[Arquivado] EXPLORER Reinicia !

[Alex365 0]

Bom dia..

 

Entao o meu problema (o mais recente) é este:

 

 

De há varios dias para ca que tenho andado á volta do portatil para tentar remover trojans ou seja la o que for que anda sempre a chatear..

 

Apareceu recentemente uma mensagem cada vez que abria o IE ou pastas do meu disco "o seu computador esta infectado bla..bla--bla"

 

Ja corri td o que é anti trojans, spywares etc...

 

Neste momento tenho instalados no meu portatil:

- PANDA

- AVG anti spyware

- Spyware Terminator

- Spybot

 

Todos detectam algo e "dizem" que apagam..

 

Apenas o Panda detecta e embora tambem diga que apaga, se fizer nova procura esta la de novo o WEBORAMA!!!!!

 

Isto reflecte-se no desempenho do portatil, pois se ate agora era uma máquina que mto me orgulhava pela sua rapidez,

agora empanca a toda a hora, da erros, o EXPLORER reinicia a toda a hora e ja para nao falar dos downloads,

uso o Mozilla Firefox como browser principal e quando faço algum download, ele abre a caixa de transferencias

mas aquilo pára durante alguns (mtos) segundos e so dps continua o download mas muitoooo lentoooo...

 

 

Vou fazer o download do hijackthis para colocar aqui o relatorio, mas entretanto gostaria de começar a ouvir sugestoes e ajudas..

 

 

Obrigado a todos,

Abc

Alex

[Alex365 0]

Bem, nao sei se é relevante ou nao mas...

 

Tenho um ASUS G1S

 

com o VISTA ULTIMATE

 

 

abc

Alex

[Alex365 0]

Logfile of HijackThis v1.99.1

Scan saved at 13:14:35, on 01-07-2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Windows\ASScrPro.exe

C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe

C:\Windows\Explorer.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Alexis\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plako.net/administracao/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [iaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Alexis\AppData\Local\Temp\rqRLdBTn.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Alexis\AppData\Local\Temp\tuvSlkkI.dll,c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [bM0b5b9671] Rundll32.exe "C:\Users\Alexis\AppData\Local\Temp\hagwdxeh.dll",s

O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab72888.cab

O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - REDC - (no file)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppPT\ztemon.exe

[Alex365 0]

ola a todos..

 

 

para ajudar á festa, agora sempre que abro o windows

aparecem 2 mensagens de erro...

 

que entretanto estou a tentar colar aqui as imagens mas nao consigo.. :P

 

 

abc

Alex

[Alex365 0]

Por favor.. agradecia ajuda...

 

 

obrigado

Alex365

[Alex365 0]

pleaseeeeeeeeeeee......

 

estou a dar em doido com isto...

 

 

abg

Alex

[Alex365 0]

Boa noite...

 

Por favor, quem me puder ajudar com este problema agradeço...

 

De momento mais um erro ao iniciar o windows, tenho printscreen mas nao csgo colar aqui...

 

 

 

abc a tds

Alex

[Alex365 0]

boa noite a tds...

 

 

infelizmente e como nao obtive ajuda ate este momento, so vejo uma soluçao..

 

acho que vou ter de ir a portugal para formatar o portatil e instalar tudo de novo...

 

nao vejo outra soluçao porque por mais que o anti virus diga que o apaga, os trojans continuam la nas cookies etc..

 

 

abc

Alex

[Silas Martins 0]

Siga as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

[Alex365 0]

Bom dia..

 

 

antes de mais obrigado pela ajuda..

 

 

nao consigo fazer isso pois o msnfix.bat depois de ir para "scan" aparece o quadro com a mensagem:

"Acesso negado.

Acesso negado.

Acesso negado.

Acesso negado.

Acesso negado.

Acesso negado."

 

assim seguidos e nao da mais nada.. o que pensa que poderá ser?

 

o antivirus??

 

 

abc

Alex

[jgarcia 1]

Opa Alex365,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[Alex365 0]

Boa tarde..

 

desde ja obrigado pela rapida resposta,

 

aqui fica entao o relatorio, ele nao reiniciou..

