Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Final Review At Problematic Pc


  • This topic is locked This topic is locked
3 replies to this topic

#1 bfsreis

bfsreis

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 15 January 2008 - 08:13 PM

After passing a lot of time cleaning my machine I need help assuring that all is ok.

Here is the Logs.

Hijack

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programas\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programas\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\Integrator.exe
C:\Programas\ADSL Autoconnect\ADSL Autoconnect.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programas\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Programas\Webroot\Spy Sweeper\SSU.EXE
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Opera\Opera.exe
C:\Documents and Settings\Bruno Sousa Reis\Ambiente de trabalho\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {040CF5CF-AFC4-4393-B3AE-30B65A5460C4} - C:\WINDOWS\system32\ddcdbaa.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NetLimiter] "C:\Programas\NetLimiter\NetLimiter.exe" /s
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programas\USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SBCSTray] "C:\Programas\Sunbelt Software\CounterSpy\SBCSTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [WeatherClock] "C:\Programas\Weather Clock\WeatherClock.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" /P26 "EPSON Stylus DX4200 Series" /M "Stylus DX4200" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - Startup: AntiCrash.lnk = C:\Programas\Dachshund Software\AntiCrash\AntiCrash.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196634759236
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197051003179
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{294A1C9D-FD4E-40FE-9F84-BCB0B35C5156}: NameServer = 212.13.35.189 212.13.35.33
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Programas\ADSL Autoconnect\ADSL Autoconnect.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programas\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe


And here is ComboFix Log


ComboFix 08-01-15.4 - 2008-01-16 0:48:48.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.115 [GMT 0:00]
Executando de: C:\Documents and Settings\s\Ambiente de trabalho\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\s\Application Data\dach100.dll

.
((((((((((((((((((((((( Ficheiros criados de 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))
.

2008-01-16 00:42 . 2008-01-16 00:42 <DIR> d-------- C:\Programas\Weather Clock
2008-01-16 00:40 . 2008-01-16 00:40 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-16 00:30 . 2004-09-21 12:00 731,136 --a------ C:\WINDOWS\system32\36bD0.tmp
2008-01-16 00:30 . 2008-01-16 00:30 54,624 --a------ C:\WINDOWS\system32\cbdCF.sys
2008-01-16 00:20 . 2008-01-16 00:20 2,335,270 --a------ C:\WINDOWS\system32\4cfAB.mht
2008-01-16 00:07 . 2008-01-16 00:07 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-16 00:07 . 2007-01-25 21:57 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-16 00:07 . 2007-01-25 21:57 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-16 00:07 . 2007-01-25 21:57 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-16 00:07 . 2007-01-25 21:57 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2008-01-16 00:06 . 2008-01-16 00:06 <DIR> d-------- C:\Programas\Webroot
2008-01-16 00:06 . 2008-01-16 00:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-16 00:04 . 2008-01-16 00:04 <DIR> d-------- C:\Documents and Settings\s\Application Data\Webroot
2008-01-15 23:25 . 2008-01-15 23:25 <DIR> d-------- C:\Documents and Settings\s\Application Data\Sunbelt Software
2008-01-15 23:25 . 2008-01-15 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-01-15 23:25 . 2008-01-15 23:25 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-01-15 23:24 . 2008-01-15 23:24 <DIR> d-------- C:\Programas\Sunbelt Software
2008-01-15 23:21 . 2008-01-15 23:21 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Definiþ§es locais
2008-01-15 23:21 . 2008-01-15 23:21 <DIR> d-------- C:\Documents and Settings\NetworkService\Definiþ§es locais
2008-01-15 23:21 . 2008-01-15 23:21 <DIR> d-------- C:\Documents and Settings\LocalService\Definiþ§es locais
2008-01-15 23:21 . 2008-01-15 23:21 <DIR> d-------- C:\Documents and Settings\eMule_Secure\Definiþ§es locais
2008-01-15 23:21 . 2008-01-15 23:21 <DIR> d-------- C:\Documents and Settings\Default User\Definiþ§es locais
2008-01-15 23:21 . 2008-01-15 23:21 <DIR> d-------- C:\Documents and Settings\s\Definiþ§es locais
2008-01-15 23:07 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 22:28 . 2008-01-15 22:28 <DIR> d-------- C:\Documents and Settings\s\Application Data\Grisoft
2008-01-15 22:27 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-15 22:26 . 2008-01-15 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-15 18:45 . 2008-01-15 22:23 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-15 18:31 . 2008-01-15 18:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-15 18:10 . 2008-01-16 00:09 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-11 12:29 . 2008-01-11 12:29 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-05 15:27 . 2008-01-05 15:26 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-01-05 15:26 . 2008-01-05 15:27 <DIR> d-------- C:\Programas\Codec Pack - All In 1
2008-01-02 20:45 . 2008-01-02 20:45 <DIR> d-------- C:\WINDOWS\Sun
2008-01-01 21:13 . 2008-01-01 21:13 <DIR> d-------- C:\sptemp
2008-01-01 13:18 . 2008-01-04 12:09 38 --a------ C:\WINDOWS\avisplitter.INI
2007-12-28 14:33 . 2007-12-28 14:33 <DIR> d-------- C:\Programas\Cucusoft
2007-12-28 11:20 . 2007-12-28 11:20 <DIR> d-------- C:\Programas\ADSL Autoconnect
2007-12-25 12:18 . 2007-12-25 12:18 <DIR> d-------- C:\Documents and Settings\s\Application Data\Media Player Classic
2007-12-24 17:35 . 2007-12-24 17:35 <DIR> d-------- C:\Programas\K-Lite Codec Pack
2007-12-23 23:09 . 2007-12-23 23:09 <DIR> d-------- C:\Programas\Marvell
2007-12-23 22:39 . 2007-12-23 22:39 <DIR> d--h----- C:\Programas\InstallShield Installation Information
2007-12-23 22:39 . 2007-12-23 22:39 <DIR> d-------- C:\Programas\Ficheiros comuns\InstallShield
2007-12-23 22:33 . 2007-12-23 22:33 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-12-23 22:33 . 1999-12-23 17:04 41,852 --a------ C:\WINDOWS\system32\UpdDrv2K.exe
2007-12-23 22:28 . 2000-11-07 18:54 1,044,480 --a------ C:\WINDOWS\system32\RoboEx32.dll
2007-12-23 22:28 . 2003-04-23 14:16 61,440 --a------ C:\WINDOWS\system\EL2k_CPP.dll
2007-12-23 22:28 . 1998-10-20 13:05 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll
2007-12-23 11:56 . 2007-12-28 11:31 <DIR> d-------- C:\Programas\Gabest
2007-12-23 11:51 . 2007-12-28 11:29 <DIR> d-------- C:\Programas\AviSynth 2.5
2007-12-22 21:53 . 2007-12-22 21:53 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-22 21:10 . 2007-12-22 21:10 <DIR> d-------- C:\Downloads
2007-12-22 21:10 . 2007-12-22 23:24 <DIR> d-------- C:\Documents and Settings\s\Application Data\GetRightToGo
2007-12-22 17:19 . 2007-12-23 22:24 <DIR> d-------- C:\Programas\Team MediaPortal
2007-12-22 14:28 . 2007-12-22 14:34 <DIR> d-------- C:\Programas\Microsoft Silverlight
2007-12-21 23:35 . 2007-12-23 21:42 <DIR> d-------- C:\Programas\FlashGet
2007-12-21 23:35 . 2007-12-10 12:15 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2007-12-21 18:04 . 2007-12-21 18:04 <DIR> d-------- C:\Programas\PasswordTools
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-20 18:46 . 2007-12-23 22:23 <DIR> d-------- C:\Programas\The Weather Channel FW
2007-12-16 15:02 . 2007-12-16 15:07 <DIR> d-------- C:\Documents and Settings\s\avidemux

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 00:41 --------- d-----w C:\Programas\PowerISO
2008-01-16 00:06 --------- d-----w C:\Programas\Hitman Pro
2008-01-16 00:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-15 17:57 --------- d-----w C:\Programas\USB ADSL
2008-01-06 12:03 --------- d-----w C:\Documents and Settings\s\Application Data\uTorrent
2007-12-23 12:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-14 22:17 --------- d-----w C:\Programas\Google
2007-12-14 22:15 --------- d-----w C:\Documents and Settings\s\Application Data\LimeWire
2007-12-14 21:51 --------- d-----w C:\Programas\LimeWire
2007-12-14 20:36 --------- d-----w C:\Documents and Settings\s\Application Data\Ahead
2007-12-14 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-14 18:11 --------- d-----w C:\Programas\EPSON
2007-12-10 23:24 164 ----a-w C:\install.dat
2007-12-10 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-10 22:10 --------- d-----w C:\Programas\Java
2007-12-10 22:07 --------- d-----w C:\Programas\CCleaner
2007-12-10 22:06 --------- d-----w C:\Programas\'Full Speed' Internet Booster + Performance Tests
2007-12-10 21:59 --------- d-----w C:\Programas\Ficheiros comuns\Java
2007-12-10 19:31 --------- d-----w C:\Programas\MediaMonkey
2007-12-10 12:31 --------- d-----w C:\Documents and Settings\s\Application Data\GRETECH
2007-12-10 12:16 --------- d-----w C:\Documents and Settings\s\Application Data\Comodo
2007-12-10 12:15 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-12-09 23:56 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-12-09 21:51 --------- d-----w C:\Programas\Comodo
2007-12-09 21:51 --------- d-----w C:\Programas\Agnitum
2007-12-09 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo(2)
2007-12-09 21:32 139,008 ----a-w C:\WINDOWS\system32\guard32(2).dll
2007-12-09 20:19 --------- d-----w C:\Programas\YouTube Downloader
2007-12-09 20:19 --------- d-----w C:\Programas\uTorrent
2007-12-09 20:19 --------- d-----w C:\Programas\PCZeitschaltuhr
2007-12-09 20:19 --------- d-----w C:\Programas\Opera
2007-12-09 20:19 --------- d-----w C:\Programas\Nero
2007-12-07 22:47 --------- d-----w C:\Documents and Settings\s\Application Data\Weather Clock
2007-12-07 18:45 --------- d-----w C:\Programas\Microsoft Visual Studio 8
2007-12-07 18:30 --------- d-----w C:\Programas\Priberam
2007-12-07 18:30 --------- d-----w C:\Programas\Ficheiros comuns\Protec
2007-12-07 18:30 --------- d-----w C:\Programas\Ficheiros comuns\Priberam
2007-12-07 18:07 --------- d-----w C:\Programas\MSECache
2007-12-07 18:03 --------- d-----w C:\Programas\GRETECH
2007-12-07 18:01 --------- d-----w C:\Programas\Microsoft Works
2007-12-02 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2007-12-02 22:19 --------- d-----w C:\Programas\Foxit Software
2007-12-02 22:13 646,400 ----a-w C:\WINDOWS\system32\drivers\CnxEtU.sys
2007-12-02 22:13 60,288 ----a-w C:\WINDOWS\system32\drivers\CnxEtP.sys
2007-12-02 22:13 163,840 ----a-w C:\WINDOWS\system32\CnxHwIo.dll
2007-12-02 22:13 118,784 ----a-w C:\WINDOWS\system32\CnxMfdCo.dll
2007-12-02 22:13 118,784 ----a-w C:\WINDOWS\system32\CnxClsCo.dll
2007-12-02 22:13 108,771 ----a-w C:\WINDOWS\system32\drivers\CnxTgN.sys
2007-12-02 22:10 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-02 22:08 --------- d-----w C:\Programas\Dachshund Software
2007-12-02 22:06 --------- d-----w C:\Documents and Settings\s\Application Data\AutoPowerOn
2007-12-02 22:01 --------- d-----w C:\Programas\Ficheiros comuns\Ahead
2007-12-02 22:01 --------- d-----w C:\Programas\Ficheiros comuns\Adobe
2007-12-02 22:01 --------- d-----w C:\Documents and Settings\s\Application Data\AdobeUM
2007-12-02 22:00 --------- d-----w C:\Documents and Settings\s\Application Data\LockTime
2007-12-02 21:28 --------- d-----w C:\Programas\microsoft frontpage
2007-12-02 21:26 --------- d-----w C:\Programas\Serviços online
2007-12-02 21:26 --------- d-----w C:\Programas\Ficheiros comuns\MSSoap
2007-12-02 21:14 --------- d-----w C:\Programas\Ficheiros comuns\SpeechEngines
2007-12-02 21:14 --------- d-----w C:\Programas\Ficheiros comuns\ODBC
2007-11-29 09:28 285,824 ----a-w C:\WINDOWS\system32\drivers\yk51x86.sys
2003-07-17 10:26 448,640 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-07-17 10:22 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-06-03 15:47 147,328 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.
<pre>
----a-w		   338,432 2008-01-15 22:23:14  C:\Programas\Comodo\CBOClean\BOC425 .exe
----a-w		 1,443,072 2008-01-15 22:23:18  C:\Programas\ESET\ESET NOD32 Antivirus\egui .exe
----a-w		   200,704 2008-01-15 22:23:14  C:\Programas\PowerISO\PWRISOVM .EXE
----a-w			15,360 2008-01-15 22:23:18  C:\WINDOWS\system32\ctfmon .exe
</pre>


((((((((((((((((((((((((((((( snapshot_2008-01-15_23.37.29,56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-15 23:26:59 10,134 ----a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\callmsi.exe
+ 2008-01-16 00:40:21 10,134 ----a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\callmsi.exe
- 2008-01-15 23:26:59 136,448 ----a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\egui.exe
+ 2008-01-16 00:40:21 136,448 ----a-r C:\WINDOWS\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\egui.exe
+ 2007-01-25 21:58:18 10,240 ----a-w C:\WINDOWS\system32\ssiefr.EXE
+ 2007-01-25 21:58:48 233,024 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll
+ 2007-01-25 21:58:46 26,688 ----a-w C:\WINDOWS\system32\wrlzma.dll
+ 2007-01-25 21:58:44 271,936 ----a-w C:\WINDOWS\WRUninstall.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherClock"="C:\Programas\Weather Clock\WeatherClock.exe" [2007-11-25 21:10 739840]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 01:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
"NetLimiter"="C:\Programas\NetLimiter\NetLimiter.exe" [ ]
"CnxDslTaskBar"="C:\Programas\USB ADSL\CnxDslTb.exe" [ ]
"PWRISOVM.EXE"="C:\Programas\PowerISO\PWRISOVM.EXE" [2007-08-07 00:05 200704]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [ ]
"!AVG Anti-Spyware"="C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"SBCSTray"="C:\Programas\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-12-21 15:30 698864]
"egui"="C:\Programas\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"SpySweeper"="C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-01-25 21:58 4865600]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"3ComDMIService"=2 (0x2)

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-01-15 23:25]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 ADSLAutoconnect;ADSLAutoconnect;"C:\Programas\ADSL Autoconnect\ADSL Autoconnect.exe" [2007-12-28 11:20]
R3 CnxEtP;ADSL USB MODEM WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2007-12-02 22:13]
R3 CnxEtU;ADSL USB MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2007-12-02 22:13]
R3 CnxTgN;ADSL USB MODEM WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2007-12-02 22:13]
R3 USBSTOR;Controlador de armazenamento de massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 cbdCF;cbdCF;C:\WINDOWS\system32\cbdCF.sys [2008-01-16 00:30]
S3 usbscan;Controlador de scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Grande#3Com]
\Shell\AutoRun\command - Z:\.\English\Demo32.exe /English.dbd

*Newly Created Service* - EKRN
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 00:51:44
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-01-16 0:52:42
ComboFix-quarantined-files.txt 2008-01-16 00:52:38
ComboFix2.txt 2008-01-15 23:38:09
ComboFix3.txt 2008-01-15 23:21:30

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 31 January 2008 - 12:13 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image

#3 bfsreis

bfsreis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 31 January 2008 - 12:24 PM

Hello Richie!

Thx for the help offered! Better later than never :blink: ! I know you have a lot of troublle helping people so thx again.

My problem was solved. I lost a day cleaning :thumbsup: my PC but all is solved now! :wacko:

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 31 January 2008 - 12:30 PM

Many thanks for the update bfsreis :thumbsup:

Since your problem appears to be resolved,this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users