johreis
2008-06-24, 23:02
Hi there!
i have VIRTUMONDE.
I already run COMBOFIX. here is the log. Can u help me?
ComboFix 08-06-20.4 - JORGE 2008-06-24 21:30:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.268 [GMT 1:00]
Executando de: C:\Documents and Settings\Jorge\Ambiente de trabalho\ComboFix.exe
* Criado um novo ponto de restauro
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jorge\Application Data\macromedia\Flash Player\#SharedObjects\R454787N\www.broadcaster.com
C:\Documents and Settings\Jorge\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Jorge\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\BM93806482.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afnmssku.dll
C:\WINDOWS\system32\bjyaehtt.dll
C:\WINDOWS\system32\bmbjgxdu.ini
C:\WINDOWS\system32\bojcwpuq.ini
C:\WINDOWS\system32\bpvtxefx.dll
C:\WINDOWS\system32\buxalike.dll
C:\WINDOWS\system32\cbwrefrr.ini
C:\WINDOWS\system32\cscfqsxd.ini
C:\WINDOWS\system32\cxdvrtxp.ini
C:\WINDOWS\system32\dflargce.dll
C:\WINDOWS\system32\dgganmex.ini
C:\WINDOWS\system32\dLRAcfii.ini
C:\WINDOWS\system32\dLRAcfii.ini2
C:\WINDOWS\system32\dnncyblw.dll
C:\WINDOWS\system32\dqyatswm.dll
C:\WINDOWS\system32\ekilaxub.ini
C:\WINDOWS\system32\eldypgbd.dll
C:\WINDOWS\system32\emyqdikf.ini
C:\WINDOWS\system32\fuxsbpvf.dll
C:\WINDOWS\system32\glepaibd.ini
C:\WINDOWS\system32\gtscmihh.ini
C:\WINDOWS\system32\iifeecDs.dll
C:\WINDOWS\system32\jsponnuj.ini
C:\WINDOWS\system32\lajdkwqu.dll
C:\WINDOWS\system32\LkjTCccf.ini
C:\WINDOWS\system32\LkjTCccf.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfnwpuwu.ini
C:\WINDOWS\system32\mlfsyvrr.ini
C:\WINDOWS\system32\mqptondp.ini
C:\WINDOWS\system32\ncnaixag.ini
C:\WINDOWS\system32\necpinid.ini
C:\WINDOWS\system32\oejxjqmu.ini
C:\WINDOWS\system32\ogkxgmiu.ini
C:\WINDOWS\system32\OnXIPXyb.ini
C:\WINDOWS\system32\OnXIPXyb.ini2
C:\WINDOWS\system32\pcmlcunk.ini
C:\WINDOWS\system32\pefyftin.ini
C:\WINDOWS\system32\pjjksujb.ini
C:\WINDOWS\system32\qffrgyhh.ini
C:\WINDOWS\system32\qinmfqor.dll
C:\WINDOWS\system32\qlkficvh.dll
C:\WINDOWS\system32\rkwvdxwb.ini
C:\WINDOWS\system32\rkysptrb.ini
C:\WINDOWS\system32\rrvysflm.dll
C:\WINDOWS\system32\ssrmknea.ini
C:\WINDOWS\system32\tuFLonnn.ini
C:\WINDOWS\system32\tuFLonnn.ini2
C:\WINDOWS\system32\ukuunllw.dll
C:\WINDOWS\system32\uqwkdjal.ini
C:\WINDOWS\system32\userini.exe
C:\WINDOWS\system32\vbeggvee.ini
C:\WINDOWS\system32\vltvfekc.ini
C:\WINDOWS\system32\vomdlwkk.ini
C:\WINDOWS\system32\VuDKknnn.ini
C:\WINDOWS\system32\VuDKknnn.ini2
C:\WINDOWS\system32\VyIOonmp.ini
C:\WINDOWS\system32\VyIOonmp.ini2
C:\WINDOWS\system32\wgoqines.ini
C:\WINDOWS\system32\wocboelp.ini
C:\WINDOWS\system32\WxGfgMoq.ini
C:\WINDOWS\system32\WxGfgMoq.ini2
C:\WINDOWS\system32\wydnrctb.ini
C:\WINDOWS\system32\xmkfesed.ini
C:\WINDOWS\system32\xxcghqai.dll
.
((((((((((((((((((((((( Ficheiros criados de 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))))
.
