[Arquivado] Problema com vírus

Noxe · Agosto 1, 2008

Boas a todos antes mais queria pedir desculpa porque de certeza que nao é aqui que se posta isto mas estou mesmo a precisar de ajuda por iso se nao for aqui o lugar indicado os moderadores que mudem sff.

Em relacao ao meu problema é o seguinte devo ter clicado em algum sitio ou ter feito algum download que me alterou o pc deixado muito lento, quando estou a navegar o internet explorer abre paginas de publicidade sozinho. Ja passei o anti-virus acusou só alguns trojans. Andei a ver na net e encontrei o vosso forum utilizei o programa hijackthis como diziam e keria postar aki o relatorio para verem.

O anti virus que uso é o Kaspersky 2009. o meu pc é um P4 3.00 Ghz 1 GB de ram, geforce 8500 Gt 512 mb.

Relatorio hijackthis

http://www.hdd.pt/download/1186370059/hijackthis.log.html

---------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:13:30, on 01-08-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\System32\cmd.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\programas\ficheiros comuns\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Windows Live\Messenger\msnmsgr.exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\Programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programas\CyberLink\PowerDVD8\Language\Language.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [cc9320b1] rundll32.exe "C:\WINDOWS\system32\hdylcpna.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKLM\..\Policies\Explorer\Run: [sFJTc2FXvg] C:\WINDOWS\gxunqhwx.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Clean Traces - C:\Programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9DF3B851-FE87-4C48-BD43-C3240981AA3C}: NameServer = 192.168.1.1

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O21 - SSODL: UnknownCD - {6ba9e57b-996a-421f-9afa-d678cd75d8b7} - C:\WINDOWS\Installer\{6ba9e57b-996a-421f-9afa-d678cd75d8b7}\UnknownCD.dll (file missing)

O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe (file missing)

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programas\ficheiros comuns\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: NET Monitoring (ServicoMonitoring) - LCN Tecnologia - c:\netmonit\abrir.exe

--

End of file - 6587 bytes

Espero que me ajudem e mais uma vez peço desculpa mas é um pouco urgente

DigRam · Agosto 1, 2008

Bom Dia! Noxe

<@> Baixe: < ComboFix >

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e Firewall.( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar e < Enter >

<@> Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

-------------------------

<@> Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Noxe · Agosto 1, 2008

Boas fiz tudo como disse aqui esta o relatorio

ComboFix 08-07-31.06 - Bruno 2008-08-01 22:14:55.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.653 [GMT 1:00]

Executando de: C:\Documents and Settings\Bruno\Ambiente de trabalho\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Bruno\Ambiente de trabalhoblackbird.jpg

C:\Documents and Settings\Bruno\Ambiente de trabalhoEditorFKWP1.5.exe

C:\Documents and Settings\Bruno\Ambiente de trabalhoEditorFKWP2.0.exe

C:\Documents and Settings\Bruno\Ambiente de trabalhofilemanagerclient.exe

C:\Documents and Settings\Bruno\Ambiente de trabalhofkwp1.5.exe

C:\Documents and Settings\Bruno\Ambiente de trabalhofkwp2.0.exe

C:\Documents and Settings\Bruno\Ambiente de trabalhofwebd.exe

C:\Documents and Settings\Bruno\Ambiente de trabalhoFWebdEditor.exe

C:\Documents and Settings\Bruno\Ambiente de trabalhoTrojan.Win32.BlackBird.exe

C:\Documents and Settings\Bruno\Ambiente de trabalhovirii

C:\Documents and Settings\Bruno\Application Data\Anti-Virus-Pro.com

C:\Programas\PCHealthCenter

C:\Programas\PCHealthCenter\0.exe

C:\Programas\PCHealthCenter\0.gif

C:\Programas\PCHealthCenter\1.exe

C:\Programas\PCHealthCenter\1.gif

C:\Programas\PCHealthCenter\2.exe

C:\Programas\PCHealthCenter\2.gif

C:\Programas\PCHealthCenter\3.exe

C:\Programas\PCHealthCenter\3.gif

C:\Programas\PCHealthCenter\5.exe

C:\Programas\PCHealthCenter\sex1.ico

C:\Programas\PCHealthCenter\sex2.ico

C:\WINDOWS\BMcfa0132d.txt

C:\WINDOWS\BMcfa0132d.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\Installer\{6ba9e57b-996a-421f-9afa-d678cd75d8b7}\UnknownCD.dll

