Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HJT LOG ( IMPORTANT and URGENT ) [CLOSED]


  • This topic is locked This topic is locked

#1
epokii

epokii

    Member

  • Member
  • PipPip
  • 14 posts
Hi!
I'm having a BIG problem with my computer... I've runed every scans i could have run and did all that kind of things, but i can't solve my problem. Basically when i leave a game/application that can use fullscreen or non fullscreen ( but mainly happens with fullscreen ) The screen becomes like the computer is not responding, not showing entire images of all thinks, and just parts of it, so it sense that it can't no more load completly the things i run :S It's strange and hard to explain... I think u couldn't understand, coz it's even harder to explan in english. Whatever, here is my HJT log, so that u could help me solving this problem and puting my computer in the highest perfomance it can have.

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at epokk [20:54], on 26-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programas\Xfire\xfire.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.185.116.218:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programas\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Programas\GameSpy\Comrade\Comrade.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Programas\Xfire\xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C640266-2DBE-49FB-B66E-9BDF1D873CFB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{8039A27B-5F7D-42EC-AB17-64616433E01F}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{5C640266-2DBE-49FB-B66E-9BDF1D873CFB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{5C640266-2DBE-49FB-B66E-9BDF1D873CFB}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programas\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programas\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7022 bytes


Waiting for ur help to solve all the possible problems that my computer can have. Tks :)

P.S If u need any further information/logs or something like that just ask for it :)
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
This doesn't sound like a malware issue.

What did all your scans find? Probably nothing much...

I suggest posting this in the Windows board instead...
  • 0

#3
epokii

epokii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
yes i didn't found anything with the multiple scans i did :S So, I posted it in there windows section and they don't seem wanting to help me :s So u must say here if it's all clear or not. Tks xD
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
From the preliminary scan and the scans you said you ran, it doesn't look like a malware issue. If you want, we can run deeper scans...

For the HijackThis log, can you run the scan in Normal Mode instead? We usually want to see the log when the machine is running with all the applications/drivers loaded.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#5
epokii

epokii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 08-04-26.3 - epok 2008-04-27 16:23:20.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.1562 [GMT 1:00]
Executando de: C:\Documents and Settings\epok\Ambiente de trabalho\ComboFix.exe
* Criado um novo ponto de restauro
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((( Ficheiros criados de 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))))
.

