Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

win32.perlovga.a maybe worst

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

win32.perlovga.a maybe worst

Unread postby templars » January 11th, 2008, 9:05 am

I think my pc might be infected with win32.perlovga.a
It keeps creating this autorun and svchost in all the pens I plug in... Here is my HJT

Logfile of HijackThis v1.99.1
Scan saved at 13:04:31, on 11-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\Launch Manager\QtZgAcer.EXE
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SONICS~1\SsAAD.exe
C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\DAEMON Tools Pro\DTProAgent.exe
D:\Bluetooth\BTTray.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
D:\XAMPP\xampp\apache\bin\apache.exe
C:\Programas\CATIAV5\intel_a\code\bin\CATSysDemon.exe
C:\Programas\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe
D:\XAMPP\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\niSvcLoc.exe
D:\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\WINDOWS\system32\calc.exe
C:\Programas\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\XAMPP\xampp\apache\bin\apache.exe
C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
C:\Programas\Mozilla Thunderbird\thunderbird.exe
C:\Programas\aMSN\bin\wish.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programas\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Programas\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programas\DAEMON Tools Pro\DTProAgent.exe"
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.metrodoporto.pt/mapa/mgaxctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Apache2 - Unknown owner - D:\XAMPP\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Programas\CATIAV5\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programas\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programas\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programas\Ficheiros comuns\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: mysql - Unknown owner - D:\XAMPP\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\FLEXlm\flexlm_marc\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programas\Ficheiros comuns\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cluster Manager Service V2 (rcluma) - Unknown owner - C:\WINDOWS\system32\rclumad.exe (file missing)
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - D:\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programas\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programas\Ficheiros comuns\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programas\Ficheiros comuns\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: svohost.exe - Unknown owner - C:\WINDOWS\svchcst.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programas\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe


POST EDIT: I think it's more serious than perlovga... System restore as been disabled via registry... Soybot shows many infections, firewall definitions have been altered. I'm considering doing a new clean install of windows XP. How can I back up data without having the back up data infected??
templars
Regular Member
 
Posts: 48
Joined: July 4th, 2006, 1:55 pm
Top
Advertisement
Register to Remove

Re: win32.perlovga.a maybe worst

Unread postby Katana » January 15th, 2008, 8:27 pm

Hi Templars :)
What have you been doing, I only just got you clean :evil:

Please note the new forum rules

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

Flash Disinfector by sUBs
Please downloadFlash_Disinfector.exe by sUBs and save it to your desktop:


* Double-click Flash_Disinfector.exe to run it.
* Follow any prompts that may appear.
* Wait until the program has finished scanning, then please exit the program.
The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.


Please restart your computer.

Old version of HJT
You are running an older version of Hijack This.

Click here to download HJTinstall.exe
Save HJTinstall.exe to your desktop.
It is important that you uninstall any previous versions by using Add/Remove programs in your control panel
before installing a newer version.
  • Double click on the HJTinstall.exe icon on your desktop.
  • By default it will install to C:\\Program Files\\Trend Micro\\Hijack This.
  • Click I accept
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.



Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofi ... e-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: win32.perlovga.a maybe worst

Unread postby templars » January 16th, 2008, 6:15 am

I don't think I got it over the internet. Got to be those damn pens or the old century programs my teachers make us install...

------------------HTJ-------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:42, on 16-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
D:\XAMPP\xampp\apache\bin\apache.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SONICS~1\SsAAD.exe
C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\DAEMON Tools Pro\DTProAgent.exe
C:\Programas\CATIAV5\intel_a\code\bin\CATSysDemon.exe
D:\Bluetooth\BTTray.exe
C:\Programas\Symantec AntiVirus\DefWatch.exe
D:\XAMPP\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\niSvcLoc.exe
D:\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\XAMPP\xampp\apache\bin\apache.exe
C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Mozilla Thunderbird\thunderbird.exe
C:\Programas\MSN Messenger\msnmsgr.exe
D:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\explorer.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programas\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Programas\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programas\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.metrodoporto.pt/mapa/mgaxctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Apache2 - Apache Software Foundation - D:\XAMPP\xampp\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Programas\CATIAV5\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programas\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programas\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programas\Ficheiros comuns\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: mysql - Unknown owner - D:\XAMPP\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\FLEXlm\flexlm_marc\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programas\Ficheiros comuns\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cluster Manager Service V2 (rcluma) - Unknown owner - C:\WINDOWS\system32\rclumad.exe (file missing)
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - D:\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programas\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programas\Ficheiros comuns\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programas\Ficheiros comuns\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: svohost.exe - Unknown owner - C:\WINDOWS\svchcst.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programas\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 10912 bytes