2008-06-24 20:35 . 2008-06-24 20:35 81,920 --a------ C:\WINDOWS\system32\gaxiancn.dll
2008-06-24 20:33 . 2008-06-24 20:33 99,840 --a------ C:\WINDOWS\system32\pkfvpwfw.dll
2008-06-24 20:33 . 2008-06-24 20:33 91,136 --a------ C:\WINDOWS\system32\dkphpehg.dll
2008-06-24 20:32 . 322,560 C:\WINDOWS\system32\fccCTjkL.dll_old
2008-06-23 19:07 . 2008-06-23 19:07 81,408 --a------ C:\WINDOWS\system32\hhimcstg.dll
2008-06-23 19:06 . 2008-06-23 19:06 105,984 --a------ C:\WINDOWS\system32\ukqnxegv.dll
2008-06-23 19:06 . 2008-06-23 19:06 91,136 --a------ C:\WINDOWS\system32\tbgfmqjh.dll
2008-06-22 23:57 . 2008-06-22 23:57 80,384 --a------ C:\WINDOWS\system32\bwxdvwkr.dll
2008-06-22 23:54 . 2008-06-22 23:54 99,328 --a------ C:\WINDOWS\system32\yvmtxnsl.dll
2008-06-22 23:53 . 2008-06-22 23:53 90,624 --a------ C:\WINDOWS\system32\rxurbgbv.dll
2008-06-21 14:28 . 2008-06-21 14:28 99,328 --a------ C:\WINDOWS\system32\hwqxtiax.dll
2008-06-21 14:23 . 2008-06-21 14:23 90,112 --a------ C:\WINDOWS\system32\vyqscmdt.dll
2008-06-21 14:22 . 2008-06-21 14:22 90,112 --a------ C:\WINDOWS\system32\rbrjywem.dll
2008-06-20 12:52 . 2008-06-20 12:52 90,112 --a------ C:\WINDOWS\system32\beiqsmqq.dll
2008-06-17 23:54 . 2008-06-17 23:54 1,510,088 ---hs---- C:\WINDOWS\system32\wgoqines.tmp
2008-05-27 19:44 . 2008-05-27 19:44 0 --a------ C:\WINDOWS\VPC32.INI
2008-05-27 16:49 . 2008-06-24 21:47 0 --a------ C:\WINDOWS\system32\NvwsApps.xml
2008-05-27 16:01 . 2008-05-27 16:01 23 --a------ C:\WINDOWS\system32\ddedceab_z.ocx
2008-05-27 16:01 . 2008-05-27 16:01 23 --ahs---- C:\WINDOWS\system32\bdbafbebf0_z.dll
2008-05-26 17:46 . 2008-05-26 22:33 <DIR> d-------- C:\Programas\Your Uninstaller 2006
2008-05-26 17:46 . 2008-05-26 17:46 <DIR> d-------- C:\Documents and Settings\Jorge\Application Data\URSoft
.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 20:44 --------- d-----w C:\Programas\Symantec AntiVirus
2008-06-24 20:38 --------- d-----w C:\Documents and Settings\Jorge\Application Data\Skype
2008-05-27 15:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 18:06 --------- d-----w C:\Documents and Settings\Administrador\Application Data\Skype
2008-05-26 17:58 --------- d-----w C:\Programas\Ficheiros comuns\Symantec Shared
2008-05-26 15:45 --------- d--h--w C:\Programas\InstallShield Installation Information
2008-05-26 15:37 --------- d-----w C:\Programas\Ficheiros comuns\Autodesk Shared
2008-05-26 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-25 19:12 --------- d-----w C:\Programas\MODEM MF622
2008-05-20 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-20 21:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-20 21:46 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-05-17 12:46 127,488 ----a-w C:\WINDOWS\system32\jvvvqowy.dll
2008-05-17 01:20 7,839 ----a-w C:\is154232.exe
2008-05-17 00:52 --------- d-----w C:\Documents and Settings\Administrador\Application Data\Apple Computer
2008-05-08 20:10 --------- d-----w C:\Programas\Ficheiros comuns\Adobe
2008-05-08 20:08 --------- d-----w C:\Documents and Settings\Administrador\Application Data\AdobeUM
2008-05-05 20:58 --------- d-----w C:\Documents and Settings\Administrador\Application Data\Corel
2008-05-05 20:57 --------- d-----w C:\Documents and Settings\Administrador\Application Data\Nokia
2008-05-05 20:53 --------- d-----w C:\Documents and Settings\Administrador\Application Data\PC Suite
2008-04-28 16:32 --------- d-----w C:\Documents and Settings\Administrador\Application Data\Autodesk
2008-04-26 04:04 --------- d-----w C:\Documents and Settings\Jorge\Application Data\Apple Computer
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2007-09-03 18:07 81,920 ----a-w C:\Documents and Settings\Jorge\Application Data\ezpinst.exe
2007-09-03 18:07 47,360 ----a-w C:\Documents and Settings\Jorge\Application Data\pcouffin.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0390BF04-4AE7-490C-A1E6-752AA9CA6025}]
C:\WINDOWS\system32\nnnoLFut.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54A0E168-A757-4F8C-87C9-577901EC3057}]
C:\WINDOWS\system32\pmnoOIyV.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F0374C0-D47A-42D2-BC22-44FF45CB0023}]
C:\WINDOWS\system32\iifcARLd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AF55F7-F551-464E-AE23-581254314828}]
C:\WINDOWS\system32\fccCTjkL.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA0566EA-BFEB-45F1-A6D0-53C70F583032}]
C:\WINDOWS\system32\byXPIXnO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4A02126-D9CC-4F6F-A7B1-16EDA778B872}]