2008-04-27 00:33 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-27 00:33 . 2008-04-27 11:09 164,081 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-27 00:33 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-04-27 00:19 . 2008-04-27 00:20 <DIR> d-------- C:\Programas\DriverCleanerDotNET
2008-04-26 20:53 . 2008-04-26 20:53 <DIR> d-------- C:\Programas\Trend Micro
2008-04-26 18:41 . 2008-04-26 18:41 <DIR> d-------- C:\Programas\Lavasoft
2008-04-26 18:31 . 2008-04-26 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-24 18:20 . 2008-04-24 18:20 <DIR> d-------- C:\tara perdida - nada a esconder
2008-04-23 14:52 . 2008-04-23 14:59 <DIR> d-------- C:\ESTUDANTES - vol.1
2008-04-23 14:51 . 2008-04-23 15:00 <DIR> d-------- C:\ESTUDANTES - vol.2
2008-04-23 14:43 . 2008-04-24 12:42 <DIR> d-------- C:\Money Talks - Bikini Shop Princess
2008-04-23 14:43 . 2008-04-23 14:53 <DIR> d-------- C:\Amateur - Geil Gefickt
2008-04-23 14:41 . 2008-04-24 12:42 <DIR> d-------- C:\Festa Estudantil
2008-04-06 17:57 . 2008-04-06 17:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-06 12:25 . 2008-04-27 00:25 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-06 12:25 . 2008-04-06 12:25 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-05 11:52 . 2008-04-19 10:03 <DIR> d-------- C:\Programas\Xfire
2008-04-05 11:52 . 2008-04-27 11:42 <DIR> d-------- C:\Documents and Settings\epok\Application Data\Xfire
2008-04-04 18:16 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-04-04 17:17 . 2008-04-04 17:17 <DIR> d-------- C:\Programas\CCleaner
2008-04-04 17:10 . 2008-04-04 17:10 <DIR> d-------- C:\VundoFix Backups
2008-04-03 00:26 . 2008-04-03 00:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 15:27 28,026,912 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-27 15:27 1,462,816 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-27 15:27 --------- d-----w C:\Programas\cFosSpeed
2008-04-27 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-27 15:17 377,612 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-27 15:17 139,988 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-26 16:23 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-26 16:23 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-26 10:58 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-26 10:58 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-25 18:37 --------- d-----w C:\Programas\mIRC
2008-04-23 20:31 --------- d-----w C:\Programas\SopCast
2008-04-23 18:55 --------- d-----w C:\Documents and Settings\epok\Application Data\SopCast
2008-04-09 20:06 --------- d-----w C:\Programas\Lineage II - Infinity
2008-04-03 21:24 --------- d-----w C:\Programas\Steam
2008-03-24 18:15 --------- d-----w C:\Programas\The All-Seeing Eye
2008-03-24 17:47 --------- d-----w C:\Programas\GameSpy
2008-03-24 17:46 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-03-24 17:46 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-24 17:46 22,328 ----a-w C:\Documents and Settings\epok\Application Data\PnkBstrK.sys
2008-03-24 17:34 --------- d-----w C:\Programas\Electronic Arts
2008-03-22 10:17 --------- d-----w C:\Documents and Settings\epok\Application Data\Ubisoft
2008-03-22 10:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-03-22 10:03 --------- d--h--w C:\Programas\InstallShield Installation Information
2008-03-22 10:03 --------- d-----w C:\Programas\Ubisoft
2008-03-21 23:30 --------- d-----w C:\Programas\EA Sports
2008-03-20 18:31 --------- d-----w C:\Programas\Symantec
2008-03-19 20:34 71,366,519 ----a-w C:\Call of Duty® 4 - Patch 1.4.zip
2008-03-19 19:11 --------- d-----w C:\Programas\Activision
2008-03-14 23:57 --------- d-----w C:\Programas\Microsoft Silverlight
2008-03-07 12:45 --------- d-----w C:\Programas\TuneUp Utilities 2008
2008-03-07 12:44 307,968 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-07 12:37 --------- d-----w C:\Programas\Ficheiros comuns\Wise Installation Wizard
2008-03-07 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-07 12:11 --------- d-----w C:\Documents and Settings\epok\Application Data\TuneUp Software
2008-03-02 19:36 --------- d-----w C:\Programas\PPMate
2008-03-02 19:35 --------- d-----w C:\Programas\Ficheiros comuns\Synacast
2008-03-02 19:35 --------- d-----w C:\Documents and Settings\epok\Application Data\PPMate
2008-03-02 19:31 --------- d-----w C:\Programas\TVAnts
2008-03-01 23:12 --------- d-----w C:\Programas\Ficheiros comuns\Adobe
2008-02-27 22:46 --------- d-----w C:\Programas\Windows Live
2008-02-27 18:57 --------- d-----w C:\Programas\Microsoft CAPICOM 2.1.0.2
2008-02-27 18:10 --------- d-----w C:\Programas\Microsoft SQL Server Compact Edition
2008-02-27 18:09 --------- dcsh--w C:\Programas\Ficheiros comuns\WindowsLiveInstaller
2008-02-27 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-27 13:15 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2008-02-12 15:16 285,912 ----a-w C:\WINDOWS\system32\cfosspeed.dll
2008-02-01 11:17 588,288 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((( snapshot_2008-04-26_19.12.43,12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-26 18:02:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 15:18:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-26 16:15:56 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-27 11:38:53 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-26 16:15:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Histórico\History.IE5\index.dat
+ 2008-04-27 11:38:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Histórico\History.IE5\index.dat
- 2007-09-17 00:07:00 5,783,040 -c--a-w C:\WINDOWS\system32\dllcache\nv4_disp.dll
+ 2007-12-05 00:41:00 5,773,568 -c--a-w C:\WINDOWS\system32\dllcache\nv4_disp.dll
+ 2008-04-27 15:18:37 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_4c0.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Programas\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32 81920]
"MsnMsgr"="C:\Programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-21 12:00 15360]
"Comrade.exe"="C:\Programas\GameSpy\Comrade\Comrade.exe" [2007-06-29 16:03 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"P17Helper"="P17.dll" [2005-05-03 12:38 64512 C:\WINDOWS\system32\P17.dll]
"cFosSpeed"="C:\Programas\cFosSpeed\cFosSpeed.exe" [2008-02-12 16:16 863448]
"TkBellExe"="C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2007-10-20 11:37 180269]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-21 12:00 15360]

