[Resolvido!]Sumiu meu Desktop (Vista)

[Fuzue 0]

Quando inicio o windows aparece apenas uma janela do windows explorer. Andei abrindo alguns keygen.... e para minha supresa apos reiniciar........

Passei o av on-line do site Kaspersky Labs e o mesmo detectou um virus. Limpei o virus, passei o av novamente e o sistema esta limpo, porem qdo inicio o pc continua aparecendo apenas uma janela do windows explorer.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:52:25, on 19/03/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Fre\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKLM\..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce

O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Vongo Tray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

No aguardo de ajuda.

 

Obrigado!

[jgarcia 1]

Opa Fuzue,

 

Faça o seguinte:

 

Baixe o HijackThis versão 2.0.2.

 

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

 

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

 

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

 

Abraços.

[Fuzue 0]

E ae Jgarcia,

 

você saberia me falar pra que serve o csrss.exe???

 

Estou postando o novo Logfile.....

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:28:19, on 25/03/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Windows\System32\rundll32.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKLM\..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce

O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Vongo Tray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8787 bytes

 

Abraços,

 

Fuzue

[jgarcia 1]

Opa Fuzue,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

... quanto à sua dúvida:

você saberia me falar pra que serve o csrss.exe???

Neste caso, em específico, trata-se de um vírus.

 

Abraços.

[Fuzue 0]

Fala Jgarcia,

 

Segue relatorios abaixo:

 

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 26/03/2008 - 10:15

-------------------------------------------------------

Lista de Definição: 2008-02-22-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:22:16, on 26/03/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Windows\System32\rundll32.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKLM\..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce

O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Vongo Tray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8710 bytes

 

 

Abraços,

 

Fuzue

[jgarcia 1]

Opa Fuzue,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[Fuzue 0]

Fala Jgarcia,

 

Segue abaixo os logs solicitados:

 

ComboFix 08-03-30.3 - Marcia 2008-03-31 10:35:13.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.357 [GMT -3:00]

Running from: C:\Users\Marcia\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-26 13:27 --------- d-----w C:\Users\Marcia\AppData\Roaming\Hewlett-Packard

2008-03-25 18:25 --------- d-----w C:\ProgramData\Symantec

2008-03-18 13:21 --------- d-----w C:\Users\Marcia\AppData\Roaming\InstallShield

2008-03-16 20:15 --------- d-----w C:\Program Files\Yahoo!

2008-03-16 20:15 --------- d-----w C:\Program Files\Winamp

2008-03-16 20:05 --------- d-----w C:\Users\Marcia\AppData\Roaming\Winamp

2008-03-16 20:05 --------- d-----w C:\Users\Marcia\AppData\Roaming\Samsung

2008-03-16 20:04 --------- d-----w C:\Users\Marcia\AppData\Roaming\LimeWire

2008-03-16 19:31 --------- d-----w C:\Program Files\Windows Mail

2008-03-15 22:55 --------- d---a-w C:\ProgramData\TEMP

2008-03-15 14:25 --------- d-----w C:\ProgramData\DFX

2008-03-15 14:25 --------- d-----w C:\Program Files\DFX

2008-03-15 14:21 --------- d-----w C:\Program Files\7-Zip

2008-03-13 19:10 --------- d-----w C:\ProgramData\Microsoft Help

2008-03-13 18:51 --------- d-----w C:\Program Files\Norton Internet Security

2008-03-13 18:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-10 18:30 --------- d-----w C:\Program Files\LimeWire

2008-03-10 17:34 --------- d-----w C:\Program Files\Rhapsody

2008-03-10 00:05 --------- d-----w C:\Program Files\Common Files\Real

2008-03-10 00:04 8,413 ----a-w C:\Windows\system32\drivers\mcstrm.sys

2008-03-09 19:34 --------- d-----w C:\ProgramData\NVIDIA

2008-03-09 18:46 --------- d-----w C:\Program Files\Google

2008-03-09 18:14 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-03-09 17:18 --------- d-----w C:\Program Files\Java

2008-03-08 17:23 --------- d-----w C:\Program Files\Common Files\SWF Studio

2008-03-07 04:29 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-07 04:29 --------- d-----w C:\Program Files\Samsung

2008-03-07 00:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-03-07 00:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-03-07 00:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat

2008-03-03 08:40 599,552 ----a-w C:\Windows\System32\CnxtAp32.dll

2008-03-03 07:10 182,272 ----a-w C:\Windows\system32\drivers\CHDRT32.sys

2008-02-23 12:22 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-23 12:22 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-23 12:18 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-23 12:18 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-23 12:18 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-23 12:18 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-23 12:18 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-23 12:18 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-02-23 12:18 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-23 12:17 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-23 12:17 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-23 12:17 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-23 12:17 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-23 12:17 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-23 12:17 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-23 12:17 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-23 12:17 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-23 12:17 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-23 12:17 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-23 12:17 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-23 12:14 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-23 12:14 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-23 12:14 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-23 12:14 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-23 12:12 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-02-03 17:17 --------- d-----w C:\ProgramData\WildTangent

2008-01-25 05:55 229,376 ----a-w C:\Windows\System32\UCI32A27.dll

2008-01-24 11:35 174 --sha-w C:\Program Files\desktop.ini

2008-01-24 11:21 87,040 ----a-w C:\Windows\System32\msoert2.dll

2008-01-24 11:21 39,424 ----a-w C:\Windows\System32\ACCTRES.dll

2008-01-24 11:21 205,824 ----a-w C:\Windows\System32\msoeacct.dll

2008-01-24 11:20 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2008-01-24 11:20 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2008-01-24 11:20 542,720 ----a-w C:\Windows\System32\sysmain.dll

2008-01-24 11:20 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2008-01-24 11:20 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2008-01-24 11:20 297,984 ----a-w C:\Windows\System32\wlansec.dll

2008-01-24 11:20 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2008-01-24 11:20 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2008-01-24 11:20 2,923,520 ----a-w C:\Windows\explorer.exe

2008-01-24 11:20 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-01-24 11:18 49,664 ----a-w C:\Windows\System32\csrsrv.dll

2008-01-24 11:18 376,320 ----a-w C:\Windows\System32\winsrv.dll

2008-01-24 11:15 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2008-01-24 11:15 7,680 ----a-w C:\Windows\System32\spwmp.dll

2008-01-24 11:15 414,208 ----a-w C:\Windows\System32\msscp.dll

2008-01-24 11:15 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2008-01-24 11:15 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2008-01-24 11:14 86,016 ----a-w C:\Windows\System32\icfupgd.dll

2008-01-24 11:14 61,952 ----a-w C:\Windows\System32\cmifw.dll

2008-01-24 11:14 396,800 ----a-w C:\Windows\System32\MPSSVC.dll

2008-01-24 11:14 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll

2008-01-24 11:14 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll

2008-01-24 11:14 16,896 ----a-w C:\Windows\System32\wfapigp.dll

2008-01-24 11:11 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2008-01-24 11:09 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-01-24 11:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-01-24 11:08 57,856 ----a-w C:\Windows\System32\SLUINotify.dll

2008-01-24 11:08 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll

2008-01-24 11:08 39,936 ----a-w C:\Windows\System32\slcinst.dll

2008-01-24 11:08 351,232 ----a-w C:\Windows\System32\SLUI.exe

2008-01-24 11:08 33,280 ----a-w C:\Windows\System32\slwmi.dll

2008-01-24 11:08 268,288 ----a-w C:\Windows\System32\mcbuilder.exe

2008-01-24 11:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2008-01-24 11:08 223,232 ----a-w C:\Windows\System32\SLC.dll

2008-01-24 11:08 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe

2008-01-24 11:08 186,368 ----a-w C:\Windows\System32\SLLUA.exe

2008-01-24 11:06 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 09:34 2159104 C:\Windows\System32\oobefldr.dll]

"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 19:23 1773568]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 09:35 125440]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 16:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-09 14:56 171448]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 09:36 201728]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-24 08:04 1232896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-24 08:17 1006264]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11 49152]

"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 08:59 115816]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 21:45 176128]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 15:28 180224]

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 15:54 50696]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 17:18 472776]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 20:12 317128]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 22:38 583048]

"VX3000"="C:\Windows\vVX3000.exe" [2006-06-29 20:55 707376]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 02:35 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 02:35 8534560]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 02:35 81920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 05:48:20 40048]

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 04:01:50 734872]

Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-04-30 03:44:01 53248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]

"<NO NAME>"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

"<NO NAME>"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]

"<NO NAME>"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]

"<NO NAME>"=

"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{8B1EFD3F-0865-45BE-ADA7-CCCC619B71D8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{2EB80D87-88A9-4C82-90C4-9AEF4D208859}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{3EBA888C-79E1-4680-8DF6-98F1D121A453}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play

"{DEC36C78-CAB4-4A61-AE62-8C04D43D6850}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{8EA3AED1-C1B5-4A18-AB62-8AE628E1498A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{6A3B5310-9011-4130-A7F0-4C3C4AC56CFC}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{9BD6E2B5-F7BE-491E-ADE1-21667DCE93D9}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{4F0200F0-E972-4675-9D7D-F12481964368}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{ADE15D3D-D0CC-41D3-A211-07F709F240BF}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{A9251460-71C1-4F7D-B46F-8D2B3391E92E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{D4F87F6E-92AA-474F-A2B9-7B855D778C81}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{78C81A5E-2358-45A2-91FF-B9728BB1D90C}"= Disabled:UDP:C:\Users\Marcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZKEWXUO\incredimail_install[1].exe:IncrediMail Installer

"{B247B1D0-92A5-4B3E-A01C-C6C61937E4F5}"= Disabled:TCP:C:\Users\Marcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZKEWXUO\incredimail_install[1].exe:IncrediMail Installer

"{8FD3E604-7D9A-4942-A0AC-65BE4CF1F240}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{EA69A65F-34BA-418E-935C-94E626D2DC26}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{720C132F-2A5D-4DD2-9A40-B7F5FFC965FD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{A4791BE5-A651-4360-9328-856647F76342}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{8CDAF532-80E1-4592-ADC2-E9B1A974E4DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{C8DFFD3F-BCA1-4DF4-B311-2DEFC8E0490B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{BC541B9D-7860-4926-8875-61084D34CDB9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{A205EEB7-8DD5-499D-9AFF-478BCC7B58A1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 13:18]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 16:44]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 04:10]

R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-15 13:50]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-31 00:55]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-12 23:50]

S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-01-29 14:09]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-03-10 23:00:18 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Marcia.job"

- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:

"2008-03-31 13:35:07 C:\Windows\Tasks\User_Feed_Synchronization-{A11D0316-A5BA-4C6C-ABBB-54DB5A6A7C7A}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-31 10:38:40

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-31 10:39:39

ComboFix-quarantined-files.txt 2008-03-31 13:39:36

The system cannot find message text for message number 0x2379 in the message file for Application.

The system cannot find message text for message number 0x2379 in the message file for Application.

.

2008-03-31 13:26:16 --- E O F ---

 

 

================================================================================

===================

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:48:35, on 31/03/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Vongo Tray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8150 bytes

 

 

Abraços,

 

Fuzue

[Fuzue 0]

Fala Jgarcia,

 

Novamente estou postando pq acabei de testar um processo e meu desktop voltou. O processo é o seguinte:

 

Ao iniciar o desktop esta vazio, entao passo a 1o. vez o Combofix e ao terminar apenas aparece o log do processo. Porem passo, sem reiniciar, o combofix novamente e ao terminar o processo meu desktop aparece.

Porem qdo reinicio o pc meu desktop nao esta la e preciso fazer td o processo novamente para q o desktop volte.

 

Segue os logs do Combofix e tb do HiJackThis depois de passar a 2o. o Combofix (com o Desktop "normal").

 

ComboFix 08-03-30.3 - Marcia 2008-03-31 13:16:15.7 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.364 [GMT -3:00]

Running from: C:\Users\Marcia\Desktop\ComboFix.exe

.