C:\WINDOWS\system32\nnnkKDuV.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3913f79-8f59-4fb4-95b5-6c07d816a08c}]
2008-06-24 20:33 99840 --a------ C:\WINDOWS\system32\pkfvpwfw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5F13FD5-B6F2-4BDC-AB72-7F7655220879}]
C:\WINDOWS\system32\qoMgfGxW.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programas\MSN Messenger\MsnMsgr.Exe" [2007-07-09 16:16 5674352]
"Skype"="C:\Programas\Skype\Phone\Skype.exe" [2007-08-17 03:45 23120680]
"googletalk"="C:\Programas\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe" [2004-02-29 16:44 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18 124128]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 11:00 159744]
"90b3571e"="C:\WINDOWS\system32\gaxiancn.dll" [2008-06-24 20:35 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-25 07:32 7340032]
"BM93806482"="C:\WINDOWS\system32\dkphpehg.dll" [2008-06-24 20:33 91136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00 15360]
"DWQueuedReporting"="c:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
"Nokia.PCSync"="C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-05-05 17:48 40448 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
TosBtNP.dll 2006-07-21 19:54 65536 C:\WINDOWS\system32\TosBtNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ukqnxegv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1645522239-725345543-1184\Scripts\Logon\0\0]
"Script"=\\ERT.LOCAL\sysvol\ERT.LOCAL\scripts\LimpaTempInsImp.BAT
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1645522239-725345543-1184\Scripts\Logon\0\1]
"Script"=\\ERT.LOCAL\sysvol\ERT.LOCAL\scripts\RegSetChange.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1645522239-725345543-3184\Scripts\Logon\0\0]
"Script"=\\ERT.LOCAL\sysvol\ERT.LOCAL\scripts\LimpaTempInsImp.BAT
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1645522239-725345543-3184\Scripts\Logon\0\1]
"Script"=\\ERT.LOCAL\sysvol\ERT.LOCAL\scripts\RegSetChange.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1645522239-725345543-500\Scripts\Logon\0\0]
"Script"=\\ERT.LOCAL\sysvol\ERT.LOCAL\scripts\LimpaTempInsImp.BAT
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1645522239-725345543-500\Scripts\Logon\0\1]
"Script"=\\ERT.LOCAL\sysvol\ERT.LOCAL\scripts\RegSetChange.bat
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
--a------ 2001-06-23 04:28 24576 C:\WINDOWS\system32\000StTHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
--a------ 2006-08-11 08:14 253952 C:\WINDOWS\system32\00THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\90b3571e]
--a------ 2008-06-23 19:07 81408 C:\WINDOWS\system32\hhimcstg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-12-13 07:50 88204 C:\WINDOWS\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-04 02:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-03-23 22:40 196608 C:\Programas\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM93806482]
--a------ 2008-06-23 19:06 91136 C:\WINDOWS\system32\tbgfmqjh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 11:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-10-06 05:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpUtil]
--a------ 2005-08-08 16:02 155648 C:\Programas\TOSHIBA\DualPointUtility\TEDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 C:\Programas\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-08-02 01:32 696320 C:\Programas\Intel\Wireless\Bin\ifrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-08-02 01:38 802816 C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kraidman]
--a------ 2006-09-18 12:33 1093710 C:\Programas\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
--a------ 2007-04-08 17:44 303104 C:\Programas\Essentials Codec Pack\update.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-07-25 07:32 7340032 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRotateSysTray]
--a------ 2006-07-25 07:32 49152 C:\WINDOWS\system32\nvsysrot.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-25 07:32 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
--a------ 2006-05-05 17:36 30208 C:\Programas\Protector Suite QL\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Programas\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-17 02:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Programas\TOSHIBA\Utilitário de Zooming da TOSHIBA\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAudEffect]
--a------ 2006-08-09 19:48 344144 C:\Programas\TOSHIBA\TAudEffect\TAudEff.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
--a------ 2006-04-10 18:14 622592 C:\WINDOWS\system32\TFNF5.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThpSrv]
C:\WINDOWS\system32\thpsrv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-02 01:34 185896 C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMERzCtl.EXE]
--a------ 2006-09-01 13:22 90112 C:\Programas\TOSHIBA\TME3\TMERzCtl.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMESRV.EXE]
--a------ 2006-01-19 19:55 118784 C:\Programas\TOSHIBA\TME3\TMESRV31.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-02-14 12:58 3977128 C:\Programas\TomTom HOME\TomTomHOME.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2005-04-12 13:10 65536 C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSDCR]
--a------ 2005-12-12 18:54 57344 C:\WINDOWS\system32\TOSDCR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosHKCW.exe]
--a------ 2005-05-17 11:42 49152 C:\Programas\TOSHIBA\Wireless Hotkey\TosHKCW.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2006-09-18 15:29 299008 C:\WINDOWS\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSODDCtl]
--a------ 2006-09-18 15:29 102400 C:\WINDOWS\system32\TPSODDCtl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\unsrvc]
C:\WINDOWS\system32\unsrvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Programas\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM93806482"=Rundll32.exe "C:\WINDOWS\system32\dkphpehg.dll",s
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programas\\Toshiba\\ConfigFree\\CFXFER.exe"=
"C:\\Programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programas\\MSN Messenger\\livecall.exe"=
"C:\\Programas\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13107:UDP"= 13107:UDP:Print Server Utility
"69:UDP"= 69:UDP:Print Server Utility
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2006-07-11 20:09]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 12:24]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 12:08]
R2 FdRedir;FdRedir;C:\Programas\Ficheiros comuns\Protector Suite QL\Drivers\FdRedir.sys [2006-05-05 18:00]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Programas\Ficheiros comuns\Protector Suite QL\Drivers\filedisk.sys [2006-05-05 17:59]
R2 smihlp;SMI helper driver;C:\Programas\Protector Suite QL\smihlp.sys [2006-05-05 17:33]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 13:26]
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2006-04-28 11:29]
S3 sffp_mmc;SFF - Controlador de protocolo de armazenamento para MMC;C:\WINDOWS\system32\DRIVERS\sffp_mmc.sys [2006-01-13 12:21]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26a76d24-2a74-11dd-9146-0018dea8d012}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26a76d25-2a74-11dd-9146-0018dea8d012}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6033989e-50cf-11dc-8f89-0018dea8d012}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{603398a0-50cf-11dc-8f89-0018dea8d012}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d4e9c86-f2c0-11dc-90cb-0018dea8d012}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8928b93-a1e5-11dc-9048-00037afe6d71}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
.
Conte£do da pasta 'Tarefas Agendadas'
"2008-06-24 20:47:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programas\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 21:44:49
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializ veis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\gaxiancn.dll
-> C:\WINDOWS\system32\dkphpehg.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programas\Windows Defender\MsMpEng.exe
C:\Programas\Intel\Wireless\Bin\EvtEng.exe
C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programas\Toshiba\ConfigFree\CFSvcs.exe
C:\Programas\Cisco Systems\VPN Client\cvpnd.exe
C:\Programas\Symantec AntiVirus\DefWatch.exe
C:\Programas\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programas\Toshiba\TOSHIBA RAID\Service\krdevctl.exe
C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
C:\Programas\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\SupportAppPT\ztemon.exe
C:\Programas\Toshiba\TME3\TMEEJME.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-06-24 21:55:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-24 20:55:41
Pre-Run: 6,788,673,536 bytes livres
Post-Run: 8,481,513,472 bytes livres
374 --- E O F --- 2008-05-16 16:17:48
i have VIRTUMONDE.