-------------------------------ComboFix--------------------------------------------
ComboFix 08-01-16.4 - templars 2008-01-16 9:56:35.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.2070.18.450 [GMT 0:00]
Executando de: C:\Documents and Settings\templars\Ambiente de trabalho\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\svchcst.exe
C:\WINDOWS\system32\_svchcst.exe
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RCLUMA
-------\rcluma


((((((((((((((((((((((( Ficheiros criados de 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))
.

2008-01-16 09:55 . 2004-08-03 23:00 261,920 --a------ C:\cmldr
2008-01-16 09:53 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 09:44 . 2008-01-16 09:44 <DIR> d-------- C:\Programas\Trend Micro
2008-01-12 14:08 . 2008-01-12 14:08 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-08 22:09 . 2008-01-09 10:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-08 22:09 . 2008-01-08 22:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-02 18:23 . 2008-01-02 18:23 <DIR> d-------- C:\Programas\Unibrain
2007-12-30 16:02 . 2007-12-30 16:02 <DIR> d-------- C:\Documents and Settings\templars\Application Data\DAEMON Tools Pro
2007-12-30 16:02 . 2007-12-30 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-12-30 16:00 . 2007-12-30 16:01 <DIR> d-------- C:\Programas\DAEMON Tools Pro
2007-12-28 14:29 . 2007-12-28 14:29 <DIR> d-------- C:\Programas\Borland
2007-12-28 14:29 . 2001-05-11 10:00 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL
2007-12-28 14:28 . 2004-06-28 12:46 68 --a------ C:\WINDOWS\ddimsk.ini
2007-12-28 14:27 . 2007-12-28 14:27 <DIR> d-------- C:\Programas\Coiltech
2007-12-28 14:15 . 2007-12-28 14:28 191 --a------ C:\WINDOWS\Temp.ini
2007-12-26 00:19 . 2007-12-26 00:19 <DIR> d-------- C:\Documents and Settings\templars\Application Data\dvdcss
2007-12-24 16:25 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\MSPCLOCK.sys
2007-12-24 16:14 . 2007-12-24 16:14 <DIR> d-------- C:\Drivers
2007-12-24 16:14 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2007-12-24 16:14 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2007-12-24 16:14 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2007-12-24 16:14 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2007-12-24 16:14 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2007-12-24 16:14 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2007-12-22 22:59 . 2007-12-22 22:59 <DIR> d-------- C:\Programas\WinFtp Server
2007-12-22 22:59 . 2007-12-22 23:01 124 --a------ C:\WINDOWS\WFTPSRV.INI
2007-12-17 20:35 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-12-16 15:39 . 2007-12-16 15:39 <DIR> d-------- C:\Documents and Settings\templars\Application Data\SolidWorksExplorer