C:\Documents and Settings\epok\Menu Iniciar\Programas\Arranque\
Xfire.lnk - C:\Programas\Xfire\xfire.exe [2008-04-03 00:25:58 ] 2987856]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
HP Digital Imaging Monitor.lnk - C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 ] 282624]
Inicializa‡Æo r pida do HP Image Zone.lnk - C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 ] 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 C:\Programas\Ficheiros comuns\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-02-15 16:10 57344 C:\Programas\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-09-20 10:35 1077032 C:\Programas\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Programas\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-09-20 10:36 2044712 C:\Programas\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-09-07 15:35 716800 C:\Programas\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2005-05-20 02:11 925696 C:\Programas\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
--a------ 2007-11-18 20:13 1046688 C:\Programas\TrojanHunter 5.0\THGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-20 11:37 180269 C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
--a------ 2004-03-19 05:30 184320 C:\Programas\Microsoft IntelliType Pro\type32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programas\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SpeedTouch USB Diagnostics"="C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
"TkBellExe"="C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"
"iTunesHelper"="C:\Programas\iTunes\iTunesHelper.exe"
"HP Software Update"=C:\Programas\HP\HP Software Update\HPWuSchd2.exe
"HPHUPD08"=C:\Programas\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"UpdReg"=C:\WINDOWS\UpdReg.EXE
"QuickTime Task"="C:\Programas\QuickTime\QTTask.exe" -atboottime
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programas\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\epok\\Ambiente de trabalho\\ST330Beta41\\stInstall.exe"=
"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programas\\PPMate\\ppmate.exe"=
"C:\\Programas\\PPMate\\ppamnet.exe"=
"C:\\Programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-09-21 12:00]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 21:50]
S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2008-02-15 22:13]
S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2008-02-15 22:13]
S3 stppp;Speedtouch PPP Adapter Adapter;C:\WINDOWS\system32\DRIVERS\stppp.sys [2008-02-15 22:13]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-07 13:44]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-04-27 15:18:25 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programas\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-23 14:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programas\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 16:27:42
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-04-27 16:29:17
ComboFix-quarantined-files.txt 2008-04-27 15:29:13
ComboFix2.txt 2008-04-26 18:12:53
ComboFix3.txt 2008-04-06 11:52:55
ComboFix4.txt 2008-04-04 16:29:25
ComboFix5.txt 2007-11-11 13:40:20

Pre-Run: 6,191,210,496 bytes livres
Post-Run: 6,181,019,648 bytes livres

234 --- E O F --- 2008-03-12 18:16:03
  • 0

#6
epokii

epokii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at epokk [17:08], on 27-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programas\cFosSpeed\spd.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Programas\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programas\cFosSpeed\cFosSpeed.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\GameSpy\Comrade\Comrade.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\Xfire\xfire.exe
C:\Programas\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.185.116.218:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [cFosSpeed] C:\Programas\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programas\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Programas\GameSpy\Comrade\Comrade.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Programas\Xfire\xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C640266-2DBE-49FB-B66E-9BDF1D873CFB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{8039A27B-5F7D-42EC-AB17-64616433E01F}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{5C640266-2DBE-49FB-B66E-9BDF1D873CFB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{5C640266-2DBE-49FB-B66E-9BDF1D873CFB}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Programas\cFosSpeed\spd.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programas\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programas\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7782 bytes
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
It's all clear....if this problem happened recently, nothing is showing up in the logs. I would post back in the other board. Bump the topic after 3 days time has passed if no one replied.
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP