Jump to content

Spyware.Passwords.XGen


Recommended Posts

Hello everyone.

Today my computer started to having problems with double accent. I'm from Portugal so I need the accents.

For Example: Instead of Olá (hello in English), I get Ol´´a. Or cão (dog in English), I get a c~~ao.

I scanned with Malwarebytes in safe mode and found that the computer is infected by Spyware.Passwords.XGen

Then after I delete this infection I reboot the computer, but still i'm having the problems with the double accent.

Here is the log of MBAM (It's in Portuguese sorry), and the Hijackthis log.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Versão da base de dados: 7026

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 6.0.2900.5512

05-07-2011 14:46:05

mbam-log-2011-07-05 (14-46-05).txt

Tipo de pesquisa: Completa (C:\|D:\|)

Objectos verificados: 254093

Tempo decorrido: 20 minuto(s), 52 segundo(s)

Processos de memória infectados: 0

módulos de Memória infectados: 0

Chaves do Registo Infectadas: 0

Valores do Registo infectados: 0

Itens de dados do Registo Infectados: 0

Pastas Infectadas: 0

Ficheiros Infectados: 1

Processos de memória infectados:

(Nenhum item malicioso detectado)

módulos de Memória infectados:

(Nenhum item malicioso detectado)

Chaves do Registo Infectadas:

(Nenhum item malicioso detectado)

Valores do Registo infectados:

(Nenhum item malicioso detectado)

Itens de dados do Registo Infectados:

(Nenhum item malicioso detectado)

Pastas Infectadas:

(Nenhum item malicioso detectado)

Ficheiros Infectados:

c:\documents and settings\judite machado\definições locais\temporary internet files\Content.IE5\WBWLLSJF\calc[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:39:24, on 05-07-2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Programas\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Intel\Wireless\Bin\EvtEng.exe

C:\Programas\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ATK0100\HControl.exe

C:\Programas\ASUSTeK\ASUSDVD\PDVDServ.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\Wireless Console 2\wcourier.exe

C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programas\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programas\Intel\Wireless\Bin\EOUWiz.exe

C:\WINDOWS\sm56hlpr.exe

C:\Programas\QuickTime\qttask.exe

C:\Programas\Unlocker\UnlockerAssistant.exe

D:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Programas\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\ASUS\Asus ChkMail\ChkMail.exe

D:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

D:\Programas\HP\Digital Imaging\bin\hpqimzone.exe

D:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programas\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programas\FlashFXP\IEFlash.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\ASUSTeK\ASUSDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Wireless Console 2] C:\Programas\Wireless Console 2\wcourier.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Programas\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [ASUS Live Update] C:\Programas\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\JUDITE~1\DEFINI~1\Temp\woso.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [HP Software Update] D:\Programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [] C:\WINDOWS\Help\xpshim.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [MSC] "c:\Programas\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [{1FF4D915-AEA9-D1D2-0BBE-EB159DBE0467}] "C:\Documents and Settings\Judite Machado\Baap\oxote.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: ASUS ChkMail.lnk = C:\Programas\ASUS\Asus ChkMail\ChkMail.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = D:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programas\Microsoft Office\OFFICE11\ONENOTEM.EXE

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250283082184

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250283038700

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Serviço Google Update (gupdate1c9ca80250a1654) (gupdate1c9ca80250a1654) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programas\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe

--

End of file - 8708 bytes

Could please help me.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal an information stealing trojan.

I would counsel you to disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You will need to change your passwords, and all other sensitive information, but only once your system is deemed clean.

With that said, please do the following.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thanks for the reply.

On a related note. My problem with the double accent disappeared a few days ago. And at the same time I can update MSE which I couldn't when I had the accent problem.