.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 16:34 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-30 15:58 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-15 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-13 16:29 --------- d-----w C:\Documents and Settings\templars\Application Data\MySQL
2007-12-13 16:20 --------- d-----w C:\Programas\MySQL
2007-12-02 21:39 --------- d-----w C:\Programas\aMSN
2007-11-29 17:37 --------- d-----w C:\Programas\Fatek
2007-11-28 16:36 --------- d-----w C:\Programas\mozilla.org
2007-11-28 15:44 --------- d-----w C:\Programas\MSXML 6.0
2007-11-25 13:07 --------- d-----w C:\Programas\FileZilla Client
2007-11-25 13:07 --------- d-----w C:\Documents and Settings\templars\Application Data\FileZilla
2007-11-23 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\COSMOS Applications
2007-11-23 23:05 --------- d-----w C:\Programas\Ficheiros comuns\SolidWorks Shared
2007-11-23 23:02 --------- d-----w C:\Programas\Bluebeam Software
2007-11-23 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluebeam Software
2007-11-07 09:28 725,504 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 725,504 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,294,336 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,501,248 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 09:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 09:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-10 16:45 846 ----a-w C:\Programas\uninstal.log
2007-03-09 10:15 561 ----a-w C:\Programas\INSTALL.LOG
2006-10-09 22:13 562,056 ----a-w C:\Documents and Settings\templars\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"DAEMON Tools Pro Agent"="C:\Programas\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 13:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"epm-dm"="c:\acer\epm\epm-dm.exe" [2005-01-25 14:02 180224]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27 85696]
"SynTPLpr"="C:\Programas\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 22:44 98394]
"SynTPEnh"="C:\Programas\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 22:43 688218]
"LManager"="C:\Programas\Launch Manager\QtZgAcer.EXE" [2004-12-09 12:50 311296]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-01-21 15:21 2889216]
"ccApp"="C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe" [2005-06-02 09:21 48752]
"ATIPTA"="C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 21:10 344064]
"LaunchApp"="Alaunch" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 20:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SsAAD.exe"="C:\PROGRA~1\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-07 16:27 126976]
"ZoneAlarm Client"="C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
BTTray.lnk - D:\Bluetooth\BTTray.exe [2002-10-25 14:18:40]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 20:52 483328 C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 14:54 241664 C:\Programas\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Programas\QuickTime\qttask.exe

R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 09:23]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 13:22]
R1 UBHelper;MRW remapping;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2002-11-06 13:30]
R2 BBDemon;Backbone Service;C:\Programas\CATIAV5\intel_a\code\bin\CATSysDemon.exe [2004-05-08 08:56]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2003-07-29 10:00]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-01-03 11:51]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-09-20 17:37]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 11:50]
R3 EraserUtilDrvI4;EraserUtilDrvI4;C:\Programas\Ficheiros comuns\Symantec Shared\EENGINE\EraserUtilDrvI4.sys [2008-01-16 10:06]
S2 svohost.exe;svohost.exe;C:\WINDOWS\svchcst.exe []
S3 fidcam;Unibrain MS 1394 based IIDC Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\fidcam.sys [2005-09-14 17:05]
S3 int15.sys;int15.sys;C:\Programas\acer\eRecovery\int15.sys [2005-01-13 14:46]
S3 PD1030VID;Creative WebCam Pro;C:\WINDOWS\system32\DRIVERS\P1030Vid.sys [2002-05-21 02:00]
S3 sonydcam;Generic 1394 Desktop Camera;C:\WINDOWS\system32\DRIVERS\sonydcam.sys [2004-08-04 20:00]
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 09:23]
S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2005-09-02 17:49]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 10:05:00
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusÆo: 2008-01-16 10:09:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-16 10:09:48
.
2008-01-09 10:45:27 --- E O F ---
templars
Regular Member
 
Posts: 48
Joined: July 4th, 2006, 1:55 pm
Top

Re: win32.perlovga.a maybe worst

Unread postby Katana » January 16th, 2008, 9:35 am

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\WINDOWS\WFTPSRV.INI
Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
C:\WINDOWS\ddimsk.ini

If Virustotal is too busy please try Jotti



TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.


Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines if still present
O4 - HKLM\..\Policies\Explorer\Run: [] 

O23 - Service: Cluster Manager Service V2 (rcluma) - Unknown owner - C:\WINDOWS\system32\rclumad.exe (file missing)
O23 - Service: svohost.exe - Unknown owner - C:\WINDOWS\svchcst.exe

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

How are things now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: win32.perlovga.a maybe worst

Unread postby templars » January 17th, 2008, 8:54 am

Here they are:

C:\WINDOWS\WFTPSRV.INI

Antivírus Versão Última Atualização Resultado
AhnLab-V3 2008.1.17.11 2008.01.17 -
AntiVir 7.6.0.48 2008.01.17 -
Authentium 4.93.8 2008.01.17 -
Avast 4.7.1098.0 2008.01.16 -
AVG 7.5.0.516 2008.01.16 -
BitDefender 7.2 2008.01.17 -
CAT-QuickHeal 9.00 2008.01.16 -
ClamAV 0.91.2 2008.01.17 -
DrWeb 4.44.0.09170 2008.01.17 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5465 2008.01.17 -
Ewido 4.0 2008.01.16 -
FileAdvisor 1 2008.01.17 -
Fortinet 3.14.0.0 2008.01.17 -
F-Prot 4.4.2.54 2008.01.16 -
F-Secure 6.70.13260.0 2008.01.17 -
Ikarus T3.1.1.20 2008.01.17 -
Kaspersky 7.0.0.125 2008.01.17 -
McAfee 5209 2008.01.16 -
Microsoft 1.3109 2008.01.17 -
NOD32v2 2800 2008.01.17 -
Norman 5.80.02 2008.01.16 -
Panda 9.0.0.4 2008.01.17 -
Prevx1 V2 2008.01.17 -
Rising 20.27.31.00 2008.01.17 -
Sophos 4.24.0 2008.01.17 -
Sunbelt 2.2.907.0 2008.01.17 -
TheHacker 6.2.9.189 2008.01.17 -
VBA32 3.12.2.5 2008.01.15 -
VirusBuster 4.3.26:9 2008.01.16 -
Webwasher-Gateway 6.6.2 2008.01.17 -
Informações adicionais
File size: 124 bytes
MD5: 8d9083f28a8d8a5265d56ee771c2f5ea
SHA1: 7132dd96771616598a147a22c4ab970f5c4ffc7f
PEiD: -



C:\WINDOWS\ddimsk.ini
Antivírus Versão Última Atualização Resultado
AhnLab-V3 2008.1.17.11 2008.01.17 -
AntiVir 7.6.0.48 2008.01.17 -
Authentium 4.93.8 2008.01.17 -
Avast 4.7.1098.0 2008.01.16 -
AVG 7.5.0.516 2008.01.16 -
BitDefender 7.2 2008.01.17 -
CAT-QuickHeal 9.00 2008.01.16 -
ClamAV 0.91.2 2008.01.17 -
DrWeb 4.44.0.09170 2008.01.17 -
eSafe 7.0.15.0 2008.01.16 -
eTrust-Vet 31.3.5465 2008.01.17 -
Ewido 4.0 2008.01.16 -
FileAdvisor 1 2008.01.17 -
Fortinet 3.14.0.0 2008.01.17 -
F-Prot 4.4.2.54 2008.01.16 -
F-Secure 6.70.13260.0 2008.01.17 -
Ikarus T3.1.1.20 2008.01.17 -
Kaspersky 7.0.0.125 2008.01.17 -
McAfee 5209 2008.01.16 -
Microsoft 1.3109 2008.01.17 -
NOD32v2 2800 2008.01.17 -
Norman 5.80.02 2008.01.16 -
Panda 9.0.0.4 2008.01.17 -
Prevx1 V2 2008.01.17 -
Rising 20.27.31.00 2008.01.17 -
Sophos 4.24.0 2008.01.17 -
Sunbelt 2.2.907.0 2008.01.17 -
TheHacker 6.2.9.189 2008.01.17 -
VBA32 3.12.2.5 2008.01.15 -
VirusBuster 4.3.26:9 2008.01.16 -
Webwasher-Gateway 6.6.2 2008.01.17 -
Informações adicionais
File size: 68 bytes
MD5: ca374afd7dc09ad28c695e8270c19ec9
SHA1: 5ddebafdcca692bb1de0e5ad0425e730bdbb1f94
PEiD: -

