 no virus found

NOD32v2 1.1783 09.29.2006 no virus found

Norman 5.90.23 09.29.2006 no virus found

Panda 9.0.0.4 09.29.2006 no virus found

Sophos 4.10.0 09.29.2006 no virus found

Symantec 8.0 09.29.2006 no virus found

TheHacker 6.0.1.086 09.29.2006 no virus found

UNA 1.83 09.29.2006 no virus found

VBA32 3.11.1 09.29.2006 no virus found

VirusBuster 4.3.7:9 09.29.2006 no virus found

Compartilhar este post


Link para o post
Compartilhar em outros sites

<div align="center">Rafael, é... o arquivo não parece ruim.

Caso queira, poderá apenas trocar a extensão de: HJYWCPNGNWHY.SYS para: HJYWCPNGNWHY.SYS.OLD

O seu log está LIMPO! Mais algum problema relacionado com os malwares?

Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

Antes, faça uma limpeza nos caches dos navegadores</div>

<div align="center">Obrigado pelo retorno e um forte abraço!</div>

<div align="center">buho8xs.gif</div>

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Aprenda_a_Ler_Resistores_e_Capacitores-capa-3d-newsletter.jpg

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!