Here are the logs of MBAM, Combofix and Hijackthis

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Versão da base de dados: 7170

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

17-07-2011 7:38:11

mbam-log-2011-07-17 (07-38-11).txt

Tipo de pesquisa: Rápida

Objectos verificados: 170524

Tempo decorrido: 7 minuto(s), 13 segundo(s)

Processos de memória infectados: 0

módulos de Memória infectados: 0

Chaves do Registo Infectadas: 0

Valores do Registo infectados: 0

Itens de dados do Registo Infectados: 0

Pastas Infectadas: 0

Ficheiros Infectados: 0

Processos de memória infectados:

(Nenhum item malicioso detectado)

módulos de Memória infectados:

(Nenhum item malicioso detectado)

Chaves do Registo Infectadas:

(Nenhum item malicioso detectado)

Valores do Registo infectados:

(Nenhum item malicioso detectado)

Itens de dados do Registo Infectados:

(Nenhum item malicioso detectado)

Pastas Infectadas:

(Nenhum item malicioso detectado)

Ficheiros Infectados:

(Nenhum item malicioso detectado)

ComboFix 11-07-17.01 - Judite Machado 17-07-2011 14:39:13.1.2 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.2070.18.1023.437 [GMT 1:00]

Executando de: c:\documents and settings\Judite Machado\Ambiente de trabalho\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrador\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Judite Machado\Application Data\inst.exe

c:\documents and settings\Judite Machado\Application Data\MSA

c:\documents and settings\Judite Machado\WINDOWS

c:\programas\Internet Explorer\SET1153.tmp

c:\programas\Internet Explorer\SET1158.tmp

c:\programas\Internet Explorer\SET3B8.tmp

c:\programas\Internet Explorer\SET3BD.tmp

c:\programas\Internet Explorer\SET461.tmp

c:\programas\Internet Explorer\SET465.tmp

c:\programas\Internet Explorer\SET466.tmp

c:\programas\Internet Explorer\SET46B.tmp

c:\programas\Internet Explorer\SET47C.tmp

c:\programas\Internet Explorer\SET47D.tmp

c:\programas\Internet Explorer\SET47F.tmp

c:\programas\Internet Explorer\SET481.tmp

c:\programas\Internet Explorer\SET482.tmp

c:\programas\Internet Explorer\SET484.tmp

c:\programas\Internet Explorer\SET718.tmp

c:\programas\Internet Explorer\SET71D.tmp

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\skinboxer43.dll

c:\windows\unin0416.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_JHYUIOPEWFJESWEDAD

-------\Legacy_SYNSEND

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-06-17 to 2011-07-17 ))))))))))))))))))))))))))))

.

.

2011-07-17 06:57 . 2011-06-07 07:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D601899-6CAA-42B2-BA11-6A953CFCD9BB}\mpengine.dll

2011-07-16 13:34 . 2011-06-07 07:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-16 04:46 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2011-07-16 04:25 . 2011-07-16 04:25 -------- d-----w- c:\programas\Microsoft Security Client

2011-07-16 04:16 . 2011-07-16 04:16 -------- d-----w- C:\WINSSLog

2011-07-15 12:36 . 2011-07-15 12:36 714 ----a-w- c:\windows\system32\drivers\oddcoykj.dat

2011-07-14 11:58 . 2011-07-14 11:58 -------- d-----w- C:\FOUND.001

2011-07-12 12:45 . 2011-07-12 12:45 -------- d-----w- C:\FOUND.000

2011-07-11 18:22 . 2011-07-11 18:22 1409 ----a-w- c:\windows\QTFont.for

2011-07-10 03:25 . 2011-07-10 03:25 -------- d-----w- c:\documents and settings\Administrador

2011-07-09 04:24 . 2011-07-09 04:24 -------- d-----w- c:\documents and settings\Judite Machado\Application Data\AVG10

2011-07-09 04:23 . 2011-07-09 04:23 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-07-09 04:22 . 2011-07-09 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-07-09 04:16 . 2011-07-09 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-07-04 20:31 . 2011-07-04 20:31 -------- d-----w- c:\programas\AVAST Software

2011-07-04 20:31 . 2011-07-04 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2011-06-21 13:11 . 2011-06-21 13:11 -------- d-----w- C:\__MACOSX

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-06 18:52 . 2010-11-05 22:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52 . 2010-11-05 22:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-06 11:35 . 2004-11-03 10:02 1859072 ----a-w- c:\windows\system32\win32k.sys

2011-05-24 18:14 . 2010-08-25 01:48 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-15 15:12 . 2011-05-15 15:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-02 15:32 . 2006-08-04 10:11 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2004-11-03 10:02 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2004-11-03 10:02 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-26 11:07 . 2004-11-03 10:02 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-04-26 11:07 . 2004-11-03 10:02 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-04-25 14:47 . 2010-11-07 05:57 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-04-21 13:37 . 2004-11-03 10:02 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControl"="c:\windows\ATK0100\HControl.exe" [2006-02-22 106496]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-21 7335936]

"nwiz"="nwiz.exe" [2005-11-21 1519616]

"RemoteControl"="c:\programas\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RTHDCPL"="RTHDCPL.EXE" [2005-09-06 14850560]

"SynTPEnh"="c:\programas\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]

"Wireless Console 2"="c:\programas\Wireless Console 2\wcourier.exe" [2005-10-17 987136]

"IntelZeroConfig"="c:\programas\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]

"IntelWireless"="c:\programas\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]

"EOUApp"="c:\programas\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]

"Power_Gear"="c:\programas\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]

"ASUS Live Update"="c:\programas\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]

"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]

"SMSERIAL"="sm56hlpr.exe" [2005-05-26 544768]

"QuickTime Task"="c:\programas\QuickTime\qttask.exe" [2006-09-01 282624]

"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"UnlockerAssistant"="c:\programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]

"HP Software Update"="d:\programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SunJavaUpdateSched"="c:\programas\Ficheiros comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

"MSC"="c:\programas\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\

ASUS ChkMail.lnk - c:\programas\ASUS\Asus ChkMail\ChkMail.exe [2006-8-4 32768]

HP Digital Imaging Monitor.lnk - d:\programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Inicializa‡Æo r pida do HP Photosmart Premier.lnk - d:\programas\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

Adobe Gamma Loader.lnk - c:\programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-5 113664]

Microsoft Office OneNote 2003 Quick Launch.lnk - c:\programas\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-17 59080]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"ittvzkxbrupvukyjdemkTaskMgr"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\FlashFXP\\FlashFXP.exe"=

"d:\\Programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"d:\\Programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"d:\\Programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"d:\\Programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"d:\\Programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"d:\\Programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"d:\\Programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"d:\\Programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"d:\\Programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"d:\\Programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"d:\\Programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"d:\\Programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"d:\\Programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"d:\\Programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Programas\\eMule\\emule.exe"=

"c:\\Programas\\uTorrent\\uTorrent.exe"=

"c:\\Programas\\SopCast\\adv\\SopAdver.exe"=

"c:\\Programas\\SopCast\\SopCast.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Programas\\SoulseekNS\\slsk.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programas\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Programas\\TVAnts\\Tvants.exe"=

"c:\\Programas\\Windows Media Player\\wmplayer.exe"=

"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26036:TCP"= 26036:TCP:BitComet 26036 TCP

"26036:UDP"= 26036:UDP:BitComet 26036 UDP

"15315:TCP"= 15315:TCP:BitComet 15315 TCP

"15315:UDP"= 15315:UDP:BitComet 15315 UDP

"58302:TCP"= 58302:TCP:Pando P2P TCP Listening Port

"58302:UDP"= 58302:UDP:Pando P2P UDP Listening Port

.

S0 iskfm;iskfm;c:\windows\system32\drivers\nyuy.sys --> c:\windows\system32\drivers\nyuy.sys [?]

S1 MpKsl1a47b648;MpKsl1a47b648;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8853B7E3-CB20-443E-93A8-0D781BBD95C9}\MpKsl1a47b648.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8853B7E3-CB20-443E-93A8-0D781BBD95C9}\MpKsl1a47b648.sys [?]