I already run COMBOFIX. here is the log. Can u help me?
ComboFix 08-06-20.4 - JORGE 2008-06-24 21:30:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.268 [GMT 1:00]
Executando de: C:\Documents and Settings\Jorge\Ambiente de trabalho\ComboFix.exe
* Criado um novo ponto de restauro
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jorge\Application Data\macromedia\Flash Player\#SharedObjects\R454787N\www.broadcaster.com
C:\Documents and Settings\Jorge\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Jorge\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\BM93806482.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afnmssku.dll
C:\WINDOWS\system32\bjyaehtt.dll
C:\WINDOWS\system32\bmbjgxdu.ini
C:\WINDOWS\system32\bojcwpuq.ini
C:\WINDOWS\system32\bpvtxefx.dll
C:\WINDOWS\system32\buxalike.dll
C:\WINDOWS\system32\cbwrefrr.ini
C:\WINDOWS\system32\cscfqsxd.ini
C:\WINDOWS\system32\cxdvrtxp.ini
C:\WINDOWS\system32\dflargce.dll
C:\WINDOWS\system32\dgganmex.ini
C:\WINDOWS\system32\dLRAcfii.ini
C:\WINDOWS\system32\dLRAcfii.ini2
C:\WINDOWS\system32\dnncyblw.dll
C:\WINDOWS\system32\dqyatswm.dll
C:\WINDOWS\system32\ekilaxub.ini
C:\WINDOWS\system32\eldypgbd.dll
C:\WINDOWS\system32\emyqdikf.ini
C:\WINDOWS\system32\fuxsbpvf.dll
C:\WINDOWS\system32\glepaibd.ini
C:\WINDOWS\system32\gtscmihh.ini
C:\WINDOWS\system32\iifeecDs.dll
C:\WINDOWS\system32\jsponnuj.ini
C:\WINDOWS\system32\lajdkwqu.dll
C:\WINDOWS\system32\LkjTCccf.ini
C:\WINDOWS\system32\LkjTCccf.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfnwpuwu.ini
C:\WINDOWS\system32\mlfsyvrr.ini
C:\WINDOWS\system32\mqptondp.ini
C:\WINDOWS\system32\ncnaixag.ini
C:\WINDOWS\system32\necpinid.ini
C:\WINDOWS\system32\oejxjqmu.ini
C:\WINDOWS\system32\ogkxgmiu.ini
C:\WINDOWS\system32\OnXIPXyb.ini
C:\WINDOWS\system32\OnXIPXyb.ini2
C:\WINDOWS\system32\pcmlcunk.ini
C:\WINDOWS\system32\pefyftin.ini
C:\WINDOWS\system32\pjjksujb.ini
C:\WINDOWS\system32\qffrgyhh.ini
C:\WINDOWS\system32\qinmfqor.dll
C:\WINDOWS\system32\qlkficvh.dll
C:\WINDOWS\system32\rkwvdxwb.ini
C:\WINDOWS\system32\rkysptrb.ini
C:\WINDOWS\system32\rrvysflm.dll
C:\WINDOWS\system32\ssrmknea.ini
C:\WINDOWS\system32\tuFLonnn.ini
C:\WINDOWS\system32\tuFLonnn.ini2
C:\WINDOWS\system32\ukuunllw.dll
C:\WINDOWS\system32\uqwkdjal.ini
C:\WINDOWS\system32\userini.exe
C:\WINDOWS\system32\vbeggvee.ini
C:\WINDOWS\system32\vltvfekc.ini
C:\WINDOWS\system32\vomdlwkk.ini
C:\WINDOWS\system32\VuDKknnn.ini
C:\WINDOWS\system32\VuDKknnn.ini2
C:\WINDOWS\system32\VyIOonmp.ini
C:\WINDOWS\system32\VyIOonmp.ini2
C:\WINDOWS\system32\wgoqines.ini
C:\WINDOWS\system32\wocboelp.ini
C:\WINDOWS\system32\WxGfgMoq.ini
C:\WINDOWS\system32\WxGfgMoq.ini2
C:\WINDOWS\system32\wydnrctb.ini
C:\WINDOWS\system32\xmkfesed.ini
C:\WINDOWS\system32\xxcghqai.dll
.
((((((((((((((((((((((( Ficheiros criados de 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))))
.