TimedOut: Windir.dat

 

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-31 16:03 --------- d-----w C:\Program Files\Winamp

2008-03-31 15:24 --------- d-----w C:\Users\Marcia\AppData\Roaming\Winamp

2008-03-26 13:27 --------- d-----w C:\Users\Marcia\AppData\Roaming\Hewlett-Packard

2008-03-25 18:25 --------- d-----w C:\ProgramData\Symantec

2008-03-18 13:21 --------- d-----w C:\Users\Marcia\AppData\Roaming\InstallShield

2008-03-16 20:15 --------- d-----w C:\Program Files\Yahoo!

2008-03-16 20:05 --------- d-----w C:\Users\Marcia\AppData\Roaming\Samsung

2008-03-16 20:04 --------- d-----w C:\Users\Marcia\AppData\Roaming\LimeWire

2008-03-16 19:31 --------- d-----w C:\Program Files\Windows Mail

2008-03-15 22:55 --------- d---a-w C:\ProgramData\TEMP

2008-03-15 14:25 --------- d-----w C:\ProgramData\DFX

2008-03-15 14:21 --------- d-----w C:\Program Files\7-Zip

2008-03-13 19:10 --------- d-----w C:\ProgramData\Microsoft Help

2008-03-13 18:51 --------- d-----w C:\Program Files\Norton Internet Security

2008-03-13 18:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-10 18:30 --------- d-----w C:\Program Files\LimeWire

2008-03-10 17:34 --------- d-----w C:\Program Files\Rhapsody

2008-03-10 00:05 --------- d-----w C:\Program Files\Common Files\Real

2008-03-10 00:04 8,413 ----a-w C:\Windows\system32\drivers\mcstrm.sys

2008-03-09 19:34 --------- d-----w C:\ProgramData\NVIDIA

2008-03-09 18:46 --------- d-----w C:\Program Files\Google

2008-03-09 18:14 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-03-09 17:18 --------- d-----w C:\Program Files\Java

2008-03-08 17:23 --------- d-----w C:\Program Files\Common Files\SWF Studio

2008-03-07 04:29 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-07 04:29 --------- d-----w C:\Program Files\Samsung

2008-03-07 00:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-03-07 00:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-03-07 00:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat

2008-03-03 08:40 599,552 ----a-w C:\Windows\System32\CnxtAp32.dll

2008-03-03 07:10 182,272 ----a-w C:\Windows\system32\drivers\CHDRT32.sys

2008-02-23 12:22 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-23 12:22 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-23 12:18 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-23 12:18 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-23 12:18 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-23 12:18 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-23 12:18 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-23 12:18 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-02-23 12:18 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-23 12:17 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-23 12:17 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-23 12:17 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-23 12:17 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-23 12:17 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-23 12:17 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-23 12:17 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-23 12:17 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-23 12:17 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-23 12:17 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-23 12:17 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-23 12:14 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-23 12:14 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-23 12:14 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-23 12:14 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-23 12:12 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-02-03 17:17 --------- d-----w C:\ProgramData\WildTangent

2008-01-25 05:55 229,376 ----a-w C:\Windows\System32\UCI32A27.dll

2008-01-24 11:35 174 --sha-w C:\Program Files\desktop.ini

2008-01-24 11:21 87,040 ----a-w C:\Windows\System32\msoert2.dll

2008-01-24 11:21 39,424 ----a-w C:\Windows\System32\ACCTRES.dll

2008-01-24 11:21 205,824 ----a-w C:\Windows\System32\msoeacct.dll

2008-01-24 11:20 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2008-01-24 11:20 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2008-01-24 11:20 542,720 ----a-w C:\Windows\System32\sysmain.dll

2008-01-24 11:20 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2008-01-24 11:20 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2008-01-24 11:20 297,984 ----a-w C:\Windows\System32\wlansec.dll

2008-01-24 11:20 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2008-01-24 11:20 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2008-01-24 11:20 2,923,520 ----a-w C:\Windows\explorer.exe

2008-01-24 11:20 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-01-24 11:18 49,664 ----a-w C:\Windows\System32\csrsrv.dll

2008-01-24 11:18 376,320 ----a-w C:\Windows\System32\winsrv.dll

2008-01-24 11:15 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2008-01-24 11:15 7,680 ----a-w C:\Windows\System32\spwmp.dll

2008-01-24 11:15 414,208 ----a-w C:\Windows\System32\msscp.dll

2008-01-24 11:15 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2008-01-24 11:15 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2008-01-24 11:14 86,016 ----a-w C:\Windows\System32\icfupgd.dll

2008-01-24 11:14 61,952 ----a-w C:\Windows\System32\cmifw.dll

2008-01-24 11:14 396,800 ----a-w C:\Windows\System32\MPSSVC.dll

2008-01-24 11:14 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll

2008-01-24 11:14 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll

2008-01-24 11:14 16,896 ----a-w C:\Windows\System32\wfapigp.dll

2008-01-24 11:11 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2008-01-24 11:09 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-01-24 11:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-01-24 11:08 57,856 ----a-w C:\Windows\System32\SLUINotify.dll

2008-01-24 11:08 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll

2008-01-24 11:08 39,936 ----a-w C:\Windows\System32\slcinst.dll

2008-01-24 11:08 351,232 ----a-w C:\Windows\System32\SLUI.exe

2008-01-24 11:08 33,280 ----a-w C:\Windows\System32\slwmi.dll

2008-01-24 11:08 268,288 ----a-w C:\Windows\System32\mcbuilder.exe

2008-01-24 11:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2008-01-24 11:08 223,232 ----a-w C:\Windows\System32\SLC.dll

2008-01-24 11:08 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe

2008-01-24 11:08 186,368 ----a-w C:\Windows\System32\SLLUA.exe

2008-01-24 11:06 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

2008-01-24 11:04 11,776 ----a-w C:\Windows\System32\sbunattend.exe

.

 

((((((((((((((((((((((((((((( snapshot_2008-03-31_12.41.36,26 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-03-31 15:35:12 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-03-31 16:06:49 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-03-31 15:37:22 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat

+ 2008-03-31 16:08:56 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat

- 2008-03-31 15:36:31 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-03-31 16:07:09 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-03-31 16:07:09 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-03-31 15:38:09 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat

+ 2008-03-31 16:16:22 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat

- 2008-03-31 15:36:31 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-03-31 16:07:09 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-03-31 16:07:09 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-03-31 15:40:26 103,924 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-03-31 16:12:33 103,924 ----a-w C:\Windows\System32\perfc009.dat

- 2008-03-31 15:40:26 610,142 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-03-31 16:12:33 610,142 ----a-w C:\Windows\System32\perfh009.dat

- 2008-03-31 15:37:39 6,500 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-759294333-849886799-403132426-1000_UserData.bin

+ 2008-03-31 16:08:42 6,500 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-759294333-849886799-403132426-1000_UserData.bin

- 2008-03-31 15:37:39 58,340 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-03-31 16:08:42 58,388 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-03-31 15:37:37 37,556 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-03-31 16:08:41 37,572 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 09:34 2159104 C:\Windows\System32\oobefldr.dll]

"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 19:23 1773568]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 09:35 125440]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 16:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-09 14:56 171448]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 09:36 201728]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-24 08:04 1232896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-24 08:17 1006264]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11 49152]

"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 08:59 115816]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 21:45 176128]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 15:28 180224]

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 15:54 50696]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 17:18 472776]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 20:12 317128]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 22:38 583048]

"VX3000"="C:\Windows\vVX3000.exe" [2006-06-29 20:55 707376]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 02:35 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 02:35 8534560]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 02:35 81920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 05:48:20 40048]

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 04:01:50 734872]

Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-04-30 03:44:01 53248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]

"<NO NAME>"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

"<NO NAME>"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]

"<NO NAME>"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]

"<NO NAME>"=

"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{8B1EFD3F-0865-45BE-ADA7-CCCC619B71D8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{2EB80D87-88A9-4C82-90C4-9AEF4D208859}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{3EBA888C-79E1-4680-8DF6-98F1D121A453}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play

"{DEC36C78-CAB4-4A61-AE62-8C04D43D6850}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{8EA3AED1-C1B5-4A18-AB62-8AE628E1498A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{6A3B5310-9011-4130-A7F0-4C3C4AC56CFC}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{9BD6E2B5-F7BE-491E-ADE1-21667DCE93D9}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{4F0200F0-E972-4675-9D7D-F12481964368}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{ADE15D3D-D0CC-41D3-A211-07F709F240BF}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{A9251460-71C1-4F7D-B46F-8D2B3391E92E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{D4F87F6E-92AA-474F-A2B9-7B855D778C81}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{78C81A5E-2358-45A2-91FF-B9728BB1D90C}"= Disabled:UDP:C:\Users\Marcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZKEWXUO\incredimail_install[1].exe:IncrediMail Installer

"{B247B1D0-92A5-4B3E-A01C-C6C61937E4F5}"= Disabled:TCP:C:\Users\Marcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZKEWXUO\incredimail_install[1].exe:IncrediMail Installer

"{8FD3E604-7D9A-4942-A0AC-65BE4CF1F240}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{EA69A65F-34BA-418E-935C-94E626D2DC26}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{720C132F-2A5D-4DD2-9A40-B7F5FFC965FD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{A4791BE5-A651-4360-9328-856647F76342}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{8CDAF532-80E1-4592-ADC2-E9B1A974E4DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{C8DFFD3F-BCA1-4DF4-B311-2DEFC8E0490B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{BC541B9D-7860-4926-8875-61084D34CDB9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{A205EEB7-8DD5-499D-9AFF-478BCC7B58A1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 13:18]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 16:44]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 04:10]

R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-15 13:50]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-31 00:55]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-12 23:50]

S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-01-29 14:09]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-03-10 23:00:18 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Marcia.job"

- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:

"2008-03-31 16:15:00 C:\Windows\Tasks\User_Feed_Synchronization-{A11D0316-A5BA-4C6C-ABBB-54DB5A6A7C7A}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-31 13:18:35

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-31 13:19:29

ComboFix-quarantined-files.txt 2008-03-31 16:19:26

ComboFix2.txt 2008-03-31 16:13:35

ComboFix3.txt 2008-03-31 16:00:12

ComboFix4.txt 2008-03-31 15:52:43

ComboFix5.txt 2008-03-31 15:41:55

The system cannot find message text for message number 0x2379 in the message file for Application.

The system cannot find message text for message number 0x2379 in the message file for Application.

.

2008-03-31 13:26:16 --- E O F ---

 

 

=====================================================================

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:31:48, on 31/03/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Windows\System32\rundll32.exe

C:\Windows\Explorer.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Vongo Tray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8121 bytes

[jgarcia 1]

Opa Fuzue,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\Program Files\desktop.ini

C:\WINDOWS\Config\csrss.exe

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
  

Abraços.

[Fuzue 0]

Fala Jgarcia,

 

Segui suas instruçoes e meu desktop ja apareceu na 1o. passada do Combofix, porem nao conseguia acessar a net entao precisei reiniciar. Infelizmente o problema voltou ao reiniciar o computador. Abaixo segue o log solicitado.

 

ComboFix 08-03-30.3 - Marcia 2008-04-02 10:30:50.9 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.288 [GMT -3:00]

Running from: C:\Users\Marcia\Desktop\ComboFix.exe

Command switches used :: C:\Users\Marcia\Desktop\CFScript.txt.txt

* Created a new restore point

 

FILE ::

C:\Program Files\desktop.ini

C:\WINDOWS\Config\csrss.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\desktop.ini

 

.

((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-31 16:46 --------- d-----w C:\Program Files\Rhapsody

2008-03-31 16:03 --------- d-----w C:\Program Files\Winamp

2008-03-31 15:24 --------- d-----w C:\Users\Marcia\AppData\Roaming\Winamp

2008-03-26 13:27 --------- d-----w C:\Users\Marcia\AppData\Roaming\Hewlett-Packard

2008-03-25 18:25 --------- d-----w C:\ProgramData\Symantec

2008-03-18 13:21 --------- d-----w C:\Users\Marcia\AppData\Roaming\InstallShield

2008-03-16 20:15 --------- d-----w C:\Program Files\Yahoo!

2008-03-16 20:05 --------- d-----w C:\Users\Marcia\AppData\Roaming\Samsung

2008-03-16 20:04 --------- d-----w C:\Users\Marcia\AppData\Roaming\LimeWire

2008-03-16 19:31 --------- d-----w C:\Program Files\Windows Mail

2008-03-15 22:55 --------- d---a-w C:\ProgramData\TEMP

2008-03-15 14:25 --------- d-----w C:\ProgramData\DFX

2008-03-15 14:21 --------- d-----w C:\Program Files\7-Zip

2008-03-13 19:10 --------- d-----w C:\ProgramData\Microsoft Help

2008-03-13 18:51 --------- d-----w C:\Program Files\Norton Internet Security

2008-03-13 18:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-10 18:30 --------- d-----w C:\Program Files\LimeWire

2008-03-10 00:05 --------- d-----w C:\Program Files\Common Files\Real

2008-03-10 00:04 8,413 ----a-w C:\Windows\system32\drivers\mcstrm.sys

2008-03-09 19:34 --------- d-----w C:\ProgramData\NVIDIA

2008-03-09 18:46 --------- d-----w C:\Program Files\Google

2008-03-09 18:14 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-03-09 17:18 --------- d-----w C:\Program Files\Java

2008-03-08 17:23 --------- d-----w C:\Program Files\Common Files\SWF Studio

2008-03-07 04:29 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-07 04:29 --------- d-----w C:\Program Files\Samsung

2008-03-07 00:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-03-07 00:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-03-07 00:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat

2008-03-03 08:40 599,552 ----a-w C:\Windows\System32\CnxtAp32.dll

2008-03-03 07:10 182,272 ----a-w C:\Windows\system32\drivers\CHDRT32.sys

2008-02-23 12:22 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-23 12:22 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-23 12:18 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-23 12:18 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-23 12:18 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-23 12:18 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-23 12:18 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-23 12:18 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-02-23 12:18 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-23 12:17 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-23 12:17 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-23 12:17 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-23 12:17 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-23 12:17 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-23 12:17 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-23 12:17 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-23 12:17 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-23 12:17 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-23 12:17 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-23 12:17 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-23 12:14 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-23 12:14 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-23 12:14 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-23 12:14 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-23 12:12 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-02-03 17:17 --------- d-----w C:\ProgramData\WildTangent

2008-01-25 05:55 229,376 ----a-w C:\Windows\System32\UCI32A27.dll

2008-01-24 11:21 87,040 ----a-w C:\Windows\System32\msoert2.dll

2008-01-24 11:21 39,424 ----a-w C:\Windows\System32\ACCTRES.dll

2008-01-24 11:21 205,824 ----a-w C:\Windows\System32\msoeacct.dll

2008-01-24 11:20 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2008-01-24 11:20 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2008-01-24 11:20 542,720 ----a-w C:\Windows\System32\sysmain.dll

2008-01-24 11:20 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2008-01-24 11:20 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2008-01-24 11:20 297,984 ----a-w C:\Windows\System32\wlansec.dll

2008-01-24 11:20 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2008-01-24 11:20 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2008-01-24 11:20 2,923,520 ----a-w C:\Windows\explorer.exe

2008-01-24 11:20 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-01-24 11:18 49,664 ----a-w C:\Windows\System32\csrsrv.dll

2008-01-24 11:18 376,320 ----a-w C:\Windows\System32\winsrv.dll

2008-01-24 11:15 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2008-01-24 11:15 7,680 ----a-w C:\Windows\System32\spwmp.dll

2008-01-24 11:15 414,208 ----a-w C:\Windows\System32\msscp.dll

2008-01-24 11:15 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2008-01-24 11:15 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2008-01-24 11:14 86,016 ----a-w C:\Windows\System32\icfupgd.dll

2008-01-24 11:14 61,952 ----a-w C:\Windows\System32\cmifw.dll

2008-01-24 11:14 396,800 ----a-w C:\Windows\System32\MPSSVC.dll

2008-01-24 11:14 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll

2008-01-24 11:14 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll

2008-01-24 11:14 16,896 ----a-w C:\Windows\System32\wfapigp.dll

2008-01-24 11:11 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2008-01-24 11:09 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-01-24 11:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-01-24 11:08 57,856 ----a-w C:\Windows\System32\SLUINotify.dll

2008-01-24 11:08 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll

2008-01-24 11:08 39,936 ----a-w C:\Windows\System32\slcinst.dll

2008-01-24 11:08 351,232 ----a-w C:\Windows\System32\SLUI.exe

2008-01-24 11:08 33,280 ----a-w C:\Windows\System32\slwmi.dll

2008-01-24 11:08 268,288 ----a-w C:\Windows\System32\mcbuilder.exe

2008-01-24 11:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2008-01-24 11:08 223,232 ----a-w C:\Windows\System32\SLC.dll

2008-01-24 11:08 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe

2008-01-24 11:08 186,368 ----a-w C:\Windows\System32\SLLUA.exe

2008-01-24 11:06 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

2008-01-24 11:04 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-01-24 11:02 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

.

 

((((((((((((((((((((((((((((( snapshot_2008-03-31_18.27.04,87 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-03-31 21:20:17 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-04-02 13:23:50 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-03-31 15:33:56 386,712 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2008-03-31 21:48:34 386,792 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2008-03-31 21:20:42 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat

+ 2008-04-02 13:26:37 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat

- 2008-03-31 16:07:09 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-04-02 13:24:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-04-02 13:24:11 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-03-31 16:21:32 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat

+ 2008-04-02 13:34:07 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat

- 2008-03-31 16:07:09 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-04-02 13:24:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-04-02 13:24:11 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-03-31 21:20:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-04-02 13:29:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-03-31 21:20:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-04-02 13:29:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-03-31 21:20:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-04-02 13:29:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-03-31 16:12:33 103,924 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-04-02 13:30:39 103,924 ----a-w C:\Windows\System32\perfc009.dat

- 2008-03-31 16:12:33 610,142 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-04-02 13:30:39 610,142 ----a-w C:\Windows\System32\perfh009.dat

- 2008-03-31 16:08:42 6,500 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-759294333-849886799-403132426-1000_UserData.bin

+ 2008-04-02 13:25:49 6,500 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-759294333-849886799-403132426-1000_UserData.bin

- 2008-03-31 16:08:42 58,388 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-04-02 13:25:49 58,498 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-03-31 16:08:41 37,572 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-04-02 13:25:46 37,572 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 09:34 2159104 C:\Windows\System32\oobefldr.dll]

"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 19:23 1773568]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 09:35 125440]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 16:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-09 14:56 171448]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 09:36 201728]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-24 08:04 1232896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-24 08:17 1006264]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11 49152]

"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 08:59 115816]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 21:45 176128]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 15:28 180224]

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 15:54 50696]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 17:18 472776]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 20:12 317128]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 22:38 583048]

"VX3000"="C:\Windows\vVX3000.exe" [2006-06-29 20:55 707376]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 02:35 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 02:35 8534560]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 02:35 81920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 05:48:20 40048]

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 04:01:50 734872]

Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-04-30 03:44:01 53248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]

"<NO NAME>"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

"<NO NAME>"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]

"<NO NAME>"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]

"<NO NAME>"=

"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{8B1EFD3F-0865-45BE-ADA7-CCCC619B71D8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{2EB80D87-88A9-4C82-90C4-9AEF4D208859}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{3EBA888C-79E1-4680-8DF6-98F1D121A453}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play

"{DEC36C78-CAB4-4A61-AE62-8C04D43D6850}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{8EA3AED1-C1B5-4A18-AB62-8AE628E1498A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{6A3B5310-9011-4130-A7F0-4C3C4AC56CFC}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{9BD6E2B5-F7BE-491E-ADE1-21667DCE93D9}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{4F0200F0-E972-4675-9D7D-F12481964368}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{ADE15D3D-D0CC-41D3-A211-07F709F240BF}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{A9251460-71C1-4F7D-B46F-8D2B3391E92E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{D4F87F6E-92AA-474F-A2B9-7B855D778C81}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{78C81A5E-2358-45A2-91FF-B9728BB1D90C}"= Disabled:UDP:C:\Users\Marcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZKEWXUO\incredimail_install[1].exe:IncrediMail Installer

"{B247B1D0-92A5-4B3E-A01C-C6C61937E4F5}"= Disabled:TCP:C:\Users\Marcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZKEWXUO\incredimail_install[1].exe:IncrediMail Installer

"{8FD3E604-7D9A-4942-A0AC-65BE4CF1F240}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{EA69A65F-34BA-418E-935C-94E626D2DC26}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{720C132F-2A5D-4DD2-9A40-B7F5FFC965FD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{A4791BE5-A651-4360-9328-856647F76342}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{8CDAF532-80E1-4592-ADC2-E9B1A974E4DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{C8DFFD3F-BCA1-4DF4-B311-2DEFC8E0490B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{BC541B9D-7860-4926-8875-61084D34CDB9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{A205EEB7-8DD5-499D-9AFF-478BCC7B58A1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 13:18]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 16:44]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 04:10]

R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-15 13:50]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-31 00:55]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-12 23:50]

S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-01-29 14:09]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-03-10 23:00:18 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Marcia.job"

- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:

"2008-04-02 13:35:00 C:\Windows\Tasks\User_Feed_Synchronization-{A11D0316-A5BA-4C6C-ABBB-54DB5A6A7C7A}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-02 10:34:29

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-04-02 10:35:34

ComboFix-quarantined-files.txt 2008-04-02 13:35:30

ComboFix2.txt 2008-03-31 21:27:26

ComboFix3.txt 2008-03-31 16:19:30

ComboFix4.txt 2008-03-31 16:13:35

ComboFix5.txt 2008-03-31 16:00:12

The system cannot find message text for message number 0x2379 in the message file for Application.

The system cannot find message text for message number 0x2379 in the message file for Application.

.

2008-03-31 13:26:16 --- E O F ---

 

No aguardo de novas instruçoes.

 

Abraço,

 

Fuzue.

[jgarcia 1]

Opa Fuzue,

 

1. Baixe o SmitfraudFix;

 

2. Desabilite a proteção do seu anti-vírus (temporariamente);

 

3. Extraia o arquivo SmitFraudFix para o seu desktop;

 

4. Reinicie em Modo Seguro;

 

5. Execute o SmitfraudFix dando um duplo clique sobre smitfraudfix.cmd --> escolha a Opção 2;

 

6. Responda sim (y) à pergunta sobre a limpeza no registro (Do you want to clean the registry?);

 

7. Aguarde o término do scan e a geração do log;

 

8. Reinicie em Modo Normal;

 

9. Reabilite o seu anti-vírus;

 

10. Poste o log do SmitfraudFix (opção 2) + log HijackThis (gerado em Modo Normal).

 

Abraços.

[Fuzue 0]

Fala Jgarcia,

 

Nao sei se vai ajudar, mas qdo terminou o SmitfraudFix (modo seguro) meu desktop voltou, porem qdo reiniciei o desk desapareceu novamente, no entanto a cor que estava preta da minha area de trabalho ficou azul.

Outra coisa q achei bem estranha foi q após baixar o SmitfraudFix e selecionar a condição para reiniciar, deu um aviso para nao desligar o pc pois estava sendo executado uma "atualização", apos alguns minutos o pc reiniciou.

 

Abaixo segue os logs solicitados.

 

SmitFraudFix v2.309

 

Scan done at 6:46:00,60, 04/04/2008

Run from C:\Users\Marcia\Desktop\SmitfraudFix

OS: Microsoft Windows [Version 6.0.6000] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

::1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{33E3719A-76B1-48B1-9F31-BD3CBF2DBDDA}: DhcpNameServer=189.7.152.15 189.7.152.16

HKLM\SYSTEM\CS1\Services\Tcpip\..\{33E3719A-76B1-48B1-9F31-BD3CBF2DBDDA}: DhcpNameServer=189.7.152.15 189.7.152.16

HKLM\SYSTEM\CS2\Services\Tcpip\..\{33E3719A-76B1-48B1-9F31-BD3CBF2DBDDA}: DhcpNameServer=189.7.152.15 189.7.152.16

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=189.7.152.15 189.7.152.16

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=189.7.152.15 189.7.152.16

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=189.7.152.15 189.7.152.16

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 06:51:58, on 04/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\PresentationSettings.exe

C:\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Vongo Tray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 7647 bytes

 

 

Obrigado,

 

Fuzue.

[jgarcia 1]

Opa Fuzue,

 

Poste novos logs do ComboFix e HijackThis.

 

Abraços.

[Fuzue 0]

Fala Jgarcia,

 

Segue logs solicitados.

 

ComboFix 08-03-30.3 - Marcia 2008-04-11 9:06:46.10 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.421 [GMT -3:00]

Running from: C:\Users\Marcia\Desktop\ComboFix.exe

.

TimedOut: progfile.dat

 

((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-04 09:46 691 ----a-w C:\Users\Marcia\AppData\Roaming\GetValue.vbs

2008-04-04 09:46 5,784 ----a-w C:\Windows\System32\tmp.reg

2008-04-04 09:46 35 ----a-w C:\Users\Marcia\AppData\Roaming\SetValue.bat

2008-03-31 16:46 --------- d-----w C:\Program Files\Rhapsody

2008-03-31 16:03 --------- d-----w C:\Program Files\Winamp

2008-03-31 15:24 --------- d-----w C:\Users\Marcia\AppData\Roaming\Winamp

2008-03-26 13:27 --------- d-----w C:\Users\Marcia\AppData\Roaming\Hewlett-Packard

2008-03-25 18:25 --------- d-----w C:\ProgramData\Symantec

2008-03-18 13:21 --------- d-----w C:\Users\Marcia\AppData\Roaming\InstallShield

2008-03-16 20:15 --------- d-----w C:\Program Files\Yahoo!

2008-03-16 20:05 --------- d-----w C:\Users\Marcia\AppData\Roaming\Samsung

2008-03-16 20:04 --------- d-----w C:\Users\Marcia\AppData\Roaming\LimeWire

2008-03-16 19:31 --------- d-----w C:\Program Files\Windows Mail

2008-03-15 22:55 --------- d---a-w C:\ProgramData\TEMP

2008-03-15 14:25 --------- d-----w C:\ProgramData\DFX

2008-03-15 14:21 --------- d-----w C:\Program Files\7-Zip

2008-03-13 19:10 --------- d-----w C:\ProgramData\Microsoft Help

2008-03-13 18:51 --------- d-----w C:\Program Files\Norton Internet Security

2008-03-13 18:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-10 18:30 --------- d-----w C:\Program Files\LimeWire

2008-03-10 00:05 --------- d-----w C:\Program Files\Common Files\Real

2008-03-10 00:04 8,413 ----a-w C:\Windows\system32\drivers\mcstrm.sys

2008-03-09 19:34 --------- d-----w C:\ProgramData\NVIDIA

2008-03-09 18:46 --------- d-----w C:\Program Files\Google

2008-03-09 18:14 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-03-09 17:18 --------- d-----w C:\Program Files\Java

2008-03-08 17:23 --------- d-----w C:\Program Files\Common Files\SWF Studio

2008-03-07 04:29 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-07 04:29 --------- d-----w C:\Program Files\Samsung

2008-03-07 00:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-03-07 00:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-03-07 00:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat

2008-03-03 08:40 599,552 ----a-w C:\Windows\System32\CnxtAp32.dll

2008-03-03 07:10 182,272 ----a-w C:\Windows\system32\drivers\CHDRT32.sys

2008-02-23 12:22 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-23 12:22 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-23 12:18 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-23 12:18 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-23 12:18 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-23 12:18 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-23 12:18 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-23 12:18 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-02-23 12:18 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-23 12:17 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-23 12:17 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-23 12:17 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-23 12:17 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-23 12:17 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-23 12:17 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-23 12:17 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-23 12:17 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-23 12:17 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-23 12:17 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-23 12:17 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-23 12:14 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-23 12:14 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-23 12:14 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-23 12:14 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-23 12:12 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-01-25 05:55 229,376 ----a-w C:\Windows\System32\UCI32A27.dll

2008-01-24 11:21 87,040 ----a-w C:\Windows\System32\msoert2.dll

2008-01-24 11:21 39,424 ----a-w C:\Windows\System32\ACCTRES.dll

2008-01-24 11:21 205,824 ----a-w C:\Windows\System32\msoeacct.dll

2008-01-24 11:20 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2008-01-24 11:20 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2008-01-24 11:20 542,720 ----a-w C:\Windows\System32\sysmain.dll

2008-01-24 11:20 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2008-01-24 11:20 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2008-01-24 11:20 297,984 ----a-w C:\Windows\System32\wlansec.dll

2008-01-24 11:20 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2008-01-24 11:20 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2008-01-24 11:20 2,923,520 ----a-w C:\Windows\explorer.exe

2008-01-24 11:20 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-01-24 11:18 49,664 ----a-w C:\Windows\System32\csrsrv.dll

2008-01-24 11:18 376,320 ----a-w C:\Windows\System32\winsrv.dll

2008-01-24 11:15 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2008-01-24 11:15 7,680 ----a-w C:\Windows\System32\spwmp.dll

2008-01-24 11:15 414,208 ----a-w C:\Windows\System32\msscp.dll

2008-01-24 11:15 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2008-01-24 11:15 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2008-01-24 11:14 86,016 ----a-w C:\Windows\System32\icfupgd.dll

2008-01-24 11:14 61,952 ----a-w C:\Windows\System32\cmifw.dll

2008-01-24 11:14 396,800 ----a-w C:\Windows\System32\MPSSVC.dll

2008-01-24 11:14 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll

2008-01-24 11:14 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll

2008-01-24 11:14 16,896 ----a-w C:\Windows\System32\wfapigp.dll

2008-01-24 11:11 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2008-01-24 11:09 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-01-24 11:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-01-24 11:08 57,856 ----a-w C:\Windows\System32\SLUINotify.dll

2008-01-24 11:08 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll

2008-01-24 11:08 39,936 ----a-w C:\Windows\System32\slcinst.dll

2008-01-24 11:08 351,232 ----a-w C:\Windows\System32\SLUI.exe

2008-01-24 11:08 33,280 ----a-w C:\Windows\System32\slwmi.dll

2008-01-24 11:08 268,288 ----a-w C:\Windows\System32\mcbuilder.exe

2008-01-24 11:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2008-01-24 11:08 223,232 ----a-w C:\Windows\System32\SLC.dll

2008-01-24 11:08 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe

2008-01-24 11:08 186,368 ----a-w C:\Windows\System32\SLLUA.exe

2008-01-24 11:06 1,335,296 ----a-w C:\Windows\System32\msxml6.dll

.