C:\WINDOWS\mslagent

C:\WINDOWS\pskt.ini

C:\WINDOWS\Sys10.exe

C:\WINDOWS\Sys11.exe

C:\WINDOWS\SysF.exe

C:\WINDOWS\system32\dacovgdb.ini

C:\WINDOWS\system32\hjkkj.ini2

C:\WINDOWS\system32\hjkmp.ini

C:\WINDOWS\system32\hjkmp.ini2

C:\WINDOWS\system32\ijkkdigh.ini

C:\WINDOWS\system32\jhofswta.ini

C:\WINDOWS\system32\ljympk.dll

C:\WINDOWS\system32\msgb.dll

C:\WINDOWS\system32\mWxbayxx.ini

C:\WINDOWS\system32\mWxbayxx.ini2

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pguycc.dll

C:\WINDOWS\system32\qpgril.bmp

C:\WINDOWS\system32\sex2.ico

C:\WINDOWS\system32\shpiuptf.ini

C:\WINDOWS\system32\shpiuptf.ini2

C:\WINDOWS\system32\tpthouba.ini

C:\WINDOWS\system32\uddwnvju.ini

C:\WINDOWS\system32\uddwnvju.ini2

C:\WINDOWS\system32\uddwnvju.tmp

C:\WINDOWS\system32\vav.cpl

C:\WINDOWS\system32\wpcap.dll

C:\WINDOWS\system32\wsun32.dll

C:\WINDOWS\system32\xjtugghq.ini

C:\WINDOWS\system32\xxxryvpq.dll

C:\WINDOWS\system32\xxyabxWm.dll

C:\WINDOWS\system32\yxxqhtgx.ini

C:\WINDOWS\system32akttzn.exe

C:\WINDOWS\system32anticipator.dll

C:\WINDOWS\system32awtoolb.dll

C:\WINDOWS\system32bdn.com

C:\WINDOWS\system32bsva-egihsg52.exe

C:\WINDOWS\system32dpcproxy.exe

C:\WINDOWS\system32emesx.dll

C:\WINDOWS\system32h@tkeysh@@k.dll

C:\WINDOWS\system32hoproxy.dll

C:\WINDOWS\system32hxiwlgpm.dat

C:\WINDOWS\system32hxiwlgpm.exe

C:\WINDOWS\system32medup012.dll

C:\WINDOWS\system32medup020.dll

C:\WINDOWS\system32msgp.exe

C:\WINDOWS\system32msnbho.dll

C:\WINDOWS\system32mssecu.exe

C:\WINDOWS\system32msvchost.exe

C:\WINDOWS\system32mtr2.exe

C:\WINDOWS\system32mwin32.exe

C:\WINDOWS\system32netode.exe

C:\WINDOWS\system32newsd32.exe

C:\WINDOWS\system32ps1.exe

C:\WINDOWS\system32psof1.exe

C:\WINDOWS\system32psoft1.exe

C:\WINDOWS\system32regc64.dll

C:\WINDOWS\system32regm64.dll

C:\WINDOWS\system32Rundl1.exe

C:\WINDOWS\system32smp

C:\WINDOWS\system32smp\msrc.exe

C:\WINDOWS\system32sncntr.exe

C:\WINDOWS\system32ssurf022.dll

C:\WINDOWS\system32ssvchost.com

C:\WINDOWS\system32ssvchost.exe

C:\WINDOWS\system32sysreq.exe

C:\WINDOWS\system32taack.dat

C:\WINDOWS\system32taack.exe

C:\WINDOWS\system32temp#01.exe

C:\WINDOWS\system32thun.dll

C:\WINDOWS\system32thun32.dll

C:\WINDOWS\system32VBIEWER.OCX

C:\WINDOWS\system32vbsys2.dll

C:\WINDOWS\system32vcatchpi.dll

C:\WINDOWS\system32winlogonpc.exe

C:\WINDOWS\system32winsystem.exe

C:\WINDOWS\system32WINWGPX.EXE

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_new_drv

-------\Service_NPF

((((((((((((((((((((((( Ficheiros criados de 2008-07-01 to 2008-08-01 ))))))))))))))))))))))))))))))))

.

