Hardware.com.pt

O Forum do Hardware.com.pt ainda se encontra em mudanças!

Ir para o conteúdo

AdWare.Win32.Virtumonde.gen (adware)

Num mundo de vírus, spyware e bugs nada como estar informado

Moderadores: Administradores, Moderadores

Responder

AdWare.Win32.Virtumonde.gen (adware)

Mensagempor ljamoreira » Terça Mar 18, 2008 22:04

Boa noite ......ppl preciso de ajuda.........tenho qualquer coisa no PC:
:oops:


AdWare.Win32.Virtumonde.gen (adware) :evil:
C:\WINDOWS\system32\tsrkljms.dll :twisted:


Por favor analizem meu Logs ( comboFix e HijackThis )







comboFix 08-03-14.4 - Leónidas Moreira 2008-03-16 21:35:14.2 - NTFSx86
Executando de: C:\Documents and Settings\Leónidas Moreira\Ambiente de trabalho\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
.
---- Previous Run -------
.
C:\WINDOWS\BM8f47ac82. xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\services.exe
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bbadd.ini2
C:\WINDOWS\system32\knnmp.ini
C:\WINDOWS\system32\knnmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\smsc.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_WINDOWS_LOG


((((((((((((((((((((((( Ficheiros criados de 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))))
.

2008-03-15 23:14 . 2008-03-15 23:14 <DIR> d-------- C:\Programas\Gabest
2008-03-15 13:42 . 2008-03-15 13:43 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-03-15 11:10 . 2008-03-16 18:42 <DIR> d-------- C:\Documents and Settings\Leónidas Moreira\Application Data\F-Secure
2008-03-15 11:10 . 2008-03-16 18:42 <DIR> d-------- C:\Documents and Settings\Leónidas Moreira\Application Data\F-Secure
2008-03-15 11:10 . 2008-03-16 18:42 <DIR> d-------- C:\Documents and Settings\Leónidas Moreira\Application Data\F-Secure
2008-03-15 10:55 . 2008-02-13 10:38 59,688 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-03-15 10:55 . 2008-02-13 10:38 38,632 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-03-15 10:51 . 2008-03-15 10:59 <DIR> d-------- C:\Programas\Cabovisao Netsecure
2008-03-15 10:51 . 2008-03-15 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-03-15 10:50 . 2008-03-15 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-03-14 00:00 . 2008-03-14 00:00 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-13 18:35 . 2008-03-15 11:05 2,394 ---hs---- C:\WINDOWS\system32\lkfmgavw.ini
2008-03-13 18:30 . 2008-03-13 18:30 90,176 --a------ C:\WINDOWS\system32\tsrkljms.dll
2008-03-12 18:33 . 2008-03-13 18:33 2,034 ---hs---- C:\WINDOWS\system32\avrwswwj.ini
2008-03-09 16:51 . 2008-03-12 18:27 1,854 ---hs---- C:\WINDOWS\system32\rfpmgeib.ini
2008-03-08 16:55 . 2008-03-09 11:59 1,674 ---hs---- C:\WINDOWS\system32\asvwkvjh.ini
2008-03-07 18:27 . 2008-03-07 18:28 <DIR> d-------- C:\Programas\XP Codec Pack
2008-03-07 16:46 . 2008-03-08 16:46 1,554 ---hs---- C:\WINDOWS\system32\krqhpfmp.ini
2008-03-02 22:03 . 2008-03-07 16:44 1,434 ---hs---- C:\WINDOWS\system32\hbrngvvp.ini
2008-03-02 21:03 . 2008-03-02 21:03 1,254 ---hs---- C:\WINDOWS\system32\upplxkjb.ini
2008-03-01 20:59 . 2008-03-02 20:59 1,194 ---hs---- C:\WINDOWS\system32\wbklfbue.ini
2008-02-29 21:01 . 2008-03-01 20:13 1,074 ---hs---- C:\WINDOWS\system32\wjcxedjt.ini
2008-02-24 17:50 . 2008-02-29 20:56 774 ---hs---- C:\WINDOWS\system32\aurtjgkd.ini
2008-02-23 17:47 . 2008-02-24 11:33 1,606 ---hs---- C:\WINDOWS\system32\eetmanuc.ini
2008-02-22 17:46 . 2008-02-23 17:46 1,366 ---hs---- C:\WINDOWS\system32\ihoastpo.ini
2008-02-16 23:29 . 2008-02-22 17:43 1,014 ---hs---- C:\WINDOWS\system32\xukuidvv.ini