and from TotalScan

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-01-17 12:43:00
PROTECTIONS: 1
MALWARE: 32
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec AntiVirus Corporate Edition 10.0.1.1000 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\SmitfraudFix\SmitfraudFix\Process.exe
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.tradedoubler.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.tribalfusion.com/]
00146967 Cookie/PayCounter TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.paycounter.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.com.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.xiti.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.gostats.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.gostats.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.azjmp.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.bs.serving-sys.com/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.weborama.fr/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.adtech.de/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.advertising.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.ads.pointroll.com/]
00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.uol.com.br/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.zedo.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.adultfriendfinder.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\TEMPLARS\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\COOKIES.TXT[.atwola.com/]
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{C2B3D587-053E-4DF3-837B-F1C20F2030A7}\RP4\A0000683.EXE[nircmd.exe]
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\TEMPLARS\Ambiente de trabalho\Flash_Disinfector.exe[nircmd.exe]
00517584 Application/SuperFast HackTools No 0 Yes No C:\WINDOWS\SYSTEM32\RESTART.EXE
00517584 Application/SuperFast HackTools No 0 Yes No C:\SmitfraudFix\SmitfraudFix\RESTART.EXE
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{C2B3D587-053E-4DF3-837B-F1C20F2030A7}\RP5\A0000721.COM
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{C2B3D587-053E-4DF3-837B-F1C20F2030A7}\RP5\A0000733.EXE
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{C2B3D587-053E-4DF3-837B-F1C20F2030A7}\RP5\A0000775.COM
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\ComboFix\nircmd.cfexe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\TEMPLARS\Ambiente de trabalho\ComboFix.exe[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No D:\DOWNLOAD\ComboFix.exe[nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\TEMPLARS\Ambiente de trabalho\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No D:\DOWNLOAD\ComboFix.exe[nircmd.cfexe]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\SmitfraudFix\SmitfraudFix\Reboot.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
C:\System Volume Information\_restore{C2B3D587-053E-4DF3-837B-F1C20F2030A7}\RP4\A0000684.EXE
;===================================================================================================================================================================================


That A0000684.EXE file was accused by symantec to be backdoor.formador

I'm considering formatting my pc. What do I have to do to back up data without getting the problems get "backed up" with the rest of the data?
templars
Regular Member
 
Posts: 48
Joined: July 4th, 2006, 1:55 pm
Top

Re: win32.perlovga.a maybe worst

Unread postby Katana » January 17th, 2008, 9:11 am

A0000684.EXE is in system restore, and not active. The only reason Symantec saw it is because Total scan looked at it.
There is no sign of active infection at all now, are you still having problems ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: win32.perlovga.a maybe worst

Unread postby templars » January 17th, 2008, 9:59 am

Actually no. But I didn't put anymore pen's beside my own! How can I disable auto-run from every pen i plug-in, including newones? And how about my question on my previous post? Thank you
templars
Regular Member
 
Posts: 48
Joined: July 4th, 2006, 1:55 pm
Top

Re: win32.perlovga.a maybe worst

Unread postby Katana » January 17th, 2008, 11:39 am

Having used the Flash Disinfector and ComboFix, then USB drives should not auto start now anyway.
If you used your USB drive in another machine that was infected then that is how your USB transfered it to your machine.
If you use anything else Ipod, mobile phone, external HDD then they could all be infected and would need cleaning.

As for backing up your data, I can see no evidence of any malware that would be transfered to backup.

The only way to be 98% sure ( you can never be 100% ) is to backup the data you wish to keep, and then scan the drive where it is stored at ALL of the following.

http://www.nanoscan.com
http://www.pandasoftware.com/activescan ... ncipal.htm
http://www.kaspersky.com/kos/eng/partne ... bscan.html
http://www.eset.eu/online-scanner
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: win32.perlovga.a maybe worst

Unread postby templars » January 17th, 2008, 11:52 am

I have an external HDD and some pens. Should I scan them with those sites? Would that be enough? Thank you for your time!
templars
Regular Member
 
Posts: 48
Joined: July 4th, 2006, 1:55 pm
Top

Re: win32.perlovga.a maybe worst

Unread postby Katana » January 17th, 2008, 12:36 pm

If you have a USB multiport, it should be able to scan them all at once.
If not then you will need to do each one separately
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Top

Re: win32.perlovga.a maybe worst

Unread postby askey127 » January 26th, 2008, 8:03 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us to reopen this topic if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 115 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index