 

((((((((((((((((((((((((((((( snapshot_2008-04-02_10.35.12,41 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-02 13:23:50 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-04-11 11:57:53 67,584 --s-a-w C:\Windows\bootstat.dat

- 2008-04-02 13:26:37 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat

+ 2008-04-11 11:59:13 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat

- 2008-04-02 13:24:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-04-11 11:59:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-04-11 11:59:58 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-04-02 13:34:07 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat

+ 2008-04-11 12:08:09 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat

- 2008-04-02 13:24:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-04-11 11:59:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-04-11 11:59:53 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-04-02 13:29:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-04-04 10:11:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-04-02 13:29:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-04-04 10:11:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-04-02 13:29:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-04-04 10:11:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-03-31 13:35:07 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-04-11 12:06:43 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

- 2008-04-02 13:30:39 103,924 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-04-11 12:02:57 103,924 ----a-w C:\Windows\System32\perfc009.dat

- 2008-04-02 13:30:39 610,142 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-04-11 12:02:57 610,142 ----a-w C:\Windows\System32\perfh009.dat

- 2008-04-02 13:25:49 6,500 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-759294333-849886799-403132426-1000_UserData.bin

+ 2008-04-11 12:00:56 6,516 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-759294333-849886799-403132426-1000_UserData.bin

- 2008-04-02 13:25:49 58,498 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-04-11 12:00:55 58,618 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-04-02 13:25:46 37,572 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-04-11 12:00:53 37,808 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 09:34 2159104 C:\Windows\System32\oobefldr.dll]

"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 19:23 1773568]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 09:35 125440]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 16:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-09 14:56 171448]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 09:36 201728]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-24 08:04 1232896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-24 08:17 1006264]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11 49152]

"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 08:59 115816]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 21:45 176128]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 15:28 180224]

"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 15:54 50696]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 17:18 472776]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 20:12 317128]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 22:38 583048]

"VX3000"="C:\Windows\vVX3000.exe" [2006-06-29 20:55 707376]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 02:35 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 02:35 8534560]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 02:35 81920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 05:48:20 40048]

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 04:01:50 734872]

Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-04-30 03:44:01 53248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]

"<NO NAME>"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

"<NO NAME>"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]

"<NO NAME>"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]

"<NO NAME>"=

"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{8B1EFD3F-0865-45BE-ADA7-CCCC619B71D8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{2EB80D87-88A9-4C82-90C4-9AEF4D208859}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{3EBA888C-79E1-4680-8DF6-98F1D121A453}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play

"{DEC36C78-CAB4-4A61-AE62-8C04D43D6850}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{8EA3AED1-C1B5-4A18-AB62-8AE628E1498A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{6A3B5310-9011-4130-A7F0-4C3C4AC56CFC}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{9BD6E2B5-F7BE-491E-ADE1-21667DCE93D9}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{4F0200F0-E972-4675-9D7D-F12481964368}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{ADE15D3D-D0CC-41D3-A211-07F709F240BF}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{A9251460-71C1-4F7D-B46F-8D2B3391E92E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{D4F87F6E-92AA-474F-A2B9-7B855D778C81}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{78C81A5E-2358-45A2-91FF-B9728BB1D90C}"= Disabled:UDP:C:\Users\Marcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZKEWXUO\incredimail_install[1].exe:IncrediMail Installer

"{B247B1D0-92A5-4B3E-A01C-C6C61937E4F5}"= Disabled:TCP:C:\Users\Marcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZKEWXUO\incredimail_install[1].exe:IncrediMail Installer

"{8FD3E604-7D9A-4942-A0AC-65BE4CF1F240}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{EA69A65F-34BA-418E-935C-94E626D2DC26}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

"{720C132F-2A5D-4DD2-9A40-B7F5FFC965FD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{A4791BE5-A651-4360-9328-856647F76342}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail

"{8CDAF532-80E1-4592-ADC2-E9B1A974E4DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{C8DFFD3F-BCA1-4DF4-B311-2DEFC8E0490B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail

"{BC541B9D-7860-4926-8875-61084D34CDB9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{A205EEB7-8DD5-499D-9AFF-478BCC7B58A1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080314.001\IDSvix86.sys [2008-02-13 13:18]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 16:44]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 04:10]

R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-15 13:50]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-31 00:55]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-12 23:50]

S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-01-29 14:09]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-03-10 23:00:18 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Marcia.job"

- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:

"2008-04-11 12:10:00 C:\Windows\Tasks\User_Feed_Synchronization-{A11D0316-A5BA-4C6C-ABBB-54DB5A6A7C7A}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-11 09:09:17

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-04-11 9:10:08

ComboFix-quarantined-files.txt 2008-04-11 12:10:04

ComboFix2.txt 2008-04-02 13:35:35

ComboFix3.txt 2008-03-31 21:27:26

ComboFix4.txt 2008-03-31 16:19:30

ComboFix5.txt 2008-03-31 16:13:35

The system cannot find message text for message number 0x2379 in the message file for Application.

The system cannot find message text for message number 0x2379 in the message file for Application.

.

2008-04-04 09:32:44 --- E O F ---

 

 

============================================================================

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:13:34, on 11/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Vongo Tray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8006 bytes

[jgarcia 1]

Opa Fuzue,

 

Baixe o SilentRunners.

 

Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

 

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta.

 

Abraços.

 

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

[Fuzue 0]

Fala Jgarcia,

 

Bom gostaria de agradecer o seu empenho em me ajudar a concertar a besteira que fiz, porem não consegui executar o programa q você me solicitou, não sei se por estar usando o Vista, mas como estou precisando mto do PC eu resolvi formata-lo. Não tenho dúvida que voltarei com outros tópicos para você me ajudar.

 

Mto obrigado por toda ajuda e continue fazendo esse bom trabalho.

 

Grande abraço,

 

Fuzuê.

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.