2008-08-01 22:57 . 2008-08-01 22:57 294 ---hs---- C:\WINDOWS\system32\jhofswta.ini

2008-08-01 22:04 . 2008-08-01 22:04 99,712 --a------ C:\WINDOWS\system32\atwsfohj.dll

2008-08-01 22:02 . 2008-08-01 22:02 129,920 --a------ C:\WINDOWS\system32\tdpolidk.dll

2008-08-01 22:02 . 2008-08-01 22:02 129,920 --a------ C:\WINDOWS\system32\ilugcf.dll

2008-08-01 21:58 . 2008-08-01 21:58 129,920 --a------ C:\WINDOWS\system32\yexwgtll.dll

2008-08-01 21:58 . 2008-08-01 21:58 129,920 --a------ C:\WINDOWS\system32\pjwktx.dll

2008-08-01 14:10 . 2008-08-01 14:13 <DIR> d-------- C:\HiJackThis

2008-08-01 14:10 . 2008-08-01 14:10 1,382,275 --ahs---- C:\WINDOWS\system32\anpclydh.tmp

2008-07-31 16:46 . 2008-07-31 17:05 <DIR> d-------- C:\Programas\MagicISO

2008-07-31 12:51 . 2008-07-31 12:51 <DIR> d-------- C:\Programas\K-Lite Codec Pack

2008-07-30 18:49 . 2008-07-30 19:01 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-07-30 18:49 . 2008-07-30 19:01 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-07-30 18:47 . 2008-08-01 22:41 3,279,392 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-07-30 18:47 . 2008-08-01 22:56 335,904 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-07-30 18:47 . 2008-08-01 22:41 26,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-07-30 18:47 . 2008-08-01 22:57 2,256 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-07-30 17:47 . 2008-07-30 17:47 99,712 --a------ C:\WINDOWS\system32\divhidtv.dll

2008-07-30 17:44 . 2008-07-30 17:44 99,712 --a------ C:\WINDOWS\system32\bxnusres.dll

2008-07-30 16:49 . 2008-07-30 16:49 99,712 --a------ C:\WINDOWS\system32\rtgmpehj.dll

2008-07-30 15:02 . 2008-07-30 15:02 1,169 --a------ C:\WINDOWS\mozver.dat

2008-07-30 14:31 . 2008-07-30 14:31 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-30 13:34 . 2008-07-30 13:34 <DIR> d-------- C:\Documents and Settings\Bruno\Application Data\True Sword

2008-07-30 13:16 . 2008-07-30 14:29 <DIR> d-------- C:\Programas\True Sword 4

2008-07-29 11:39 . 2008-07-31 23:13 <DIR> d-------- C:\Programas\Everest Poker

2008-07-27 18:34 . 2008-07-29 22:58 <DIR> d-------- C:\Programas\GameSpy Arcade

2008-07-27 18:09 . 2008-07-29 02:28 <DIR> d-------- C:\Documents and Settings\Bruno\Application Data\Hamachi

2008-07-27 18:08 . 2008-07-27 18:08 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2008-07-22 01:42 . 2008-07-22 01:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-01 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-08-01 12:13 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-07-31 15:37 --------- d-----w C:\Documents and Settings\Bruno\Application Data\uTorrent

2008-07-30 20:13 --------- d-----w C:\Programas\uTorrent

2008-07-30 17:47 --------- d-----w C:\Programas\Kaspersky Lab

2008-07-30 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-07-30 13:33 --------- d-----w C:\Programas\Windows Live

2008-07-29 21:58 --------- d-----w C:\Programas\LimeWire

2008-07-29 21:58 --------- d-----w C:\Programas\DAP

2008-07-28 10:44 --------- d-s---w C:\Programas\Xfire

2008-07-27 17:23 --------- d-----w C:\Documents and Settings\Bruno\Application Data\Xfire