S1 MpKsl272d053d;MpKsl272d053d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8853B7E3-CB20-443E-93A8-0D781BBD95C9}\MpKsl272d053d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8853B7E3-CB20-443E-93A8-0D781BBD95C9}\MpKsl272d053d.sys [?]

S1 MpKsl36b79914;MpKsl36b79914;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56EFEC73-1BA9-48E8-8A86-ACAB92C9B544}\MpKsl36b79914.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56EFEC73-1BA9-48E8-8A86-ACAB92C9B544}\MpKsl36b79914.sys [?]

S1 MpKsl6eb560fc;MpKsl6eb560fc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{089CE1E4-B309-4737-B1FA-19D7D1A967E4}\MpKsl6eb560fc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{089CE1E4-B309-4737-B1FA-19D7D1A967E4}\MpKsl6eb560fc.sys [?]

S1 MpKsl767e3f69;MpKsl767e3f69;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8853B7E3-CB20-443E-93A8-0D781BBD95C9}\MpKsl767e3f69.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8853B7E3-CB20-443E-93A8-0D781BBD95C9}\MpKsl767e3f69.sys [?]

S1 MpKsl7ce2269d;MpKsl7ce2269d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{089CE1E4-B309-4737-B1FA-19D7D1A967E4}\MpKsl7ce2269d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{089CE1E4-B309-4737-B1FA-19D7D1A967E4}\MpKsl7ce2269d.sys [?]

S1 MpKsl984ca3e3;MpKsl984ca3e3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D861B2-20B9-4098-9FCA-B124A1B04AB3}\MpKsl984ca3e3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D861B2-20B9-4098-9FCA-B124A1B04AB3}\MpKsl984ca3e3.sys [?]

S1 MpKsla5a5bb1b;MpKsla5a5bb1b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D601899-6CAA-42B2-BA11-6A953CFCD9BB}\MpKsla5a5bb1b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D601899-6CAA-42B2-BA11-6A953CFCD9BB}\MpKsla5a5bb1b.sys [?]

S1 MpKslcd80ff48;MpKslcd80ff48;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDBBE07B-3AA5-497B-99C5-89F9548525ED}\MpKslcd80ff48.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDBBE07B-3AA5-497B-99C5-89F9548525ED}\MpKslcd80ff48.sys [?]

S1 MpKsle84bf76c;MpKsle84bf76c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B07EA24F-F9D4-423B-814A-9CFA67BB027A}\MpKsle84bf76c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B07EA24F-F9D4-423B-814A-9CFA67BB027A}\MpKsle84bf76c.sys [?]

S1 MpKslef0c7b5a;MpKslef0c7b5a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{715F9F1E-675B-41DC-B3F3-616D185F760E}\MpKslef0c7b5a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{715F9F1E-675B-41DC-B3F3-616D185F760E}\MpKslef0c7b5a.sys [?]

S1 MpKslff8068c2;MpKslff8068c2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8853B7E3-CB20-443E-93A8-0D781BBD95C9}\MpKslff8068c2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8853B7E3-CB20-443E-93A8-0D781BBD95C9}\MpKslff8068c2.sys [?]

S1 nyoithvm;nyoithvm;\??\c:\windows\system32\drivers\nyoithvm.sys --> c:\windows\system32\drivers\nyoithvm.sys [?]

S2 gupdate1c9ca80250a1654;Serviço Google Update (gupdate1c9ca80250a1654);c:\programas\Google\Update\GoogleUpdate.exe [01-05-2009 18:13 133104]

S3 gupdatem;Serviço Google Update (gupdatem);c:\programas\Google\Update\GoogleUpdate.exe [01-05-2009 18:13 133104]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [13-09-2010 16:38 100480]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [14-11-2007 19:40 34448]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-07-17 c:\windows\Tasks\MpIdleTask.job

- c:\programas\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]

.

2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programas\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]

.

2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programas\Google\Update\GoogleUpdate.exe [2009-05-01 17:13]

.

2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programas\Google\Update\GoogleUpdate.exe [2009-05-01 17:13]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Judite Machado\Application Data\Mozilla\Firefox\Profiles\ttmnmf34.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent

FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\programas\Java\jre6\lib\deploy\jqs\ff

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-WinampAgent - c:\programas\Winamp\winampa.exe

AddRemove-igLoader - c:\programas\igLoader\uninstall.exe

AddRemove-KB913433 - c:\windows\system32\MacroMed\Flash\genuinst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-17 14:56

Windows 5.1.2600 Service Pack 3 FAT NTAPI

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'explorer.exe'(176)

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\programas\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\programas\Intel\Wireless\Bin\EvtEng.exe

c:\programas\Intel\Wireless\Bin\S24EvMon.exe

c:\programas\Java\jre6\bin\jqs.exe

c:\programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\programas\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\RTHDCPL.EXE

c:\windows\sm56hlpr.exe

c:\windows\ATK0100\ATKOSD.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

d:\programas\HP\Digital Imaging\bin\hpqimzone.exe

d:\programas\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-07-17 14:59:40 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-07-17 13:59

.

Pré-execução: 53.074.984.960 bytes livres

Pós execução: 52.980.514.816 bytes livres

.

WindowsXP-KB310994-SP2-Home-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 4C58B49D5A68A3CE90E2482B1EA2F413

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:29:29, on 17-07-2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Programas\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Intel\Wireless\Bin\EvtEng.exe

C:\Programas\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\Programas\ASUSTeK\ASUSDVD\PDVDServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programas\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programas\Intel\Wireless\Bin\EOUWiz.exe

C:\Programas\ASUS\Power4 Gear\BatteryLife.exe

C:\WINDOWS\sm56hlpr.exe

C:\Programas\QuickTime\qttask.exe

D:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Microsoft Security Client\msseces.exe

C:\Programas\ASUS\Asus ChkMail\ChkMail.exe

D:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\System32\svchost.exe

D:\Programas\HP\Digital Imaging\bin\hpqimzone.exe

D:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programas\FlashFXP\IEFlash.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\ASUSTeK\ASUSDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Wireless Console 2] C:\Programas\Wireless Console 2\wcourier.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Programas\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [ASUS Live Update] C:\Programas\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programas\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\Programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [MSC] "c:\Programas\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: ASUS ChkMail.lnk = C:\Programas\ASUS\Asus ChkMail\ChkMail.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Photosmart Premier.lnk = D:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programas\Microsoft Office\OFFICE11\ONENOTEM.EXE

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250283082184

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250283038700

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Serviço Google Update (gupdate1c9ca80250a1654) (gupdate1c9ca80250a1654) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programas\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe

--

End of file - 8367 bytes

Link to post
Share on other sites

  • Staff

Sorry for the delay.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Thanks for taking your time screen317.

Here is the log of ESET Online Scanner

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=e4f9555dba880340ae05ab94867f3243

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-25 01:11:17

# local_time=2011-07-25 02:11:17 (+0000, Hora de Verão de GMT)

# country="Portugal"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 23486828 23486828 0 0

# compatibility_mode=1024 16777215 100 0 64834680 64834680 0 0

# compatibility_mode=5891 16776533 42 87 40044 8423572 0 0

# compatibility_mode=8192 67108863 100 0 1550 1550 0 0

# scanned=97801

# found=0

# cleaned=0

# scan_time=3578

And the contents of Security Check

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 3

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

ESET Online Scanner v3

Microsoft Security Essentials

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 22

Out of date Java installed!

Adobe Flash Player 10.3.181.14

Mozilla Firefox (3.6.12) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java™ 6 Update 22

ESET Online Scanner v3

Restart your computer.

Get the latest version of Java[. Also update Firefox and ensure that you are using version 5.

Next, please visit Windows Update and download all critical updates, including Internet Explorer 8.

Reboot.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.