[Resolvido!] varias infecções frequentes

REDENTOR · Julho 3, 2009

Olá!

Recentemente eu peguei vários vírus de pen drive, que aparentemente, o bitdefender solucionou. Eram todos trojans. Também um foi identificado um trojan em arquivo temporario de internet, e já foi apagado. Só que hoje quando instalei um programa novo, chamado handy find, alguma coisa assim, o micro detectou intrusão e travou, sem que eu pudessem fazer nada.

Na mesma hora fiquei desesperada e rodei o comofix no modo de segurança, e este apagou algumas coisas que inclusive acho que tinha a ver com alguma coisa do desktop, pois assim que reiniciei vi que a aparencia da minha area de trabalho mudou: os icones agora estão pequenos, e a fotografia de fundo sumiu. Também desinstalei o programa que tinha acusado a intrusão e limpei o registro com o ccleaner.

Então, queria saber se agora está tudo limpo, podem verificar por favor?

No geral o micro tá normal, só demorando um pouco pra inicializar, e tb não consigo instalar o service pack 2 do vista, não sei porquê.

Seguem os logs, lembrando que rodei o combofix primeiro, e depois o hijackthis.

Valeu!

ComboFix 09-06-29.04 - CRIS 02/07/2009 23:04.6 - NTFSx86 MINIMAL

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.55.1046.18.2549.2136 [GMT -3:00]

Executando de: c:\users\CRIS\Desktop\ComboFix.exe

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

ADS - drivers: deleted 362 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\mfc45.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-03 to 2009-07-03 ))))))))))))))))))))))))))))

.

2009-07-03 02:09 . 2009-07-03 02:09 -------- d-----w- c:\users\CRIS\AppData\Local\temp

2009-07-03 01:42 . 2009-07-03 01:42 -------- d-----w- c:\program files\HandyFind

2009-07-01 09:43 . 2009-07-01 09:43 -------- d-----w- c:\progra~2\Apple Computer

2009-07-01 09:42 . 2009-07-01 09:43 -------- d-----w- c:\program files\QuickTime

2009-07-01 08:11 . 2009-07-01 08:26 -------- d-----w- C:\edc65bef580363024d312295a017

2009-07-01 04:44 . 2009-07-01 04:44 -------- d-----w- c:\windows\system32\EventProviders

2009-07-01 04:44 . 2009-07-01 04:49 -------- d-----w- C:\281b4872c876cb2914

2009-06-30 05:51 . 2009-06-17 14:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-30 05:51 . 2009-06-30 05:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-30 05:51 . 2009-06-17 14:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-30 00:09 . 2009-02-09 06:10 68232 ----a-w- c:\windows\UnDeployV.exe

2009-06-29 23:56 . 2009-06-29 23:59 -------- d-----w- C:\LinhaDefensiva

2009-06-28 04:41 . 2009-06-28 04:41 -------- d-----w- c:\program files\Common Files\xing shared

2009-06-21 20:19 . 2009-06-21 20:19 -------- d-----w- c:\users\CRIS\AppData\Local\Apple

2009-06-21 20:19 . 2009-06-21 20:19 -------- d-----w- c:\program files\Apple Software Update

2009-06-21 20:19 . 2009-06-21 20:19 -------- d-----w- c:\progra~2\Apple

2009-06-15 23:23 . 2009-06-15 23:23 942080 ----a-w- c:\windows\IMAPIShellExt.dll

2009-06-15 23:23 . 2009-06-15 23:23 81920 ----a-w- c:\windows\BurnImage.exe

2009-06-15 22:31 . 2009-06-15 22:32 -------- d-----w- c:\progra~2\mpDRM

2009-06-15 22:31 . 2009-06-15 22:32 -------- d-----w- c:\program files\Common Files\mpDRM

2009-06-15 22:31 . 2009-06-15 22:31 -------- d-----w- c:\progra~2\fluxDVD

2009-06-15 22:31 . 2009-06-15 22:32 -------- d-----w- c:\program files\Common Files\fluxDVD

2009-06-15 22:31 . 2009-06-15 22:31 -------- d-----w- c:\program files\CinemaNow

2009-06-15 22:28 . 2009-06-15 22:28 -------- d-----w- C:\temp

2009-06-15 21:39 . 2009-06-15 21:39 -------- d-----w- c:\users\CRIS\AppData\Local\MicroVision Applications

2009-06-15 21:29 . 2009-06-15 21:29 -------- d-----w- c:\users\CRIS\AppData\Roaming\Roxio

2009-06-15 21:11 . 2009-06-15 21:23 -------- d-----w- c:\program files\Roxio

2009-06-15 03:45 . 2009-06-15 03:45 -------- d-----w- c:\program files\BurnAware Home

2009-06-12 05:25 . 2009-06-12 05:25 -------- d-----w- c:\users\CRIS\AppData\Roaming\BitDefender

2009-06-12 05:25 . 2009-06-12 16:14 -------- d-----w- c:\progra~2\BitDefender

2009-06-12 05:24 . 2009-06-12 05:25 -------- d-----w- c:\program files\Common Files\BitDefender

2009-06-12 02:24 . 2009-06-12 02:24 390664 ------w- c:\users\CRIS\AppData\Roaming\Real\Update\temp\~Upg0\realplayer11gold.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-02 19:30 . 2008-06-11 03:12 115624 ----a-w- c:\users\CRIS\AppData\Local\GDIPFONTCACHEV1.DAT

2009-07-01 09:00 . 2008-07-28 06:01 81984 ----a-w- c:\windows\system32\bdod.bin

2009-07-01 04:51 . 2008-06-24 05:34 -------- d-----w- c:\users\CRIS\AppData\Roaming\Skype

2009-06-30 19:33 . 2008-06-11 03:11 6648 ----a-w- c:\users\CRIS\AppData\Local\d3d9caps.dat

2009-06-28 04:41 . 2008-07-28 04:54 -------- d-----w- c:\program files\Common Files\Real

2009-06-26 01:06 . 2008-12-20 18:11 1316 ----a-w- c:\users\CRIS\AppData\Roaming\iolo\restore.bat

2009-06-25 17:40 . 2009-02-15 01:16 132 ----a-w- C:\httpdwl.dat

2009-06-23 02:53 . 2006-11-06 01:23 636818 ----a-w- c:\windows\system32\prfh0416.dat

2009-06-23 02:53 . 2006-11-06 01:23 123102 ----a-w- c:\windows\system32\prfc0416.dat

2009-06-18 01:23 . 2008-06-11 07:14 -------- d-----w- c:\progra~2\Roxio

2009-06-15 21:16 . 2008-06-11 07:11 -------- d-----w- c:\program files\Common Files\SureThing Shared

2009-06-15 21:14 . 2008-06-11 07:08 -------- d-----w- c:\program files\Common Files\Sonic Shared

2009-06-15 03:48 . 2009-04-06 01:39 -------- d-----w- c:\program files\BurnAware Free

2009-06-12 05:25 . 2009-02-16 05:42 -------- d-----w- c:\program files\BitDefender

2009-06-11 22:45 . 2008-12-27 18:47 518 ----a-w- c:\users\CRIS\AppData\Roaming\iolo\Registry\Last\restore.bat

2009-06-11 21:59 . 2008-06-12 02:24 -------- d-----w- c:\progra~2\Microsoft Help

2009-06-11 21:27 . 2009-01-06 02:05 -------- d-----w- c:\program files\GbPlugin

2009-06-11 21:24 . 2009-05-23 07:49 -------- d-----w- c:\users\CRIS\AppData\Roaming\VistaCodecs

2009-06-11 21:24 . 2008-06-11 05:06 -------- d-----w- c:\users\CRIS\AppData\Roaming\TMP

2009-06-11 21:24 . 2008-06-11 08:36 -------- d-----w- c:\users\CRIS\AppData\Roaming\iolo

2009-06-11 21:24 . 2008-07-28 04:50 -------- d-----w- c:\users\CRIS\AppData\Roaming\Desktopicon

2009-06-11 21:24 . 2009-02-01 23:33 -------- d-----w- c:\progra~2\VistaCodecs

2009-06-11 21:24 . 2008-07-28 04:50 -------- d-----w- c:\program files\Unlocker

2009-06-11 21:24 . 2008-06-24 05:25 -------- d-----r- c:\program files\Skype

2009-06-11 21:24 . 2008-06-12 02:29 -------- d-----w- c:\program files\Microsoft Works

2009-06-11 21:24 . 2008-06-11 05:41 -------- d-----w- c:\program files\Java

2009-06-11 21:24 . 2008-07-28 06:11 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller

2009-06-11 21:24 . 2008-06-24 05:25 -------- d-----w- c:\program files\Common Files\Skype

2009-06-11 21:24 . 2008-06-11 05:16 -------- d-----w- c:\program files\DellTPad

2009-06-05 01:52 . 2008-12-21 23:27 -------- d-----w- c:\program files\Google

2009-05-25 23:52 . 2009-01-09 04:26 -------- d-----w- c:\users\CRIS\AppData\Roaming\Vso

2009-05-25 20:26 . 2008-12-23 18:43 -------- d-----w- c:\users\CRIS\AppData\Roaming\CyberLink

2009-05-25 20:26 . 2008-12-20 16:42 -------- d-----w- c:\progra~2\CyberLink

2009-05-25 20:21 . 2009-05-25 20:21 -------- d-----w- c:\program files\Common Files\CyberLink

2009-05-25 20:21 . 2008-06-11 04:53 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-05-25 20:17 . 2008-12-20 16:41 -------- d-----w- c:\program files\CyberLink

2009-05-25 20:14 . 2009-05-25 20:15 29480 ----a-w- c:\windows\system32\msxml3a.dll

2009-05-23 08:06 . 2008-12-20 05:26 -------- d-----w- c:\progra~2\DVD Shrink

2009-05-23 07:49 . 2009-05-23 07:49 -------- d-----w- c:\program files\VistaCodecPack

2009-05-21 03:23 . 2009-05-21 03:23 -------- d-----w- c:\program files\TouchStoneSoftware

2009-05-18 19:29 . 2009-05-18 19:29 -------- d-----w- c:\program files\Babylon

2009-05-14 14:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-05-13 00:06 . 2009-01-06 02:05 -------- d-----w- c:\progra~2\GbPlugin

2009-05-09 05:50 . 2009-06-11 21:36 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-09 05:34 . 2009-06-11 21:36 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-05-08 21:18 . 2009-05-08 21:18 1034752 ----a-w- c:\windows\system32\VSFilter.dll

2009-05-08 01:49 . 2009-01-16 04:47 -------- d-----w- c:\program files\DVDFab 5

2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr

2009-04-23 12:43 . 2009-06-11 21:36 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-23 12:42 . 2009-06-11 21:36 636928 ----a-w- c:\windows\system32\localspl.dll

2009-04-21 11:55 . 2009-06-11 21:36 2033152 ----a-w- c:\windows\system32\win32k.sys

2008-06-11 06:09 . 2008-06-11 06:09 76 --sha-r- c:\windows\CT4CET.bin

2007-03-01 18:51 . 2007-03-01 18:51 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]

"HandyFind Utility"="c:\program files\HandyFind\HandyFind.exe" [2007-12-08 438272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]

"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-01-19 314224]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-21 30192]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-08 778240]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-28 198160]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\program files\GBPLUGIN\gbiehcef.dll" [2009-03-27 264776]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\program files\GbPlugin\gbiehabn.dll" [2009-04-07 266664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2009-04-07 19:59 266664 ----a-w- c:\program files\GbPlugin\gbiehabn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2009-03-27 14:22 264776 ----a-w- c:\program files\GbPlugin\gbiehcef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-439302870-2014584316-92622786-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{420FF8B0-5215-4561-A13F-FE1E57027EDA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{C20FEE50-0171-4816-82AD-D2C30734914B}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{A9AB6CBB-BBFB-4B50-8EEE-6B253494F65A}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{BBC50457-9415-4FFB-AC5F-357E8920F9AA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{352476FC-4E92-4070-8BF0-65908A313DC6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{22C513B0-ADC8-4DF4-8772-83B13C9EB978}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{D2893F2D-0BEB-49FB-AE41-AA9BBE270F2C}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{CCFD7FEB-9E0B-40D1-A3A9-4A5FF7D36D05}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{10762115-78CA-4367-8648-A5B3EABCF920}"= c:\program files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:CyberLink PowerDVD 9.0

"{7A2778CC-397B-41DE-AF10-B0CCCD2DB072}"= c:\program files\CyberLink\PowerDVD9\PowerDVD9.EXE:CyberLink PowerDVD 9.0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R0 GbpKm;Gbp KernelMode;c:\windows\System32\drivers\gbpkm.sys [06/02/2009 16:33 26568]

S1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [20/12/2008 15:06 12800]

S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [11/06/2008 02:11 73728]

S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 18:16 82696]

S2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [05/09/2008 10:43 137080]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [05/01/2009 23:06 52808]

S2 gupdate1c9c79a9567cb47;Serviço Google Update (gupdate1c9c79a9567cb47);c:\program files\Google\Update\GoogleUpdate.exe [27/04/2009 21:45 133104]

S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [20/12/2008 15:06 712048]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [20/12/2008 15:06 712048]

S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 19:16 172032]

S3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [18/09/2008 12:09 111112]

S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [12/02/2009 16:52 104328]

S3 GoogleDesktopManager-092308-165331;Gerenciador do Google Desktop 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/12/2008 20:28 30192]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [11/06/2008 02:48 111616]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [30/06/2009 02:51 38160]

S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/10/2007 17:03 235648]

S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [05/03/2007 10:45 7424]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-RunOnce-<NO NAME> - (no file)

.

------- Scan Suplementar -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: realsecureweb.com.br\www2

.

------- Associação de arquivos/ficheiros -------

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-02 23:09

Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(664)

c:\windows\system32\relog_ap.dll

- - - - - - - > 'Explorer.exe'(1700)

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

.

Tempo para conclusão: 2009-07-03 23:11

ComboFix-quarantined-files.txt 2009-07-03 02:11

ComboFix2.txt 2009-04-09 02:43

Pré-execução: 24.423.833.600 bytes disponíveis

Pós execução: 24.050.282.496 bytes disponíveis

249 --- E O F --- 2009-07-01 16:56

**************************************************************************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:03:00, on 03/07/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

C:\Windows\system32\rundll32.exe

C:\hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginCef - C:\PROGRAM FILES\GBPLUGIN\gbiehCef.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: CinemaNow Service - Unknown owner - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Serviço Google Update (gupdate1c9c79a9567cb47) (gupdate1c9c79a9567cb47) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Home\nmsaccessu.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - REDC - (no file)

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10203 bytes

DigRam · Julho 3, 2009

Bom Dia! REDENTOR

<@> Baixe: < UsbFix.zip > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-o no Desktop! --> Tire-o do zip!

<@> Desabilite,temporariamente,seus programas de proteção. <-- ( antivírus,antispyware e firewall )

<@> Para maiores detalhes,na instalação,siga as recomendações deste Tutorial. <-- Link

<@> Execute a ferramenta,com um duplo-clique em UsbFix.exe.

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

Abraços!

REDENTOR · Julho 3, 2009

Digram,

não consegui, fiz o download mas depois de extrair o arquivo, ele não se torna um arquivo executável... tentei os outros links disponíveis no tutorial onde estavam as regras, mas não adiantou, os links não funcionam...

consegui baixar um que é a versão que o analista Antonio Vieira colocou no 4shared em 30/06, mas ele tb não foi baixado como um arquivo executável!! :cry:

o que eu faço?

DigRam · Julho 3, 2009

Digram,

não consegui, fiz o download mas depois de extrair o arquivo, ele não se torna um arquivo executável... tentei os outros links disponíveis no tutorial onde estavam as regras, mas não adiantou, os links não funcionam...

consegui baixar um que é a versão que o analista Antonio Vieira colocou no 4shared em 30/06, mas ele tb não foi baixado como um arquivo executável!! :cry:

o que eu faço?

<><><><><><><><><>

Opa! REDENTOR

<@> Baixe: < exefix.reg >

<@> Salve-o no Desktop!

<@> Reinicie o computador,em Modo de Segurança.

<@> Execute-o e aceite incorporar,ao registro,estas informações.

<@> Reinicie,normalmente,o computador!

<@> Baixe,novamente,o UsbFix e siga com os procedimentos.

Abraços!

REDENTOR · Julho 3, 2009

Não deu certo, link redireciona pra uma pagina toda escrita em chinês, no meio das letras em chines tem www.sdmiec.com , mas quando eu clico abre outra pagina sem opção para download nenhum...

será que tem um keyllogger na minha maquina? ontem apareceu uma tela, do nada, falando: você foi desconectado do bate-papo por problemas de conexão, tente novamente... eu não estava com nenhum programa aberto. Além disso, meu system mechanic acusa que meu antivirus e firewall não estão funcionando, embora eles pareçam estar habilitados.

Digram,

não consegui, fiz o download mas depois de extrair o arquivo, ele não se torna um arquivo executável... tentei os outros links disponíveis no tutorial onde estavam as regras, mas não adiantou, os links não funcionam...

consegui baixar um que é a versão que o analista Antonio Vieira colocou no 4shared em 30/06, mas ele tb não foi baixado como um arquivo executável!! :cry:

o que eu faço?

<><><><><><><><><>

Opa! REDENTOR

<@> Baixe: < exefix.reg >

<@> Salve-o no Desktop!

<@> Reinicie o computador,em Modo de Segurança.

<@> Execute-o e aceite incorporar,ao registro,estas informações.

<@> Reinicie,normalmente,o computador!

<@> Baixe,novamente,o UsbFix e siga com os procedimentos.

Abraços!

Digram, consegui baixar o exefix.reg de outro link, mas quando clico apenas abre um bloco de notas com vários comandos escritos, mas nada acontece...

DigRam · Julho 3, 2009

Boa Noite! REDENTOR

<@> Faça um scan online em: < Kaspersky >

<@> Utilize para isso,o navegador Internet Explorer.

<!> Acesse o site,e clique em: < >

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

<@> Poste,também,HijackThis atualizado.

Abraços!

REDENTOR · Julho 3, 2009

Digram,

Eu já utilizei esse scaner várias vezes, mas agora ele não funciona!!!!

Quando clico pra escanear, abre-se uma outra janela, que começa a carregar e....... fecha sozinha!!!

Será que em modo de segurança com rede daria pra fazer? O que você sugere??

Valeu!

DigRam · Julho 3, 2009

Digram,

Eu já utilizei esse scaner várias vezes, mas agora ele não funciona!!!!

Quando clico pra escanear, abre-se uma outra janela, que começa a carregar e....... fecha sozinha!!!

Será que em modo de segurança com rede daria pra fazer? O que você sugere??

Valeu!

<><><><><><><><>

Opa! REDENTOR

<!> Pode executar! :thumbsup:

Abraços!

REDENTOR · Julho 4, 2009

Não deu certo, acontece a mesma coisa... :pinch:

Digram,

Eu já utilizei esse scaner várias vezes, mas agora ele não funciona!!!!

Quando clico pra escanear, abre-se uma outra janela, que começa a carregar e....... fecha sozinha!!!

Será que em modo de segurança com rede daria pra fazer? O que você sugere??

Valeu!

<><><><><><><><>

Opa! REDENTOR

<!> Pode executar! :thumbsup:

Abraços!

DigRam · Julho 4, 2009

Boa Noite! REDENTOR

<@> Baixe: < Norman Malware Cleaner >

<@> Salve-o no desktop.

<@> Abra o arquivo e clique em Executar --> Accept.