2008-07-27 17:04 --------- d-----w C:\Programas\Microsoft Games

2008-07-23 10:41 --------- d-----w C:\Programas\Java

2008-07-20 23:16 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys

2008-07-11 00:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-07-10 17:24 --------- d-----w C:\Programas\Lexmark X1100 Series

2008-07-10 14:00 --------- d-----w C:\Programas\Ficheiros comuns\Real

2008-07-09 16:54 --------- d-----w C:\Documents and Settings\Bruno\Application Data\LimeWire

2008-07-01 17:11 --------- d--h--w C:\Programas\InstallShield Installation Information

2008-06-28 12:11 --------- d-----w C:\Programas\Real

2008-06-19 14:22 --------- d-----w C:\Programas\TI Education

2008-06-19 14:22 --------- d-----w C:\Programas\Ficheiros comuns\TI Shared

2008-06-19 14:22 --------- d-----w C:\Programas\Ficheiros comuns\SpellEx

2008-06-19 13:40 --------- d-----w C:\Programas\Ficheiros comuns\Wise Installation Wizard

2008-06-12 14:28 --------- d-----w C:\Programas\Doom 3

2008-06-10 11:02 --------- d-----w C:\Programas\Ficheiros comuns\Logitech

2008-06-10 11:01 --------- d-----w C:\Programas\Logitech

2008-06-09 23:02 --------- d-----w C:\Programas\BT Next Evolution

2008-03-25 00:14 118,784 ----a-w C:\Documents and Settings\All Users\Application Data\dkzonyfa.dll

2008-01-15 20:15 22,328 ----a-w C:\Documents and Settings\Bruno\Application Data\PnkBstrK.sys

.

------- Sigcheck -------

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2008-03-21 23:41 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\dllcache\TCPIP.SYS

2008-03-21 23:41 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\TCPIP.SYS

2007-06-13 14:22 977920 605f1c805f3c226781d3cafcc074f643 C:\WINDOWS\explorer.exe

2007-06-13 14:10 1035264 4b1174a06f3e4bd5341521d151b84dce C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2007-06-13 14:22 977920 605f1c805f3c226781d3cafcc074f643 C:\WINDOWS\system32\dllcache\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67c2c5a6-8ce3-48cd-997f-dc69974e335e}]

2008-08-01 22:02 129920 --a------ C:\WINDOWS\system32\ilugcf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-21 12:00 15360]

"DAEMON Tools Lite"="C:\Programas\DAEMON Tools Lite\daemon.exe" [2007-12-19 21:13 486856]

"msnmsgr"="C:\Programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 23:05 8429568]

"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"PDVD8LanguageShortcut"="C:\Programas\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]

"NeroFilterCheck"="C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"Lexmark X1100 Series"="C:\Programas\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 12:12 57344]

"cc9320b1"="C:\WINDOWS\system32\atwsfohj.dll" [2008-08-01 22:04 99712]

"AVP"="C:\Programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 02:58 16264192 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-21 12:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-29 06:24 286720 C:\Programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programas\\BT Next Evolution\\btnext.exe"=

"C:\\Programas\\Messenger\\msmsgs.exe"=

"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programas\\uTorrent\\uTorrent.exe"=

"C:\\Programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp(1.4cracked).exe"=

"C:\\Programas\\Sports Interactive\\Football Manager 2008\\fm.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programas\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

"C:\\RF PoA\\RF Online\\RF.exe"=

"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Portuguese\\setup.exe"=

"C:\\Programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Programas\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=

"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13000:TCP"= 13000:TCP:btnext

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]

S2 Anyplace Control Security;Anyplace Control Security;C:\WINDOWS\svcadmin.exe []

S3 ServicoMonitoring;NET Monitoring;c:\netmonit\abrir.exe [2007-09-19 23:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - D:\autorun.exe

.

