Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » HJT log - I need help asap!

[Fixed] Hijackthis! Logs - HJT log - I need help asap! posted in the Security & Safety forums; Hello, I ran a scan with Ad-Aware two days ago and I found this - Win32.TrojanDownloader.ConHook I've been trying to remove it, but with no success. My computer is slow ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 12-22-2007
Bronze Member
  
Join Date: Dec 2007
Posts: 26
PC Experience: PC Illiterate
TeresaBloom - See this Members User comments on their Profile page
Default HJT log - I need help asap!
Hello,

I ran a scan with Ad-Aware two days ago and I found this - Win32.TrojanDownloader.ConHook
I've been trying to remove it, but with no success.

My computer is slow and it's blocking all the time. I get many random pop-ups which I didn't get at all before. And my computer is always restarting.

I hope someone can help me. I'm completely desperate now ...

Here's my log from HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:56, on 22-12-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\Programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\QuickTime\qttask.exe
C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programas\SPYWAREfighter\spftray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programas\VIA\RAID\raid_tool.exe
C:\Programas\WinZip\WZQKPICK.EXE
C:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\System32\jvnbntmp.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kizjsbxfhpzteu.com/pYG3kh...jw5n1vAe4.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.d ll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Programas\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programas\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ac25e206] rundll32.exe "C:\WINDOWS\System32\sabocdom.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = C:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programas\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O22 - SharedTaskScheduler: {93ac7c30-3878-4eaa-9420-7977285df5b1} - cinnamomum - (no file)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\jvnbntmp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programas\Sygate\SPF\smc.exe
--
End of file - 5966 bytes



Thanks in advance,
Teresa


Last edited by TeresaBloom; 12-22-2007 at 08:11 PM.
  #2  
Old 12-22-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,097
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: HJT log - I need help asap!
This will help to identify malware on your system.
Please download Combofix from any of these locations:
Here
or
Here
Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
Caution...Never run and remove files using ComboFix without being supervised by a security analyst.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 12-23-2007
Bronze Member
  
Join Date: Dec 2007
Posts: 26
PC Experience: PC Illiterate
TeresaBloom - See this Members User comments on their Profile page
Default Re: HJT log - I need help asap!
Thanks for helping me!

Here's the ComboFix log:

ComboFix 07-12-21.4 - Teresa Calado 2007-12-23 11:33:15.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.2070.18.28 [GMT 0:00]
Executando de: C:\Documents and Settings\Teresa Calado\Ambiente de trabalho\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
---- Previous Run -------
.
C:\Programas\Ficheiros comuns\{AC25E~1
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aiudlhwn.dll
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\awtuspn.dll
C:\WINDOWS\system32\components
C:\WINDOWS\system32\components\flx0.dll
C:\WINDOWS\system32\components\flx10.dll
C:\WINDOWS\system32\components\flx11.dll
C:\WINDOWS\system32\components\flx12.dll
C:\WINDOWS\system32\cuvamlfr.dll
C:\WINDOWS\system32\hgemgqre.dll
C:\WINDOWS\system32\jbaudeqp.dll
C:\WINDOWS\system32\juhciwvs.dll
C:\WINDOWS\system32\jvnbntmp.exe
C:\WINDOWS\system32\modcobas.ini
C:\WINDOWS\system32\modcobas.ini2
C:\WINDOWS\system32\modcobas.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnkiig.dll
C:\WINDOWS\system32\rgpwfprt.exe
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\sabocdom.dll
C:\WINDOWS\system32\sjqrgdss.ini
C:\WINDOWS\system32\ssdgrqjs.dll
C:\WINDOWS\system32\vqwjbxci.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((( Ficheiros criados de 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))))
.
2007-12-22 19:03 . 2007-12-23 10:48 320 --ahs---- C:\WINDOWS\system32\accdd.ini
2007-12-22 16:17 . 2007-12-22 18:52 320 --ahs---- C:\WINDOWS\system32\jjkmp.ini
2007-12-21 22:46 . 2007-12-21 22:46 <DIR> d-------- C:\Documents and Settings\Teresa Calado\Application Data\True Sword
2007-12-21 22:45 . 2007-12-22 13:21 <DIR> d-------- C:\Programas\True Sword 4
2007-12-21 22:30 . 2007-12-21 22:30 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2007-12-21 13:26 . 2007-12-21 13:26 <DIR> d-------- C:\Programas\Trend Micro
2007-12-21 13:07 . 2007-12-22 15:42 320 --ahs---- C:\WINDOWS\system32\onnmp.ini
2007-12-20 23:06 . 2007-12-23 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 13:21 . 2007-12-20 13:22 994,156 ---hs---- C:\WINDOWS\system32\qevgrcsf.tmp
2007-12-19 19:49 . 2007-12-20 12:12 <DIR> d-------- C:\Programas\SPYWAREfighter
2007-12-19 19:49 . 2007-12-19 19:49 <DIR> d-------- C:\Programas\Ficheiros comuns\Application
2007-12-19 18:00 . 2007-12-20 13:07 994,156 ---hs---- C:\WINDOWS\system32\qevgrcsf.ini
2007-12-18 12:24 . 2007-12-19 17:59 993,229 ---hs---- C:\WINDOWS\system32\uitkrdne.ini
2007-12-16 18:41 . 2007-12-21 12:23 320 --ahs---- C:\WINDOWS\system32\rstwa.ini
2007-12-16 18:33 . 2007-12-16 18:33 <DIR> d-------- C:\WINDOWS\system32\ineWc01
2007-12-16 18:33 . 2007-12-16 18:33 <DIR> d-------- C:\Temp\tpBe12
2007-12-11 15:39 . 2007-12-11 15:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-11 15:39 . 2007-12-11 15:39 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-28 20:22 . 2001-08-18 05:24 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-11-28 20:22 . 2001-08-18 05:24 135,040 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2007-11-28 20:22 . 2001-08-17 21:01 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-11-28 20:22 . 2001-08-17 21:01 57,344 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2007-11-28 20:21 . 2007-11-28 20:21 26,112 --a------ C:\WINDOWS\system32\drivers\nchssvad.sys
2007-11-28 20:09 . 2007-11-28 20:09 <DIR> d-------- C:\Documents and Settings\Teresa Calado\Application Data\Recordpad
2007-11-28 20:09 . 2007-11-28 21:01 <DIR> d-------- C:\Documents and Settings\Teresa Calado\Application Data\NCH Swift Sound
2007-11-28 20:09 . 2007-11-28 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-11-28 20:08 . 2007-11-28 21:01 <DIR> d-------- C:\Programas\NCH Swift Sound
2007-11-28 20:08 . 2007-11-28 20:08 <DIR> d-------- C:\Programas\NCH Software
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-23 11:36 4,817,952 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-23 11:32 --------- d-----w C:\Documents and Settings\Teresa Calado\Application Data\MegauploadToolbar
2007-12-23 11:26 453,680 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-23 11:26 143,304,480 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-23 11:26 1,922,396 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-30 14:16 --------- d-----w C:\Programas\eMule
2007-11-28 20:49 --------- d-----w C:\Programas\MP3 WAV Converter
2007-11-04 23:37 --------- d-----w C:\Programas\del.icio.us
2007-10-27 17:49 --------- d-----w C:\Programas\Free Audio Pack
2007-10-27 11:01 --------- d-----w C:\Documents and Settings\Teresa Calado\Application Data\uTorrent
2007-10-26 21:08 --------- d-----w C:\Programas\Orbitdownloader
2007-10-26 21:08 --------- d-----w C:\Documents and Settings\Teresa Calado\Application Data\Orbit
2005-08-10 13:21 30,926 ----a-w C:\WINDOWS\Fonts\aajaxsurrealfreak.zip
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2006-08-04 13:59 647,721 --sh--w C:\WINDOWS\system32\ihkmp.bak2
2006-08-04 15:13 532,045 --sh--w C:\WINDOWS\system32\ihkmp.ini2
2007-02-10 16:02 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2007-12-23_11.16.11.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-23 10:58:53 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2007-12-23 11:27:39 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
- 2007-12-23 10:58:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definiçõe s locais\Histórico\History.IE5\index.dat
+ 2007-12-23 11:27:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definiçõe s locais\Histórico\History.IE5\index.dat
- 2007-12-23 10:58:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definiçõe s locais\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-23 11:27:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definiçõe s locais\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27962884-533F-4DF1-B1EC-1FF982D42B8F}]
C:\WINDOWS\System32\pmnno.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E58E623-B46A-4D82-A450-2C7126C5A922}]
C:\WINDOWS\System32\ddcca.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D64E4065-1A4C-44B7-8119-B2E1F0D8531C}]
C:\WINDOWS\System32\ddcca.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-11-20 12:00]
"msnmsgr"="C:\Programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 03:53 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-01-10 23:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 10:20 C:\WINDOWS\SOUNDMAN.EXE]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40]
"TkBellExe"="C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2005-08-06 14:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_0 3\bin\jusched.exe" [2007-09-25 00:11]
"iTunesHelper"="C:\Programas\iTunes\iTunesHelper.e xe" [2006-02-23 15:45]
"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2006-06-02 11:20]
"AVP"="C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-09-06 19:12]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"spywarefighterguard"="C:\Programas\SPYWAREfighter \spftray.exe" [2007-06-08 11:52]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-11-20 12:00]
C:\Documents and Settings\Teresa Calado\Menu Iniciar\Programas\Arranque\
Ferramenta de Verifica‡Æo de M¡dia do Cyber-shot Viewer.lnk - C:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-07-28 21:21:00]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
VIA RAID TOOL.lnk - C:\Programas\VIA\RAID\raid_tool.exe [2005-08-04 21:45:17]
WinZip Quick Pick.lnk - C:\Programas\WinZip\WZQKPICK.EXE [2005-08-05 22:31:10]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhi]
C:\WINDOWS\System32\pmkhi.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winabt32]
winabt32.dll
R0 viamraid;viamraid;C:\WINDOWS\System32\DRIVERS\viam raid.sys [2004-03-29 05:45]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2006-10-27 12:17]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs []
S2 DP1112P1112;C:\WINDOWS\System32\Drivers\DP.sys []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\System32\PavSRK.s ys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\System32\DRIVERS\sscdbus.sys [2004-04-08 01:04]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys [2004-04-08 01:04]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\System32\DRIVERS\sscdmdm.sys [2004-04-08 01:04]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Conteúdo da pasta 'Tarefas Agendadas'
"2007-12-14 19:01:18 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programas\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 11:36:53
Windows 5.1.2600 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
************************************************** ************************
.
Tempo para conclusão: 2007-12-23 11:38:09




And the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:48, on 23-12-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\Programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\QuickTime\qttask.exe
C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programas\SPYWAREfighter\spftray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Programas\VIA\RAID\raid_tool.exe
C:\Programas\WinZip\WZQKPICK.EXE
C:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {27962884-533F-4DF1-B1EC-1FF982D42B8F} - C:\WINDOWS\System32\pmnno.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.d ll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Programas\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: (no name) - {8E58E623-B46A-4D82-A450-2C7126C5A922} - C:\WINDOWS\System32\ddcca.dll (file missing)
O2 - BHO: (no name) - {D64E4065-1A4C-44B7-8119-B2E1F0D8531C} - C:\WINDOWS\System32\ddcca.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.d ll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Programas\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programas\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = C:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programas\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\System32\pmkhi.dll (file missing)
O20 - Winlogon Notify: winabt32 - winabt32.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programas\Sygate\SPF\smc.exe
--
End of file - 6108 bytes
  #4  
Old 12-23-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,097
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: HJT log - I need help asap!
This should have things finished.Let me know how things are going.


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {27962884-533F-4DF1-B1EC-1FF982D42B8F} - C:\WINDOWS\System32\pmnno.dll (file missing)
O2 - BHO: (no name) - {8E58E623-B46A-4D82-A450-2C7126C5A922} - C:\WINDOWS\System32\ddcca.dll (file missing)
O2 - BHO: (no name) - {D64E4065-1A4C-44B7-8119-B2E1F0D8531C} - C:\WINDOWS\System32\ddcca.dll (file missing)
O20 - Winlogon Notify: pmkhi - C:\WINDOWS\System32\pmkhi.dll (file missing)
O20 - Winlogon Notify: winabt32 - winabt32.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
=====================================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:

KillAll::
File::
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\qevgrcsf.tmp
C:\WINDOWS\system32\qevgrcsf.ini
C:\WINDOWS\system32\uitkrdne.ini
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\ihkmp.bak2
C:\WINDOWS\system32\ihkmp.ini2
Folder::
C:\WINDOWS\system32\ineWc01
C:\Temp\tpBe12
Registry:
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27962884-533F-4DF1-B1EC-1FF982D42B8F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E58E623-B46A-4D82-A450-2C7126C5A922}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D64E4065-1A4C-44B7-8119-B2E1F0D8531C}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhi]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winabt32]
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 12-24-2007
Bronze Member
  
Join Date: Dec 2007
Posts: 26
PC Experience: PC Illiterate
TeresaBloom - See this Members User comments on their Profile page
Default Re: HJT log - I need help asap!
Hey,

I did all that till the "drag CFScript.txt into ComboFix.exe" part, but then my computer blocked completely and I couldn't restart it properly.
The computer restarted a few times by itself (as it's been doing in the last days) and when it was finaly okay, it didn't produce the ComboFix log.

What should I do now?
  #6  
Old 12-24-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,097
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: HJT log - I need help asap!
Run it again...


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #7  
Old 12-26-2007
Bronze Member
  
Join Date: Dec 2007
Posts: 26
PC Experience: PC Illiterate
TeresaBloom - See this Members User comments on their Profile page
Default Re: HJT log - I need help asap!
Okay, here it is ...

ComboFix log:

ComboFix 07-12-21.4 - Teresa Calado 2007-12-25 23:21:24.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.351.2070.18.68 [GMT 0:00]
Executando de: C:\Documents and Settings\Teresa Calado\Ambiente de trabalho\ComboFix.exe
Command switches used :: C:\Documents and Settings\Teresa Calado\Ambiente de trabalho\CFScript.txt
* Criado um novo ponto de restauro
FILE
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\ihkmp.bak2
C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\qevgrcsf.ini
C:\WINDOWS\system32\qevgrcsf.tmp
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\uitkrdne.ini
.
((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
C:\Temp\tpBe12
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\ihkmp.bak2
C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\ineWc01\ineWc011065.exe
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\qevgrcsf.ini
C:\WINDOWS\system32\qevgrcsf.tmp
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\uitkrdne.ini
.
((((((((((((((((((((((( Ficheiros criados de 2007-11-25 to 2007-12-25 ))))))))))))))))))))))))))))))))
.
2007-12-21 22:46 . 2007-12-21 22:46 <DIR> d-------- C:\Documents and Settings\Teresa Calado\Application Data\True Sword
2007-12-21 22:45 . 2007-12-22 13:21 <DIR> d-------- C:\Programas\True Sword 4
2007-12-21 22:30 . 2007-12-21 22:30 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2007-12-21 13:26 . 2007-12-21 13:26 <DIR> d-------- C:\Programas\Trend Micro
2007-12-20 23:06 . 2007-12-23 11:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-19 19:49 . 2007-12-20 12:12 <DIR> d-------- C:\Programas\SPYWAREfighter
2007-12-19 19:49 . 2007-12-19 19:49 <DIR> d-------- C:\Programas\Ficheiros comuns\Application
2007-12-11 15:39 . 2007-12-11 15:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-11 15:39 . 2007-12-11 15:39 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-28 20:22 . 2001-08-18 05:24 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-11-28 20:22 . 2001-08-18 05:24 135,040 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2007-11-28 20:22 . 2001-08-17 21:01 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-11-28 20:22 . 2001-08-17 21:01 57,344 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2007-11-28 20:21 . 2007-11-28 20:21 26,112 --a------ C:\WINDOWS\system32\drivers\nchssvad.sys
2007-11-28 20:09 . 2007-11-28 20:09 <DIR> d-------- C:\Documents and Settings\Teresa Calado\Application Data\Recordpad
2007-11-28 20:09 . 2007-11-28 21:01 <DIR> d-------- C:\Documents and Settings\Teresa Calado\Application Data\NCH Swift Sound
2007-11-28 20:09 . 2007-11-28 20:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-11-28 20:08 . 2007-11-28 21:01 <DIR> d-------- C:\Programas\NCH Swift Sound
2007-11-28 20:08 . 2007-11-28 20:08 <DIR> d-------- C:\Programas\NCH Software
.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-25 23:25 454,352 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-25 23:25 4,823,840 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-25 23:25 143,304,480 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-25 23:25 1,922,396 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-25 23:17 --------- d-----w C:\Documents and Settings\Teresa Calado\Application Data\MegauploadToolbar
2007-11-30 14:16 --------- d-----w C:\Programas\eMule
2007-11-28 20:49 --------- d-----w C:\Programas\MP3 WAV Converter
2007-11-04 23:37 --------- d-----w C:\Programas\del.icio.us
2007-10-27 17:49 --------- d-----w C:\Programas\Free Audio Pack
2007-10-27 11:01 --------- d-----w C:\Documents and Settings\Teresa Calado\Application Data\uTorrent
2007-10-26 21:08 --------- d-----w C:\Programas\Orbitdownloader
2007-10-26 21:08 --------- d-----w C:\Documents and Settings\Teresa Calado\Application Data\Orbit
2005-08-10 13:21 30,926 ----a-w C:\WINDOWS\Fonts\aajaxsurrealfreak.zip
2007-02-10 16:02 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2007-12-23_11.16.11.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-23 10:58:53 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2007-12-25 22:43:29 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
- 2007-12-23 10:58:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definiçõe s locais\Histórico\History.IE5\index.dat
+ 2007-12-25 22:43:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definiçõe s locais\Histórico\History.IE5\index.dat
- 2007-12-23 10:58:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definiçõe s locais\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-25 22:43:29 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definiçõe s locais\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-23 10:44:08 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.da t
+ 2007-12-25 23:21:09 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.da t
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-11-20 12:00]
"msnmsgr"="C:\Programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 03:53 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-01-10 23:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 10:20 C:\WINDOWS\SOUNDMAN.EXE]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40]
"TkBellExe"="C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2005-08-06 14:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_0 3\bin\jusched.exe" [2007-09-25 00:11]
"iTunesHelper"="C:\Programas\iTunes\iTunesHelper.e xe" [2006-02-23 15:45]
"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2006-06-02 11:20]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"spywarefighterguard"="C:\Programas\SPYWAREfighter \spftray.exe" [2007-06-08 11:52]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-11-20 12:00]
C:\Documents and Settings\Teresa Calado\Menu Iniciar\Programas\Arranque\
Ferramenta de Verifica‡Æo de M¡dia do Cyber-shot Viewer.lnk - C:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-07-28 21:21:00]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
VIA RAID TOOL.lnk - C:\Programas\VIA\RAID\raid_tool.exe [2005-08-04 21:45:17]
WinZip Quick Pick.lnk - C:\Programas\WinZip\WZQKPICK.EXE [2005-08-05 22:31:10]
R0 viamraid;viamraid;C:\WINDOWS\System32\DRIVERS\viam raid.sys [2004-03-29 05:45]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2006-10-27 12:17]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs []
S2 DP1112P1112;C:\WINDOWS\System32\Drivers\DP.sys []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\System32\PavSRK.s ys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\System32\DRIVERS\sscdbus.sys [2004-04-08 01:04]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys [2004-04-08 01:04]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\System32\DRIVERS\sscdmdm.sys [2004-04-08 01:04]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Conte£do da pasta 'Tarefas Agendadas'
"2007-12-14 19:01:18 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programas\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 23:25:52
Windows 5.1.2600 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializ veis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
************************************************** ************************
.
Tempo para conclusÆo: 2007-12-25 23:28:22 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-23 11:38





HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:39, on 25-12-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\Programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programas\SPYWAREfighter\spftray.exe
C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Programas\VIA\RAID\raid_tool.exe
C:\Programas\WinZip\WZQKPICK.EXE
C:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.d ll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Programas\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.d ll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Programas\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programas\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = C:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programas\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programas\Sygate\SPF\smc.exe
--
End of file - 5358 bytes

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 2 1 2 >

Bookmarks