<@> Clique em Add,para adicionar ou Remove,para remover unidades/setores à serem escaneados. ( C:\*.*,D:\*.*,E:\*.*,etc... )

<@> Clique em "Start scan" --> Aguarde!

<@> Terminando,poste o relatório,que estará no desktop. ( NFix_2009-xx-xx_yy-yy-yy.log ) <--

Abraços!

REDENTOR · Julho 4, 2009

Olá,

Aqui seguem os logs do norman e hijackthis:

Norman Malware Cleaner

Norman Scanner Engine Version: 6.01.09

Nvcbin.def Version: 6.01.00, Date: 2009/07/03 16:07:06, Variants: 3405959

Scan started: 04/07/2009 02:45:04

Running pre-scan cleanup routine:

Operating System: Microsoft Windows Vista 6.0.6001 Service Pack 1

Logged on user: CRIS-PC\CRIS

Set registry value: HKCR\scrfile\shell\open\command\ = "NOTEPAD.EXE %1" -> ""%1" /S"

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Scanning running processes and process memory...

Number of processes/threads found: 4258

Number of processes/threads scanned: 4258

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 3m 40s

Scanning file system...

Scanning: C:\*.*

C:\ProgramData\mpDRM\mpDRMHelper3.dll (Infected with W32/Agent.dam)

Deleted file

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{402af306-65e8-11de-9ba9-de7e91bb16b6}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{402af30c-65e8-11de-9ba9-de7e91bb16b6}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{58e44216-6778-11de-a4c4-e6bcc84073af}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{58e4421c-6778-11de-a4c4-e6bcc84073af}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{5c50ab0b-661e-11de-b3fa-a974218aedaa}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{5c50ab23-661e-11de-b3fa-a974218aedaa}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{908de4ea-65ac-11de-bac5-fd25b779becc}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{b443fb98-6507-11de-9a23-c6b7758a96af}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{e1cec083-660e-11de-94e0-a5a0b6ca31ca}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{e1cec08a-660e-11de-94e0-a5a0b6ca31ca}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\Windows\Installer\{27148014-3B0A-402B-8130-6B056357D12D}\texticon.exe (Infected with W32/Obfuscated.C!genr)

Deleted file

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl (Error opening file: Access denied)

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl (Error opening file: Access denied)

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl (Error opening file: Access denied)

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl (Error opening file: Access denied)

Scanning: E:\*.*

Scanning: F:\*.*

Scanning: G:\*.*

Scanning: H:\*.*

Scanning: c:\System Volume Information\*.*

c:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

c:\System Volume Information\{402af306-65e8-11de-9ba9-de7e91bb16b6}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

c:\System Volume Information\{402af30c-65e8-11de-9ba9-de7e91bb16b6}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

c:\System Volume Information\{58e44216-6778-11de-a4c4-e6bcc84073af}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

c:\System Volume Information\{58e4421c-6778-11de-a4c4-e6bcc84073af}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

c:\System Volume Information\{5c50ab0b-661e-11de-b3fa-a974218aedaa}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

c:\System Volume Information\{5c50ab23-661e-11de-b3fa-a974218aedaa}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

c:\System Volume Information\{908de4ea-65ac-11de-bac5-fd25b779becc}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

c:\System Volume Information\{b443fb98-6507-11de-9a23-c6b7758a96af}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

c:\System Volume Information\{e1cec083-660e-11de-94e0-a5a0b6ca31ca}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

c:\System Volume Information\{e1cec08a-660e-11de-94e0-a5a0b6ca31ca}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

Running post-scan cleanup routine:

Set TCP/IP autotuning to "normal" (or it was already "normal")

Number of files found: 226057

Number of archives unpacked: 1549

Number of files scanned: 225945

Number of files not scanned: 112

Number of files skipped due to exclude list: 0

Number of infected files found: 2

Number of infected files repaired/deleted: 2

Number of infections removed: 2

Total scanning time: 1h 50m 10s

--------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:42:31, on 04/07/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conime.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Windows\system32\rundll32.exe

C:\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157