Conte£do da pasta 'Tarefas Agendadas'

2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programas\Apple Software Update\SoftwareUpdate.exe []

2008-07-31 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job

- C:\Programas\RegistrySmart\RegistrySmart.exe []

2008-07-31 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job

- C:\Programas\RegistrySmart []

2008-08-01 C:\WINDOWS\Tasks\started.job

- c:\autoexec.bat [2008-01-27 11:54]

.

- - - - ORFAOS REMOVIDOS - - - -

BHO-{FBF85A20-FF88-4C46-90FB-B023E5C4ECA0} - C:\WINDOWS\system32\iifCVOFX.dll

HKLM-Explorer_Run-SFJTc2FXvg - C:\WINDOWS\gxunqhwx.exe

ShellExecuteHooks-{FBF85A20-FF88-4C46-90FB-B023E5C4ECA0} - C:\WINDOWS\system32\iifCVOFX.dll

Notify-iifCVOFX - iifCVOFX.dll

MSConfigStartUp-AVP - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

MSConfigStartUp-cc9320b1 - C:\WINDOWS\system32\ujvnwddu.dll

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Bruno\Application Data\Mozilla\Firefox\Profiles\f3aq3nzh.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.pt/

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-01 22:57:06

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

C:\WINDOWS\system32\jhofswta.ini 1382137 bytes

Varredura completada com sucesso

Ficheiros ocultos: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\e67gdfg]

"ImagePath"="\??\C:\WINDOWS\twain_32\e67gdfg.ds"

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

PROCESSOS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\atwsfohj.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\Programas\Ficheiros comuns\Logitech\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programas\Lexmark X1100 Series\lxbkbmon.exe

C:\WINDOWS\system32\verclsid.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-01 23:00:38 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-01 22:00:34

Pre-Run: 13,861,433,344 bytes livres

Post-Run: 21,029,838,848 bytes livres

319 --- E O F --- 2008-05-15 20:56:13

Fico aguardando uma resposta

E obrigado por atender á minha questao

Abraço

DigRam · Agosto 2, 2008

Bom Dia! Noxe

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

<!> Para a segurança do PC,vamos providenciar a instalação do Console de Recuperação.

------------------------

<!> Vá ao site da Microsoft: < Link >

<!> Selecione o download,que seja adequado,ao seu Sistema Operacional!

<!> Faça o download,do arquivo,e salve-o no seu desktop.

<!> Feche todos os programas,que estejam abertos!

<!> Feche,também,seus programas de proteção! ( Antivírus,Antispywares e Firewall )

<!> Arraste o setup,baixado do site da Microsoft,para o interior do ComboFix.exe

<!> Veja,abaixo,a demonstração!

<!> Siga as mensagens que aparecem na tela,para iniciar o ComboFix.

<!> Aceite o contrato da Microsoft,para instalar o "Console de Recuperação da Microsoft".

<!> Na próxima mensagem,clique em "Yes",para realizar um scan com o ComboFix.

<!> Terminando,poste os relatórios:

<!> C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

Noxe · Agosto 2, 2008

Boas fiz tudo como disse nao sei bem é o segundo passo porque a imagem nao se ve mas arastei o programa da console para o combofix e resultou bem aceitei tudo e aqui esta o relatorio:

ComboFix 08-07-31.06 - Bruno 2008-08-02 12:00:20.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.686 [GMT 1:00]

Executando de: C:\Documents and Settings\Bruno\Ambiente de trabalho\ComboFix.exe

Command switches used :: C:\Documents and Settings\Bruno\Ambiente de trabalho\WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\jhofswta.ini

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-02 to 2008-08-02 ))))))))))))))))))))))))))))))))

.

2008-08-01 23:00 . 2008-08-01 23:00 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Definiþ§es locais

2008-08-01 23:00 . 2008-08-01 23:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Definiþ§es locais

2008-08-01 23:00 . 2008-08-01 23:00 <DIR> d-------- C:\Documents and Settings\LocalService\Definiþ§es locais

2008-08-01 23:00 . 2008-08-01 23:00 <DIR> d-------- C:\Documents and Settings\Bruno\Definiþ§es locais

2008-08-01 23:00 . 2008-08-01 23:00 <DIR> d-------- C:\Documents and Settings\Administrador\Definiþ§es locais