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 13:37 35,296 -c--a-w C:\WINDOWS\system32\drivers\Dvd43.sys
2008-03-15 13:46 --------- d-----w C:\Programas\Marcos Velasco Security
2008-03-07 18:18 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-02-17 11:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-11 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 18:49 --------- d-----w C:\Programas\Spybot - Search & Destroy
2008-02-09 14:00 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-09 13:54 --------- d-----w C:\Programas\Ficheiros comuns\Macrovision Shared
2008-02-09 13:42 --------- d-----w C:\Programas\Ficheiros comuns\Adobe
2008-02-02 04:00 --------- d-----w C:\Programas\Total Video Converter
2008-02-01 22:38 --------- d-----w C:\Programas\ElcomSoft
2007-09-16 13:35 167 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DB93BA3-380C-497B-88BF-1401291EAE3A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60A7AFDA-DBF1-4858-931B-B3F7C87B71D1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"H/PC Connection Agent"="C:\Programas\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 00:22 1211176]
"NBJ"="C:\Programas\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 21:35 1961984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 16:42 196608]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-03 23:57 33280 C:\WINDOWS\system32\rundll32.exe]
"DVD43"="C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe" [2006-10-26 14:58 258560]
"\services.exe"="C:\WINDOWS\services.exe" [ ]
"Acrobat Assistant 8.0"="C:\Programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]
"F-Secure Manager"="C:\Programas\Cabovisao Netsecure\Common\FSM32.exe" [2008-02-13 10:38 184800]
"F-Secure TNB"="C:\Programas\Cabovisao Netsecure\FSGUI\TNBUtil.exe" [2008-02-13 10:38 741800]
"BM8f47ac82"="C:\WINDOWS\system32\tsrkljms.dll" [2008-03-13 18:30 90176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"[email="Mn@iboddPubswLfov"]Mn@iboddPubswLfov[/email]"= 0 (0x0)
"[email="Mn@mlrf"]Mn@mlrf[/email]"= 0 (0x0)
"MnOndNeg"= 0 (0x0)
"MnQtm"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 14:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-10-04 20:43 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuspqn]
wvuspqn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Pinnacle Scheduler.lnk]
backup=C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a--c--- 2008-01-17 09:40 816368 C:\Programas\CCleaner\ccleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
--a------ 2006-10-26 14:58 258560 C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-27 00:22 1211176 C:\Programas\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-11 03:19 69632 C:\Programas\HP ScanJet 3530c\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 C:\Programas\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CLTNetCnService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programas\\Internet Explorer\\IEXPLORE.EXE"=
"C:\Programas\Microsoft ActiveSync\rapimgr.exe"= C:\Programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programas\Microsoft ActiveSync\wcescomm.exe"= C:\Programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programas\Microsoft ActiveSync\WCESMgr.exe"= C:\Programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programas\\MSN Messenger\\livecall.exe"=
"C:\\Programas\\eMule\\eMule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-02-13 10:38]
R1 F-Secure HIPS;F-Secure HIPS;C:\Programas\Cabovisao Netsecure\HIPS\fshs.sys [2008-02-13 10:38]
R2 ZTE CDROM Monitor;ZTE CDROM Monitor;C:\WINDOWS\system32\SupportAppPT\ztemon.exe [2007-05-11 22:06]
R3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-11-22 11:33]
R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys [2008-03-16 13:37]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Programas\Cabovisao Netsecure\Anti-Virus\minifilter\fsgk.sys [2008-02-13 10:38]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 18:52]
S4 F-Secure Filter;F-Secure File System Filter;C:\Programas\Cabovisao Netsecure\Anti-Virus\Win2K\FSfilter.sys [2008-02-13 10:38]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Programas\Cabovisao Netsecure\Anti-Virus\Win2K\FSrec.sys [2008-02-13 10:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33ae5ae1-e116-11db-9296-00152f7a1218}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER
.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-03-07 17:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programas\TuneUp Utilities 2006\SystemOptimizer.exe
"2007-09-02 05:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programas\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 19:13:13 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\CABOVI~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\CABOVI~1\ANTI-V~1\report.txt
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 21:37:59
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\services.exe"="C:\\WINDOWS\\services.exe"
.
Tempo para conclusão: 2008-03-16 21:38:50
ComboFix-quarantined-files.txt 2008-03-16 21:38:34
.
2008-03-14 00:07:01 --- E O F ---

********************************************************************************
***********


LOGFILE HijackThis v1.99.1



********************************************************************

Logfile of HijackThis v1.99.1
Scan saved at 21:42:24, on 16-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ASUSKBService.exe
C:\Programas\Cabovisao Netsecure\Anti-Virus\fsgk32st.exe
C:\Programas\Cabovisao Netsecure\Anti-Virus\FSGK32.EXE
C:\Programas\Cabovisao Netsecure\Common\FSMA32.EXE
C:\Programas\Cabovisao Netsecure\Common\FSMB32.EXE
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Programas\Cabovisao Netsecure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SupportAppPT\ztemon.exe
C:\Programas\Cabovisao Netsecure\Anti-Virus\fsqh.exe
C:\Programas\Cabovisao Netsecure\Common\FAMEH32.EXE
C:\Programas\Cabovisao Netsecure\FSPC\fspc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programas\Cabovisao Netsecure\FSAUA\program\fsaua.exe
C:\Programas\Cabovisao Netsecure\Anti-Virus\fssm32.exe
C:\Programas\Cabovisao Netsecure\FWES\Program\fsdfwd.exe
C:\Programas\Cabovisao Netsecure\FSAUA\program\fsus.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Microsoft ActiveSync\wcescomm.exe
C:\Programas\Cabovisao Netsecure\FSGUI\fsguidll.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programas\Cabovisao Netsecure\Anti-Virus\fsav32.exe
C:\WINDOWS\explorer.exe
E:\Leónidas Moreira\Programas\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DB93BA3-380C-497B-88BF-1401291EAE3A} - (no file)
O2 - BHO: (no name) - {60A7AFDA-DBF1-4858-931B-B3F7C87B71D1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [\services.exe] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programas\Cabovisao Netsecure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programas\Cabovisao Netsecure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [BM8f47ac82] Rundll32.exe "C:\WINDOWS\system32\tsrkljms.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Programas\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programas\Cabovisao Netsecure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programas\Cabovisao Netsecure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programas\Cabovisao Netsecure\FSPC\fspcmsie.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programas\cabovisao netsecure\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/ ... gh.cab?326
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvuspqn - wvuspqn.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: aawservice - Philips Semiconductors GmbH - (no file)
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programas\Cabovisao Netsecure\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programas\Cabovisao Netsecure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programas\Cabovisao Netsecure\FWES\Program\fsdfwd.exe
O23 - Service: Agente de Administração F-Secure (FSMA) - F-Secure Corporation - C:\Programas\Cabovisao Netsecure\Common\FSMA32.EXE
O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe
ljamoreira
Novato
Novato
 
Mensagens: 2
Registado: Terça Mar 18, 2008 21:50
Topo

Mensagempor _black_bird » Quarta Mar 19, 2008 15:01

Desliga o system restore.
Saca esta ferramenta e faz full scan com ela.
Foi a unica que me resolveu o problema, quando apanhei isso!

http://www.majorgeeks.com/Malwarebytes_ ... d5756.html
_black_bird
Membro de Ouro
Membro de Ouro
 
Mensagens: 981
Registado: Sexta Jan 17, 2003 22:06
Localização: Matosinhos
Topo

Mensagempor alr_tech » Quarta Mar 19, 2008 15:32

boas

essa peste é um troiano que tem o vicio de copiar para o disco os verdadeiros problemas, desde outros virus a adware...

a análise do hijackthis revela o seguinte:
O2 - BHO: (no name) - {2DB93BA3-380C-497B-88BF-1401291EAE3A} - (no file)
Unknown application.
Unnecessary (deactivated) entry that can be fixed.

02 - BHO: (no name) - {60A7AFDA-DBF1-4858-931B-B3F7C87B71D1} - (no file)
Unknown application.
Unnecessary (deactivated) entry that can be fixed.

O4 - HKLM\..\Run: [\services.exe] C:\WINDOWS\services.exe

Must be fixed! Added by the CIADOOR-F TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder

O4 - HKLM\..\Run: [BM8f47ac82] Rundll32.exe "C:\WINDOWS\system32\tsrkljms.dll",s
Unknown application. (valida sobre este ficheiro....)

O20 - Winlogon Notify: wvuspqn - wvuspqn.dll (file missing)
Unnecessary (deactivated) entry that can be fixed.



tu precisas desse software da cabovisão?
se não desintala isso e coloca uma firewal como deve ser....
tipo Zone Alarm
antivirus tipo AVG
para outros consulta os Post sobre segurança...

quando tiveres a deseinfectar a máquina é sempre com ela desligada da NET...
depois de correres os antivirus e antiadware (vários)...
reebot e repete a dose em safe mode...
depois de várias vezes, tenta antivirus online, Panda, Kaspersky, etc..

infelizmente um dos "amigos" tem a mania de infectar vários executáveis, por isso não uses os instalers que tens no disco....

para esse chato, aconselho só a deseinfecção parcial... para recuperar ficheiros necesários, depois o belo do format.... longo... ás vezes é necessário aplicar um fdisk antes....


cumps
AMD XP 2400+, ASUS A7N8X-E Deluxe
1 Gb DDR 400, Seagate 80 GB ATA + 120 Gb ATA, ATI 9600 XT
alr_tech
Gurus
Gurus
 
Mensagens: 6768
Registado: Quinta Fev 17, 2005 18:01
Localização: Lisboa
Topo

Mensagempor ljamoreira » Quarta Mar 19, 2008 22:49

caro ............alr_tech

com o hijackthis não posso resolver as situações acima indicadas


Obrigado
ljamoreira
Novato
Novato
 
Mensagens: 2
Registado: Terça Mar 18, 2008 21:50
Topo

Mensagempor OldNiquel » Quarta Mar 19, 2008 23:43

Conheço esse virus, normalmente apanha-se em casas de sexo virtual mal frequentadas, e se fores à bruta os resultados podem ser devastadores.

Gogla : VirtumundoBeGone.exe e FxVMonde.exe.
Corre os dois em modo de segurança, e da proxima vez usa camisinha... :lol:
Avatar do Utilizador
OldNiquel
Membro de Prata
Membro de Prata
 
Mensagens: 108
Registado: Segunda Ago 20, 2007 11:02
Topo

Mensagempor alr_tech » Quinta Mar 20, 2008 10:19

boas
ljamoreira Escreveu:caro ............alr_tech

com o hijackthis não posso resolver as situações acima indicadas

uma aposta como podes... ;)

o hijackthis não desinfecta, mas apaga as entradas assinaladas....

o resto é feito á lá pata e por pesquisa, com sorte, encontras algum programa salvador que faz isso por ti...

cumps
AMD XP 2400+, ASUS A7N8X-E Deluxe
1 Gb DDR 400, Seagate 80 GB ATA + 120 Gb ATA, ATI 9600 XT
alr_tech
Gurus
Gurus
 
Mensagens: 6768
Registado: Quinta Fev 17, 2005 18:01
Localização: Lisboa
Topo
Responder

Voltar para Segurança Informática

Quem está ligado:

Utilizador a ver este Fórum: Nenhum utilizador registado e 1 visitante

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Traduzido por phpBB Portugal