PDA

View Full Version : "Total Security" infection (inactive - No service packs)



Dragaodacampineira
2009-08-27, 22:44
Hi!
Sorry for taking too long to answer before. Not going to happen twice. I still need and would appreciate very much any assistance in cleaning this pest from my pc.
The old thread is here:
http://forums.spybot.info/showthread.php?t=51009 (Thanks, Katana!)
I created a new HJT log, following directions:
Once again, thanks too much for your precious time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:11:13, on 27/8/2001
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\WindowsXP\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

&http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.hotmail.com/
O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} -

C:\ARQUIV~1\IG\igshop.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} -

C:\ARQUIV~1\IG\igshop.dll (file missing)
O4 - HKLM\..\Run: [Eac_Download] C:\Arquivos de programas\Arquivos

comuns\eAcceleration\download.exe -k
O4 - HKLM\..\Run: [Sysres] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [regtmlp] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de

programas\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Arquivos de programas\Kazaa\kazaa.exe

/SYSTRAY
O4 - HKLM\..\Run: [HotVideo_br] c:\program

files\dialers\hotvideo_br\hotvideo_br.exe /noconnect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [odby] C:\WINDOWS\odb.exe
O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKLM\..\Run: [13843124] C:\Documents and Settings\All Users\Dados

de aplicativos\13843124\13843124.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE]

"C:\DOCUME~1\WINDOW~1\CONFIG~1\Temp\DELDIR0.EXE" "C:\Arquivos de

programas\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [UltraDiscador iBest] "C:\Arquivos de

programas\UltraDiscador iBest\autoupdate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de

programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de

programas\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run:

[CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [Le

Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit

Robert\prhyper.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run:

[UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
O4 -

HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\RunServices:

[UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

(User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de

programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk =

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel -

res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de

programas\Messenger\MSMSGS.EXE
O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D}

- C:\ARQUIV~1\IG\igshop.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF:

SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

--
End of file - 4568 bytes

katana
2009-08-31, 17:03
Dragaodacampineira,

Firstly, you didn't answer the question I asked in my first post to you.


Is there a reason that you have never updated XP ?

As it happens, the log you posted answers it for you.

You are using an XP key that is blocked by Microsoft due to the fact that it is freely available on the net.

I suggest you either reformat/reinstall every time you have problems, or contact Microsoft and obtain a legal copy of XP.

http://www.microsoft.com/presspass/press/2005/jul05/07-25WGA1PR.mspx