2008-06-24 20:35 . 2008-06-24 20:35 81,920 --a------ C:\WINDOWS\system32\gaxiancn.dll
2008-06-24 20:33 . 2008-06-24 20:33 99,840 --a------ C:\WINDOWS\system32\pkfvpwfw.dll
2008-06-24 20:33 . 2008-06-24 20:33 91,136 --a------ C:\WINDOWS\system32\dkphpehg.dll
2008-06-24 20:32 . 322,560 C:\WINDOWS\system32\fccCTjkL.dll_old
2008-06-23 19:07 . 2008-06-23 19:07 81,408 --a------ C:\WINDOWS\system32\hhimcstg.dll
2008-06-23 19:06 . 2008-06-23 19:06 105,984 --a------ C:\WINDOWS\system32\ukqnxegv.dll
2008-06-23 19:06 . 2008-06-23 19:06 91,136 --a------ C:\WINDOWS\system32\tbgfmqjh.dll
2008-06-22 23:57 . 2008-06-22 23:57 80,384 --a------ C:\WINDOWS\system32\bwxdvwkr.dll
2008-06-22 23:54 . 2008-06-22 23:54 99,328 --a------ C:\WINDOWS\system32\yvmtxnsl.dll
2008-06-22 23:53 . 2008-06-22 23:53 90,624 --a------ C:\WINDOWS\system32\rxurbgbv.dll
2008-06-21 14:28 . 2008-06-21 14:28 99,328 --a------ C:\WINDOWS\system32\hwqxtiax.dll
2008-06-21 14:23 . 2008-06-21 14:23 90,112 --a------ C:\WINDOWS\system32\vyqscmdt.dll
2008-06-21 14:22 . 2008-06-21 14:22 90,112 --a------ C:\WINDOWS\system32\rbrjywem.dll
2008-06-20 12:52 . 2008-06-20 12:52 90,112 --a------ C:\WINDOWS\system32\beiqsmqq.dll
2008-06-17 23:54 . 2008-06-17 23:54 1,510,088 ---hs---- C:\WINDOWS\system32\wgoqines.tmp
2008-05-27 19:44 . 2008-05-27 19:44 0 --a------ C:\WINDOWS\VPC32.INI
2008-05-27 16:49 . 2008-06-24 21:47 0 --a------ C:\WINDOWS\system32\NvwsApps.xml
2008-05-27 16:01 . 2008-05-27 16:01 23 --a------ C:\WINDOWS\system32\ddedceab_z.ocx
2008-05-27 16:01 . 2008-05-27 16:01 23 --ahs---- C:\WINDOWS\system32\bdbafbebf0_z.dll
2008-05-26 17:46 . 2008-05-26 22:33 <DIR> d-------- C:\Programas\Your Uninstaller 2006
2008-05-26 17:46 . 2008-05-26 17:46 <DIR> d-------- C:\Documents and Settings\Jorge\Application Data\URSoft
.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 20:44 --------- d-----w C:\Programas\Symantec AntiVirus
2008-06-24 20:38 --------- d-----w C:\Documents and Settings\Jorge\Application Data\Skype
2008-05-27 15:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 18:06 --------- d-----w C:\Documents and Settings\Administrador\Application Data\Skype
2008-05-26 17:58 --------- d-----w C:\Programas\Ficheiros comuns\Symantec Shared
2008-05-26 15:45 --------- d--h--w C:\Programas\InstallShield Installation Information
2008-05-26 15:37 --------- d-----w C:\Programas\Ficheiros comuns\Autodesk Shared
2008-05-26 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-25 19:12 --------- d-----w C:\Programas\MODEM MF622
2008-05-20 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-20 21:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-20 21:46 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-05-17 12:46 127,488 ----a-w C:\WINDOWS\system32\jvvvqowy.dll
2008-05-17 01:20 7,839 ----a-w C:\is154232.exe
2008-05-17 00:52 --------- d-----w C:\Documents and Settings\Administrador\Application Data\Apple Computer
2008-05-08 20:10 --------- d-----w C:\Programas\Ficheiros comuns\Adobe
2008-05-08 20:08 --------- d-----w C:\Documents and Settings\Administrador\Application Data\AdobeUM
2008-05-05 20:58 --------- d-----w C:\Documents and Settings\Administrador\Application Data\Corel
2008-05-05 20:57 --------- d-----w C:\Documents and Settings\Administrador\Application Data\Nokia
2008-05-05 20:53 --------- d-----w C:\Documents and Settings\Administrador\Application Data\PC Suite
2008-04-28 16:32 --------- d-----w C:\Documents and Settings\Administrador\Application Data\Autodesk
2008-04-26 04:04 --------- d-----w C:\Documents and Settings\Jorge\Application Data\Apple Computer
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2007-09-03 18:07 81,920 ----a-w C:\Documents and Settings\Jorge\Application Data\ezpinst.exe
2007-09-03 18:07 47,360 ----a-w C:\Documents and Settings\Jorge\Application Data\pcouffin.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0390BF04-4AE7-490C-A1E6-752AA9CA6025}]
C:\WINDOWS\system32\nnnoLFut.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54A0E168-A757-4F8C-87C9-577901EC3057}]
C:\WINDOWS\system32\pmnoOIyV.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F0374C0-D47A-42D2-BC22-44FF45CB0023}]
C:\WINDOWS\system32\iifcARLd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AF55F7-F551-464E-AE23-581254314828}]
C:\WINDOWS\system32\fccCTjkL.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA0566EA-BFEB-45F1-A6D0-53C70F583032}]
C:\WINDOWS\system32\byXPIXnO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4A02126-D9CC-4F6F-A7B1-16EDA778B872}]