 

ComboFix 08-07-04.3 - Alexis 2008-07-05 12:34:45.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.2070.18.1109 [GMT 2:00]

Executando de: C:\Users\Alexis\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

/wow section - STAGE 40

O sistema não pode encontrar o texto correspondente na mensagem de número 0x2331 no ficheiro de mensagens para Application.

pv: No matching processes found

O sistema não pode encontrar o texto correspondente na mensagem de número 0x232a no ficheiro de mensagens para Application.

 

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\system32\MSINET.oca

C:\Windows\system32\pac.txt

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-05 to 2008-07-05 ))))))))))))))))))))))))))))))))

.

 

Nenhum ficheiro/arquivo criado durante este período

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-05 10:32 --------- d-----w C:\Program Files\MODEM MF620

2008-07-05 10:08 45,056 ----a-w C:\Windows\System32\acovcnt.exe

2008-07-04 11:09 --------- d-----w C:\Users\Alexis\AppData\Roaming\foobar2000

2008-07-04 07:39 --------- d-----w C:\Users\Alexis\AppData\Roaming\OpenOffice.org2

2008-07-04 07:32 --------- d-----w C:\Program Files\OpenOffice.org 2.4

2008-07-04 07:26 --------- d-----w C:\Program Files\Java

2008-07-04 00:58 27,430 ----a-w C:\Users\Alexis\AppData\Roaming\nvModes.dat

2008-07-03 00:26 159,980 ----a-w C:\Windows\Marsu-Fix 2.3 Uninstaller.exe

2008-07-03 00:24 --------- d-----w C:\Users\Alexis\AppData\Roaming\Azureus

2008-07-02 23:49 --------- d-----w C:\Program Files\%temp&

2008-07-02 23:37 --------- d-----w C:\Users\Alexis\AppData\Roaming\ESET

2008-07-02 23:35 --------- d-----w C:\ProgramData\ESET

2008-07-02 23:35 --------- d-----w C:\Program Files\ESET

2008-07-02 23:26 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-02 23:26 --------- d-----w C:\Program Files\Panda Security

2008-07-02 23:26 --------- d-----w C:\Program Files\Common Files\Panda Software

2008-07-02 23:11 --------- d-----w C:\Program Files\Spyware Doctor

2008-07-01 22:59 --------- d-----w C:\Program Files\Azureus

2008-07-01 16:12 --------- d-----w C:\ProgramData\Spyware Terminator

2008-07-01 11:50 --------- d-----w C:\Program Files\Spyware Terminator

2008-06-29 21:31 --------- d---a-w C:\ProgramData\TEMP

2008-06-29 15:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-06-29 15:42 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-06-29 01:51 --------- d-----w C:\ProgramData\Grisoft

2008-06-28 08:33 --------- d-----w C:\Program Files\True Sword 4

2008-06-28 07:57 --------- d-----w C:\Users\Alexis\AppData\Roaming\True Sword

2008-06-24 21:14 --------- d-----w C:\ProgramData\Avira

2008-06-24 20:24 --------- d-----w C:\ProgramData\sentinel

2008-06-24 00:11 --------- d-----w C:\Users\Alexis\AppData\Roaming\PC Tools

2008-06-23 23:09 --------- d-----w C:\Program Files\ATK Hotkey

2008-06-22 13:36 --------- d-----w C:\ProgramData\eMule

2008-06-20 23:39 --------- d--h--r C:\Users\Convidado\AppData\Roaming\SecuROM

2008-06-20 23:39 --------- d--h--r C:\Users\Alexis\AppData\Roaming\SecuROM

2008-06-20 23:39 --------- d-----w C:\Users\Convidado\AppData\Roaming\Logitech

2008-06-20 23:39 --------- d-----w C:\Users\Alexis\AppData\Roaming\InstallShield

2008-06-20 23:39 --------- d-----w C:\Users\Alexis\AppData\Roaming\CoSoSys

2008-06-20 23:38 --------- d-----w C:\ProgramData\SimCity Societies

2008-06-20 23:10 --------- d-----w C:\ProgramData\Innovative Solutions

2008-06-20 23:09 --------- d-----w C:\Program Files\Innovative Solutions

2008-06-16 19:27 --------- d-----w C:\Users\Alexis\AppData\Roaming\vlc

2008-06-14 12:02 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-06-11 21:40 --------- d-----w C:\Program Files\Windows Mail

2008-06-10 19:22 81,288 ----a-w C:\Windows\system32\drivers\iksyssec.sys

2008-06-10 16:56 71,688 ----a-w C:\Windows\system32\drivers\epfw.sys

2008-06-10 16:56 54,280 ----a-w C:\Windows\system32\drivers\epfwtdi.sys

2008-06-10 16:56 30,728 ----a-w C:\Windows\system32\drivers\epfwndis.sys

2008-06-10 16:48 53,256 ----a-w C:\Windows\system32\drivers\easdrv.sys

2008-06-10 16:47 39,944 ----a-w C:\Windows\system32\drivers\eamon.sys

2008-06-08 12:21 --------- d-----w C:\Program Files\Cedelia

2008-06-06 14:53 174 --sha-w C:\Program Files\desktop.ini

2008-06-06 14:44 --------- d-----w C:\Program Files\Windows Sidebar

2008-06-06 14:44 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-06-06 14:44 --------- d-----w C:\Program Files\Windows Journal

2008-06-06 14:44 --------- d-----w C:\Program Files\Windows Defender

2008-06-06 14:44 --------- d-----w C:\Program Files\Windows Collaboration

2008-06-06 14:44 --------- d-----w C:\Program Files\Windows Calendar

2008-06-06 12:17 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-06-06 12:17 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-06-02 13:19 66,952 ----a-w C:\Windows\system32\drivers\iksysflt.sys

2008-06-02 13:19 42,376 ----a-w C:\Windows\system32\drivers\ikfilesec.sys

2008-06-02 13:19 29,576 ----a-w C:\Windows\system32\drivers\kcom.sys

2008-05-31 18:17 --------- d-----w C:\Users\Alexis\AppData\Roaming\Software Informer

2008-05-25 22:23 --------- d-----w C:\Users\Alexis\AppData\Roaming\Ahead

2008-05-25 20:03 --------- d-----w C:\Users\Alexis\AppData\Roaming\NeroDCTemplates

2008-05-25 16:20 --------- d-----w C:\Users\Alexis\AppData\Roaming\Devicescape

2008-05-24 09:16 --------- d-----w C:\Users\Alexis\AppData\Roaming\Media Player Classic

2008-05-24 09:16 --------- d-----w C:\Program Files\Real Alternative

2008-05-24 09:16 --------- d-----w C:\Program Files\Media Player Classic

2008-05-15 21:06 --------- d-----w C:\Program Files\OpenOffice.org 2.3

2008-05-14 23:51 --------- d-----w C:\Program Files\WinPcap

2008-05-14 11:36 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys

2008-05-08 11:19 --------- d-----w C:\Program Files\Common Files\Adobe

2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe

2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll

2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll

2008-03-19 02:52 874,496 ----a-w C:\Users\Alexis\AppData\Roaming\kernel33.dll

2008-03-13 21:56 27,715 ----a-w C:\Users\Convidado\AppData\Roaming\nvModes.dat

2007-12-24 00:43 22,328 ----a-w C:\Users\Alexis\AppData\Roaming\PnkBstrK.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 02:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 20:50 149040]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]

"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]

"IaNvSrv"="C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 12:02 33304]

"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-10-25 04:58 33136]

"DirectMessenger"="C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" [2007-07-21 02:16 988160]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 12:02 174616]

"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-16 13:29 2957824]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-06 22:36 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-06 22:36 8433664]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-06 22:36 81920]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-06-29 03:06 6731312]

"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-06-15 10:45 1826816 C:\Windows\SkyTel.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 17:32 56080 C:\Windows\KHALMNPR.Exe]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [2007-11-17 16:23:48 692224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.avis"= ff_acm.acm

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1452213693-2634035305-3802333002-1000]

"EnableNotificationsRef"=dword:00000006

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{392B9ECD-F717-4938-B8AD-947846E0369A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{B7A1A83A-D9EA-4859-B947-D718512A572F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{6A9DA75F-686D-4E76-A456-487252EE0D46}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{7914BEE6-2C11-4747-95F2-627F034FC915}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"TCP Query User{9ACB460C-BD86-43C8-BC9D-744250896EC0}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{315B541A-8826-41EA-9F92-002807C018B2}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{B799C2FD-CC7E-442B-8CA3-707D2527F9C9}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{4170BD71-716B-448D-893B-87E6B51B6E5E}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"{3D5F06FB-ACBE-4EE5-947C-B925B19F042E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{2D6EA623-05F5-4F8D-816E-229CCCEAB0F8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{11E79C62-E0F0-4607-9B06-F8A4D3709D76}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{A22985E8-9C8A-43E3-B14C-6A4BC957ABD8}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{4274B92E-5AC1-4079-B271-17F0FFA943F2}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{2606EF97-2D6A-4496-8458-AB2D052B18D2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{9B2A79F1-A88E-4CCE-B792-342DC40D2B97}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{3BFEF1DA-74FF-4A90-9309-FC98973B0F68}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{621DBFDF-2E95-41E5-A50C-F7157CEAE3DB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{A2579A78-09E3-4EB9-9365-050DD394B793}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{51E840E8-4A78-4DAC-A9EF-10A1FAFD6224}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{9CB0E14F-AD1B-447F-93EE-8F42E3289A1A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{5D98AD52-01D1-473E-86CA-C88AD6700626}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{492BFFCB-75E1-4B59-A7F7-98EDD0352B3D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{23597C7E-FF56-4659-AB47-1CC1EE7B5FE9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{74206435-3C90-41C4-90B7-2C28A4DD3D21}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{E97D2DAC-5E8E-40B3-A971-F3A58E95F709}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{5B80CABD-5085-42D2-A5ED-5DD7260CB1F7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{55EB9D6A-E1DF-4709-A7B0-E389B3ED5143}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{80396768-6E84-46E0-8288-7992705C10CE}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{826E1A7B-3033-4DBC-BC19-56200987B3F5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

"{3700CC82-3FBC-4E22-823E-90C83AE15A15}"= UDP:C:\Program Files\Windows Mail\WinMail.exe:Windows Mail

"{E5AC0987-31FB-446C-8F30-4F9E13F84392}"= TCP:C:\Program Files\Windows Mail\WinMail.exe:Windows Mail

"{7337F1D2-EDE0-4AEE-8FFC-99B4E9ADA9C7}"= UDP:25:porta email

"{C25ECB37-1EA3-4603-ADB9-789D02B72BFA}"= UDP:6881:porta azureus

"TCP Query User{892779BB-141D-4713-A4AF-85F2E6DBE795}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{6D2DECB2-A8C9-4B8F-AA55-95C68D68F1E7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"{ADE6B87C-972D-45E6-B45F-AAD8C3973728}"= UDP:555:_uto

"{5092CB41-5DE4-44D6-B55E-DE51967F4D13}"= TCP:555:_utt

"TCP Query User{7E3AA8DB-57AF-4739-BA5C-80AEC3A126D6}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule

"UDP Query User{F9F2CAC0-3E48-4572-B4B5-3579D2849993}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R0 iaNvStor;Intel® Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys [2007-07-09 07:28]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-03-16 13:29]

R2 RapiMgr;Conectividade de dispositivos baseados em Windows Mobile;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R2 WcesComm;Conectividade de dispositivos baseados no Windows Mobile 2003;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

S3 Usblink;Usblink Driver;C:\Windows\system32\Drivers\ulink.sys [2003-06-03 00:28]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

 

*Newly Created Service* - CATCHME

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - (no file)

HKCU-Run-fsm - (no file)

HKLM-Run-TrialReset - C:\Windows\fix.exe

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-05 12:53:03

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

C:\ADSM_PData_0150

C:\Users\Alexis\AppData\Local\VirtualStore\Program Files\ASUS\ASUS Data Security Manager\driver\x86

C:\Users\Alexis\AppData\Local\VirtualStore\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes

 

Varredura completada com sucesso

Ficheiros ocultos: 3

 

**************************************************************************

.