C:\WINDOWS\system32\nnnkKDuV.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3913f79-8f59-4fb4-95b5-6c07d816a08c}]
2008-06-24 20:33 99840 --a------ C:\WINDOWS\system32\pkfvpwfw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5F13FD5-B6F2-4BDC-AB72-7F7655220879}]
C:\WINDOWS\system32\qoMgfGxW.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programas\MSN Messenger\MsnMsgr.Exe" [2007-07-09 16:16 5674352]
"Skype"="C:\Programas\Skype\Phone\Skype.exe" [2007-08-17 03:45 23120680]
"googletalk"="C:\Programas\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe" [2004-02-29 16:44 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18 124128]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 11:00 159744]
"90b3571e"="C:\WINDOWS\system32\gaxiancn.dll" [2008-06-24 20:35 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-25 07:32 7340032]
"BM93806482"="C:\WINDOWS\system32\dkphpehg.dll" [2008-06-24 20:33 91136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 11:00 15360]
"DWQueuedReporting"="c:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
"Nokia.PCSync"="C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-05-05 17:48 40448 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
TosBtNP.dll 2006-07-21 19:54 65536 C:\WINDOWS\system32\TosBtNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ukqnxegv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1645522239-725345543-1184\Scripts\Logon\0\0]
"Script"=\\ERT.LOCAL\sysvol\ERT.LOCAL\scripts\LimpaTempInsImp.BAT
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1645522239-725345543-1184\Scripts\Logon\0\1]
"Script"=\\ERT.LOCAL\sysvol\ERT.LOCAL\scripts\RegSetChange.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1645522239-725345543-3184\Scripts\Logon\0\0]
"Script"=\\ERT.LOCAL\sysvol\ERT.LOCAL\scripts\LimpaTempInsImp.BAT
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1645522239-725345543-3184\Scripts\Logon\0\1]
"Script"=\\ERT.LOCAL\sysvol\ERT.LOCAL\scripts\RegSetChange.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1645522239-725345543-500\Scripts\Logon\0\0]
"Script"=\\ERT.LOCAL\sysvol\ERT.LOCAL\scripts\LimpaTempInsImp.BAT
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-602162358-1645522239-725345543-500\Scripts\Logon\0\1]
"Script"=\\ERT.LOCAL\sysvol\ERT.LOCAL\scripts\RegSetChange.bat
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
--a------ 2001-06-23 04:28 24576 C:\WINDOWS\system32\000StTHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
--a------ 2006-08-11 08:14 253952 C:\WINDOWS\system32\00THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\90b3571e]
--a------ 2008-06-23 19:07 81408 C:\WINDOWS\system32\hhimcstg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-12-13 07:50 88204 C:\WINDOWS\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-04 02:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-03-23 22:40 196608 C:\Programas\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM93806482]
--a------ 2008-06-23 19:06 91136 C:\WINDOWS\system32\tbgfmqjh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 11:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-10-06 05:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpUtil]
--a------ 2005-08-08 16:02 155648 C:\Programas\TOSHIBA\DualPointUtility\TEDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 C:\Programas\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2006-08-02 01:32 696320 C:\Programas\Intel\Wireless\Bin\ifrmewrk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2006-08-02 01:38 802816 C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kraidman]
--a------ 2006-09-18 12:33 1093710 C:\Programas\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
--a------ 2007-04-08 17:44 303104 C:\Programas\Essentials Codec Pack\update.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-07-25 07:32 7340032 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRotateSysTray]
--a------ 2006-07-25 07:32 49152 C:\WINDOWS\system32\nvsysrot.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-25 07:32 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 C:\Programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
--a------ 2006-05-05 17:36 30208 C:\Programas\Protector Suite QL\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Programas\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-17 02:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Programas\TOSHIBA\Utilitário de Zooming da TOSHIBA\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Programas\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAudEffect]
--a------ 2006-08-09 19:48 344144 C:\Programas\TOSHIBA\TAudEffect\TAudEff.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
--a------ 2006-04-10 18:14 622592 C:\WINDOWS\system32\TFNF5.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThpSrv]
C:\WINDOWS\system32\thpsrv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-02 01:34 185896 C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMERzCtl.EXE]
--a------ 2006-09-01 13:22 90112 C:\Programas\TOSHIBA\TME3\TMERzCtl.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMESRV.EXE]
--a------ 2006-01-19 19:55 118784 C:\Programas\TOSHIBA\TME3\TMESRV31.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-02-14 12:58 3977128 C:\Programas\TomTom HOME\TomTomHOME.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2005-04-12 13:10 65536 C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSDCR]
--a------ 2005-12-12 18:54 57344 C:\WINDOWS\system32\TOSDCR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosHKCW.exe]
--a------ 2005-05-17 11:42 49152 C:\Programas\TOSHIBA\Wireless Hotkey\TosHKCW.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2006-09-18 15:29 299008 C:\WINDOWS\system32\TPSMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSODDCtl]
--a------ 2006-09-18 15:29 102400 C:\WINDOWS\system32\TPSODDCtl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\unsrvc]
C:\WINDOWS\system32\unsrvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Programas\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM93806482"=Rundll32.exe "C:\WINDOWS\system32\dkphpehg.dll",s
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programas\\Toshiba\\ConfigFree\\CFXFER.exe"=
"C:\\Programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programas\\MSN Messenger\\livecall.exe"=
"C:\\Programas\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:Print Server Utility
"13107:UDP"= 13107:UDP:Print Server Utility
"69:UDP"= 69:UDP:Print Server Utility
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2006-07-11 20:09]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 12:24]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 12:08]
R2 FdRedir;FdRedir;C:\Programas\Ficheiros comuns\Protector Suite QL\Drivers\FdRedir.sys [2006-05-05 18:00]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Programas\Ficheiros comuns\Protector Suite QL\Drivers\filedisk.sys [2006-05-05 17:59]
R2 smihlp;SMI helper driver;C:\Programas\Protector Suite QL\smihlp.sys [2006-05-05 17:33]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 13:26]
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2006-04-28 11:29]
S3 sffp_mmc;SFF - Controlador de protocolo de armazenamento para MMC;C:\WINDOWS\system32\DRIVERS\sffp_mmc.sys [2006-01-13 12:21]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26a76d24-2a74-11dd-9146-0018dea8d012}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26a76d25-2a74-11dd-9146-0018dea8d012}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6033989e-50cf-11dc-8f89-0018dea8d012}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{603398a0-50cf-11dc-8f89-0018dea8d012}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d4e9c86-f2c0-11dc-90cb-0018dea8d012}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8928b93-a1e5-11dc-9048-00037afe6d71}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
.
Conte£do da pasta 'Tarefas Agendadas'
"2008-06-24 20:47:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programas\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 21:44:49
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializ veis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\gaxiancn.dll
-> C:\WINDOWS\system32\dkphpehg.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programas\Windows Defender\MsMpEng.exe
C:\Programas\Intel\Wireless\Bin\EvtEng.exe
C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programas\Toshiba\ConfigFree\CFSvcs.exe
C:\Programas\Cisco Systems\VPN Client\cvpnd.exe
C:\Programas\Symantec AntiVirus\DefWatch.exe
C:\Programas\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programas\Toshiba\TOSHIBA RAID\Service\krdevctl.exe
C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
C:\Programas\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\SupportAppPT\ztemon.exe
C:\Programas\Toshiba\TME3\TMEEJME.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programas\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-06-24 21:55:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-24 20:55:41
Pre-Run: 6,788,673,536 bytes livres
Post-Run: 8,481,513,472 bytes livres
374 --- E O F --- 2008-05-16 16:17:48