Tempo para conclusão: 2008-07-05 12:54:52

ComboFix-quarantined-files.txt 2008-07-05 10:54:47

ComboFix2.txt 2008-06-26 03:47:24

 

O sistema não pode encontrar o texto correspondente na mensagem de número 0x2379 no ficheiro de mensagens para Application.

Post-Run: 44,399,554,560 bytes livres

 

231 --- E O F --- 2008-07-02 19:22:12

 

 

 

nao quer o relatorio do anti-virus?

 

 

abc e aguardo proximas instruçoes.. passo o msnfix agora?

 

Alex.

[jgarcia 1]

Opa Alex365,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\Windows\System32\acovcnt.exe

C:\Program Files\desktop.ini

C:\Windows\fix.exe

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1452213693-2634035305-3802333002-1000]

"EnableNotificationsRef"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 1 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 1 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 1 (0x0)

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.
  

Abraços.

[Alex365 0]

Boa tarde,

 

Obrigado pela rápida resposta amigo..

 

mas infelizmente nao deu certo, ou seja, copiei e criei o dito ficheiro

 

arrastei para o combo, o qual iniciou o processo, mas depois

 

ficou cerca de 1 hora parado a dizer que nao encontrou o ficheiro para o erro ....x08

 

tentei 2 vezes , tive o portatil parado por 2 horas e nada... desisti e vim aqui relatar...

 

vou de qualquer forma correr o hijackthis e logo coloco aqui o log..

 

 

abc

Alex

[jgarcia 1]

Boa tarde,

 

Obrigado pela rápida resposta amigo..

 

mas infelizmente nao deu certo, ou seja, copiei e criei o dito ficheiro

 

arrastei para o combo, o qual iniciou o processo, mas depois

 

ficou cerca de 1 hora parado a dizer que nao encontrou o ficheiro para o erro ....x08

 

tentei 2 vezes , tive o portatil parado por 2 horas e nada... desisti e vim aqui relatar...

 

vou de qualquer forma correr o hijackthis e logo coloco aqui o log..

 

 

abc

Alex

Tente executar a ação em Modo Seguro. ;)

[Alex365 0]

thanks again..

 

mas nada feito.. tentei faze-lo por modo seguro mas de nada valeu, empanca!!!

 

tenho imagem do erro mas nao csgo colar aqui.. como fazer?

 

abc

[Alex365 0]

Acha que terei de formatar isto?

 

Porque os trojans voltam a aparecer depois de o anti virus dizer que os deletou??

 

porque nao consigo rodar o hijack this agora?

 

ja agora, para que serve o hijackthis, o combofix etc?

 

abc e obg

Alex

[jgarcia 1]

Opa Alex365,

 

1. Baixe o Kaspersky Virus Removal Tool.

 

2. O arquivo possui 19 Mb, mas o resultado compensará o trabalho.

 

3. Reinicie a máquina em Modo Seguro.

 

4. Execute a ferramenta dando duplo-clique sobre o arquivo baixado.

 

5. Abrir-se-á a seguinte janela:

 

6. Marque os diretórios que deseja varrer (é melhor marcar todos).

 

7. Clique em Scan e aguarde o término do processo.

 

8. Terminada a varredura, retorne com o resultado.

 

Abraços.

[Alex365 0]

bom dia..

 

 

obrigado amigo.. estive sem net.. é que agora estou em portugal, vim ca de ferias e ja vou para a belgica de novo..

 

vou baixar isso e depois coloco aqui o relatorio.. obrigado.

 

tenho feito scans com o spy sweeper e o unico que detecta e que é

"permanente" agora é o "virtuamonde" ou qq coisa assim do genero, mas no entanto voltarei com novidades..

 

obrigado por tudo amigo ;))))

 

 

abc

Alex

[Alex365 0]

boas amigo..

 

infelizmente o kapersky nao funciona no meu portatil..

 

instalo mas ele da sempre erro "deixou de funcionar"

 

ja nao sei que fazer...

 

você tem-me ajudado mto mas... mais sugestoes???

 

 

 

abc

 

Alex