 |
| |||||||
| Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis. |
 |
| | Herramientas |
 | 
18/02/07, 14:51:51
|  |
| |||
| win32.trojandowloader.zlob mi ad-aware deteto un win32.trojandowloader, e no lo consige borrar aqui va mi log de hijackthis e del ad-aware por si alguiem me puede ayudar ernet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programas\Intel\Wireless\Bin\EvtEng.exe C:\Programas\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programas\Intel\Wireless\Bin\RegSrvc.exe C:\Programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Programas\Synaptics\SynTP\SynTPLpr.exe C:\Programas\Synaptics\SynTP\SynTPEnh.exe C:\acer\epm\epm-dm.exe C:\Programas\Launch Manager\QtZgAcer.EXE C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Programas\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe C:\Programas\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programas\Microsoft Office\OFFICE11\WINWORD.EXE C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programas\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://arfes.ircfast.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://activacao.kanguru.pt/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programas\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\Programas\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [kis] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\wcescomm.exe" O8 - Extra context menu item: Adicionar ao Kaspersky Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Anti-Vírus de Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{9A5CC1C8-EEE1-47C1-B7CD-C70B898516EB}: NameServer = 62.169.67.164 62.169.67.165 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: EvtEng - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe Ad-Aware SE Build 1.06r1 Ficheiro de registo criado em:domingo, 18 de Fevereiro de 2007 18:49:55 A utilizar ficheiro de definições:SE1R153 15.02.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» » Referências detectadas durante a verificação: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(Índice TAC:0):11 total de referências Win32.Trojandownloader.Zlob(Índice TAC:10):1 total de referências »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Definir : Procurar entradas de risco negligenciáveis Definir : Modo de segurança (pedir sempre confirmação) Definir : Verificar processos activos Definir : Registo da verificação Definir : Registo da verificação profunda Definir : Ver. favor. IE - URLs não autorizados Definir : Verificar dentro dos arquivos Definir : Verificar o meu ficheiro de Hosts Extended Ad-Aware SE Settings =========================== Definir : Transferir reconhecidos processos & módulos durante verificação Definir : Ignorar ficheiros fraccionados na verificação de arquivos cab Definir : Verificar registo de todos os utilizadores e não apenas do actual utilizador Definir : Tentar sempre transferir módulos antes da eliminação Definir : Durante a remoção, transferir Explorer e IE se necessário Definir : Deixar o Windows os remover ficheiros em uso na próxima reiniciação do sistema Definir : Eliminar objectos em quarentena após restauro Definir : Bloquear de forma agressiva os pop-ups Definir : Carregar o Ad-Watch minimizado Definir : Seleccionar automaticamente os objectos problemáticos nas listas de resultados Definir : Incluir as definições básicas do Ad-Aware no ficheiro de registo Definir : Incluir definições adicionais do Ad-Aware no ficheiro de registo Definir : Incluir síntese de referência no ficheiro de registo Definir : Incluir detalhes dos fluxos de dados alternados no ficheiro de registo Definir : Mostrar écran splash Definir : Criar cópias de segurança do actual ficheiro de definições antes de actualizar Definir : Play sound at scan completion if scan locates critical objects 18-02-2007 18:49:55 - Verificação iniciada. (Modo inteligente) A enumerar processos em execução »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 456 ThreadCreationTime : 18-02-2007 13:42:56 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 516 ThreadCreationTime : 18-02-2007 13:43:00 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 544 ThreadCreationTime : 18-02-2007 13:43:08 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 588 ThreadCreationTime : 18-02-2007 13:43:10 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Aplicação de serviços e controlo InternalName : services.exe LegalCopyright : © Microsoft Corporation. Todos os direitos reservados. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 600 ThreadCreationTime : 18-02-2007 13:43:10 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 732 ThreadCreationTime : 18-02-2007 13:43:13 BasePriority : Normal FileVersion : 6.14.10.4112 ProductVersion : 6.14.10.4112.03 ProductName : ATI External Event Utility for WindowsNT and Windows9X CompanyName : ATI Technologies Inc. FileDescription : ATI External Event Utility EXE Module InternalName : ATI2EVXX.EXE LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc. OriginalFilename : ATI2EVXX.EXE #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 764 ThreadCreationTime : 18-02-2007 13:43:13 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 872 ThreadCreationTime : 18-02-2007 13:43:16 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 928 ThreadCreationTime : 18-02-2007 13:43:16 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [evteng.exe] FilePath : C:\Programas\Intel\Wireless\Bin\ ProcessID : 1044 ThreadCreationTime : 18-02-2007 13:43:17 BasePriority : Normal FileVersion : 9, 0, 1, 12 ProductVersion : 9, 0, 0, 0 ProductName : EvtEng Module CompanyName : Intel Corporation FileDescription : EvtEng Module InternalName : EvtEng LegalCopyright : Copyright (c) Intel Corporation 1999-2004 OriginalFilename : EvtEng.EXE #:11 [s24evmon.exe] FilePath : C:\Programas\Intel\Wireless\Bin\ ProcessID : 1092 ThreadCreationTime : 18-02-2007 13:43:18 BasePriority : Normal FileVersion : 9, 0, 1, 41 ProductVersion : 9, 0, 0, 0 ProductName : Mobile Unit Support Service CompanyName : Intel Corporation FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters. InternalName : S24EvMon LegalCopyright : Copyright (c) Intel Corporation 1999-2004 OriginalFilename : S24EvMon.exe #:12 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1144 ThreadCreationTime : 18-02-2007 13:43:19 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1308 ThreadCreationTime : 18-02-2007 13:43:24 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [anbmserv.exe] FilePath : C:\Acer\eManager\ ProcessID : 1428 ThreadCreationTime : 18-02-2007 13:43:26 BasePriority : Normal FileVersion : 3.0.5.8 ProductVersion : 1.0 ProductName : Acer eManager for Notebook CompanyName : OSA Technologies Inc. FileDescription : Service Program for Acer eManager LegalCopyright : Acer Inc. (c) 2004 LegalTrademarks : Acer Empowering Technology Comments : A Windows 2000/XP Service Program for Acer eManager #:15 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1480 ThreadCreationTime : 18-02-2007 13:43:26 BasePriority : Normal FileVersion : 6.14.10.4112 ProductVersion : 6.14.10.4112.03 ProductName : ATI External Event Utility for WindowsNT and Windows9X CompanyName : ATI Technologies Inc. FileDescription : ATI External Event Utility EXE Module InternalName : ATI2EVXX.EXE LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc. OriginalFilename : ATI2EVXX.EXE #:16 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1604 ThreadCreationTime : 18-02-2007 13:43:27 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Explorador do Windows InternalName : explorer LegalCopyright : © Microsoft Corporation. Todos os direitos reservados. OriginalFilename : EXPLORER.EXE #:17 [avp.exe] FilePath : C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\ ProcessID : 1796 ThreadCreationTime : 18-02-2007 13:43:29 BasePriority : Normal FileVersion : 6.0.0.299 ProductVersion : 6.0.0.299 ProductName : Kaspersky Anti-Virus CompanyName : Kaspersky Lab FileDescription : Kaspersky Anti-Virus InternalName : AVP LegalCopyright : Copyright © Kaspersky Lab 1996-2006. LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab. OriginalFilename : AVP.EXE #:18 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1820 ThreadCreationTime : 18-02-2007 13:43:30 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:19 [mdm.exe] FilePath : C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\ ProcessID : 1864 ThreadCreationTime : 18-02-2007 13:43:30 BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:20 [regsrvc.exe] FilePath : C:\Programas\Intel\Wireless\Bin\ ProcessID : 1928 ThreadCreationTime : 18-02-2007 13:43:31 BasePriority : Normal FileVersion : 9, 0, 1, 10 ProductVersion : 9, 0, 0, 0 ProductName : RegSrvc Module CompanyName : Intel Corporation FileDescription : RegSrvc Module InternalName : RegSrvc LegalCopyright : Copyright (c) Intel Corporation 1999-2004 OriginalFilename : RegSrvc.EXE Comments : Registry Interface for Intel Wireless Products #:21 [richvideo.exe] FilePath : C:\Programas\CyberLink\Shared Files\ ProcessID : 1952 ThreadCreationTime : 18-02-2007 13:43:31 BasePriority : Normal FileVersion : 1.1.0808 ProductVersion : 1.1.0808 ProductName : RichVideo Module FileDescription : RichVideo Module InternalName : RichVideo LegalCopyright : Copyright 2004 OriginalFilename : RichVideo.EXE #:22 [tcpsvcs.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2004 ThreadCreationTime : 18-02-2007 13:43:32 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : TCP/IP Services Application InternalName : TCPSVCS.EXE LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : TCPSVCS.EXE #:23 [snmp.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2040 ThreadCreationTime : 18-02-2007 13:43:33 BasePriority : Normal FileVersion : 5.1.2600.3038 (xpsp_sp2_gdr.061119-2303) ProductVersion : 5.1.2600.3038 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Serviço SNMP InternalName : snmp.exe LegalCopyright : © Microsoft Corporation. Todos os direitos reservados. OriginalFilename : snmp.exe #:24 [syntplpr.exe] FilePath : C:\Programas\Synaptics\SynTP\ ProcessID : 2044 ThreadCreationTime : 18-02-2007 13:43:33 BasePriority : Normal FileVersion : 7.12.3 08Oct04 ProductVersion : 7.12.3 08Oct04 ProductName : Synaptics Pointing Device Driver CompanyName : Synaptics, Inc. FileDescription : TouchPad Driver Helper Application InternalName : SynTPLpr LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2004 OriginalFilename : SynTPLpr.exe #:25 [syntpenh.exe] FilePath : C:\Programas\Synaptics\SynTP\ ProcessID : 284 ThreadCreationTime : 18-02-2007 13:43:34 BasePriority : Normal FileVersion : 7.12.3 08Oct04 ProductVersion : 7.12.3 08Oct04 ProductName : Synaptics Pointing Device Driver CompanyName : Synaptics, Inc. FileDescription : Synaptics TouchPad Enhancements InternalName : Synaptics Enhancements Application LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2004 OriginalFilename : SynTPEnh.exe #:26 [epm-dm.exe] FilePath : C:\acer\epm\ ProcessID : 1584 ThreadCreationTime : 18-02-2007 13:43:42 BasePriority : Normal FileVersion : 2.57 ProductVersion : 2.57 ProductName : Acer EPM Device Manager CompanyName : Acer Inc FileDescription : Acer EPM Device Manager InternalName : EPM-DM.exe LegalCopyright : Copyright ?2003-2004 by Acer Inc OriginalFilename : EPM-DM.exe #:27 [qtzgacer.exe] FilePath : C:\Programas\Launch Manager\ ProcessID : 1320 ThreadCreationTime : 18-02-2007 13:43:43 BasePriority : Normal FileVersion : 1, 0, 8, 628 ProductVersion : 1, 0, 8, 628 ProductName : Launch Manager CompanyName : Dritek System Inc. FileDescription : Launch Manager LegalCopyright : (C) Dritek System Inc. All rights reserved. OriginalFilename : QtZgAcer.exe #:28 [avp.exe] FilePath : C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\ ProcessID : 1632 ThreadCreationTime : 18-02-2007 13:43:43 BasePriority : Normal FileVersion : 6.0.0.299 ProductVersion : 6.0.0.299 ProductName : Kaspersky Anti-Virus CompanyName : Kaspersky Lab FileDescription : Kaspersky Anti-Virus InternalName : AVP LegalCopyright : Copyright © Kaspersky Lab 1996-2006. LegalTrademarks : Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab. OriginalFilename : AVP.EXE #:29 [msnmsgr.exe] FilePath : C:\Programas\MSN Messenger\ ProcessID : 1672 ThreadCreationTime : 18-02-2007 13:43:44 BasePriority : Normal FileVersion : 8.0.0812.00 ProductVersion : 8.0.0812 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msnmsgr.exe LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved. OriginalFilename : msnmsgr.exe #:30 [ad-watch.exe] FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\ ProcessID : 1772 ThreadCreationTime : 18-02-2007 13:43:44 BasePriority : Normal FileVersion : 3.1.2.17 ProductVersion : 3.2 ProductName : Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Watch System Protector InternalName : Ad-Watch.exe LegalCopyright : 1999-2004 Team Lavasoft OriginalFilename : Ad-Watch.exe #:31 [wcescomm.exe] FilePath : C:\Programas\Microsoft ActiveSync\ ProcessID : 844 ThreadCreationTime : 18-02-2007 13:43:45 BasePriority : Normal FileVersion : 4.2.4876.0 ProductVersion : 4.2.4876 ProductName : Microsoft ActiveSync CompanyName : Microsoft Corporation FileDescription : ActiveSync Connection Manager InternalName : wcescomm LegalCopyright : Copyright © 1995-2006 Microsoft Corp. Todos os direitos reservados. LegalTrademarks : Microsoft® e Windows® são marcas registadas da Microsoft Corporation. OriginalFilename : WCESCOMM.EXE #:32 [rapimgr.exe] FilePath : C:\PROGRA~1\MI3AA1~1\ ProcessID : 2056 ThreadCreationTime : 18-02-2007 13:43:47 BasePriority : Normal FileVersion : 4.2.4876.0 ProductVersion : 4.2.4876 ProductName : Microsoft ActiveSync CompanyName : Microsoft Corporation FileDescription : ActiveSync RAPI Manager InternalName : rapimgr LegalCopyright : Copyright © 1995-2006 Microsoft Corp. Todos os direitos reservados. LegalTrademarks : Microsoft® e Windows® são marcas registadas da Microsoft Corporation. OriginalFilename : rapimgr.exe #:33 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2600 ThreadCreationTime : 18-02-2007 13:43:56 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:34 [winword.exe] FilePath : C:\Programas\Microsoft Office\OFFICE11\ ProcessID : 3656 ThreadCreationTime : 18-02-2007 15:17:13 BasePriority : Normal #:35 [outlook.exe] FilePath : C:\PROGRA~1\MICROS~2\OFFICE11\ ProcessID : 3504 ThreadCreationTime : 18-02-2007 16:11:12 BasePriority : Normal #:36 [firefox.exe] FilePath : C:\PROGRA~1\MOZILL~1\ ProcessID : 3912 ThreadCreationTime : 18-02-2007 18:42:30 BasePriority : Normal #:37 [hijackthis.exe] FilePath : C:\Programas\HijackThis\ ProcessID : 936 ThreadCreationTime : 18-02-2007 18:49:11 BasePriority : Normal FileVersion : 1.99.0001 ProductVersion : 1.99.0001 ProductName : HijackThis CompanyName : Soeperman Enterprises Ltd. FileDescription : HijackThis InternalName : HijackThis LegalCopyright : Freeware OriginalFilename : HijackThis.exe Comments : Version history is in Help section #:38 [notepad.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 676 ThreadCreationTime : 18-02-2007 18:49:17 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Bloco de notas InternalName : Notepad LegalCopyright : © Microsoft Corporation. Todos os direitos reservados. OriginalFilename : NOTEPAD.EXE #:39 [ad-aware.exe] FilePath : C:\Programas\Lavasoft\Ad-Aware SE Professional\ ProcessID : 3888 ThreadCreationTime : 18-02-2007 18:49:36 BasePriority : Normal FileVersion : 6.2.0.238 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Resultado da verificação da memória: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Novos objectos críticos: 0 Objectos encontrados até ao momento: 0 Verificação de registo iniciada »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Resultado da verificação do registo: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Novos objectos críticos: 0 Objectos encontrados até ao momento: 0 Verificação de registo profunda iniciada »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Resultado da verificação profunda do registo: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Novos objectos críticos: 0 Objectos encontrados até ao momento: 0 Win32.Trojandownloader.Zlob Objecto Reconhecido! Tipo : RegValue Dados : Avaliação TAC : 10 Categoria : Malware Comentário : Rootkey : HKEY_USERS Objecto : S-1-5-21-4071797230-2695884465-304723469-1005\software\microsoft\internet explorer\toolbar\Webbrowser Valor : {84938242-5c5b-4a55-b6b9-a1507543b418} Iniciada verificação da Localização de Cookie »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Resultado da verificação da Localização de Cookie: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Novos objectos críticos: 0 Objectos encontrados até ao momento: 1 Verificação profunda e exame de ficheiros... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Resultado da verificação do disco quanto a C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Novos objectos críticos: 0 Objectos encontrados até ao momento: 1 Resultado da verificação do disco quanto a C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Novos objectos críticos: 0 Objectos encontrados até ao momento: 1 Resultado da verificação do disco quanto a C:\DOCUME~1\Nuno\DEFINI~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Novos objectos críticos: 0 Objectos encontrados até ao momento: 1 Verificação ficheiro de Hosts...... Localização do ficheiro de Hosts:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»» Resultado da verificação do ficheiro de Hosts: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entradas verificadas. Novos objectos críticos:0 Objectos encontrados até ao momento: 1 MRU List Objecto Reconhecido! Localização: : C:\Documents and Settings\Nuno\recent Descrição : list of recently opened documents MRU List Objecto Reconhecido! Localização: : software\microsoft\direct3d\mostrecentapplication Descrição : most recent application to use microsoft direct3d MRU List Objecto Reconhecido! Localização: : software\microsoft\direct3d\mostrecentapplication Descrição : most recent application to use microsoft direct X MRU List Objecto Reconhecido! Localização: : software\microsoft\directdraw\mostrecentapplicatio n Descrição : most recent application to use microsoft directdraw MRU List Objecto Reconhecido! Localização: : S-1-5-21-4071797230-2695884465-304723469-1005\software\microsoft\mediaplayer\player\recentf ilelist Descrição : list of recently used files in microsoft windows media player MRU List Objecto Reconhecido! Localização: : S-1-5-21-4071797230-2695884465-304723469-1005\software\microsoft\windows\currentversion\app lets\regedit Descrição : last key accessed using the microsoft registry editor MRU List Objecto Reconhecido! Localização: : S-1-5-21-4071797230-2695884465-304723469-1005\software\microsoft\windows\currentversion\exp lorer\comdlg32\lastvisitedmru Descrição : list of recent programs opened MRU List Objecto Reconhecido! Localização: : S-1-5-21-4071797230-2695884465-304723469-1005\software\microsoft\windows\currentversion\exp lorer\comdlg32\opensavemru Descrição : list of recently saved files, stored according to file extension MRU List Objecto Reconhecido! Localização: : S-1-5-21-4071797230-2695884465-304723469-1005\software\microsoft\windows\currentversion\exp lorer\recentdocs Descrição : list of recent documents opened MRU List Objecto Reconhecido! Localização: : S-1-5-21-4071797230-2695884465-304723469-1005\software\microsoft\windows\currentversion\exp lorer\runmru Descrição : mru list for items opened in start | run MRU List Objecto Reconhecido! Localização: : S-1-5-21-4071797230-2695884465-304723469-1005\software\microsoft\windows media\wmsdk\general Descrição : windows media sdk A executar verificações condicionais... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Resultado da verificação condicional: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Novos objectos críticos: 0 Objectos encontrados até ao momento: 12 18:51:23 Verificação concluída Síntese desta verificação »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tempo de verif. total:00:01:27.672 Objectos verificados:92587 Objectos identificados:1 Objectos ignorados:0 Novos objectos críticos:1     |
|
19/02/07, 13:55:55
| |
| ||||
| Re: win32.trojandowloader.zlob Hola nunopereira, te doy la bienvenida al Foro de InfoSpyware. Paso 1- Descarga estas herramientas pero no las ejecutes aun: Paso 2- Reinicia eh inicia en "Modo a prueba de fallos" (modo seguro) Paso 3- Con todos los programas cerrados ejecuta HijackThis y dale  a estas entradas:O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file) Paso 4- Ejecuta estas herramientas, de a una:
Paso 5- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad). Paso 6- Reinicia y hacele un escaneo online con "Panda ActiveScan Online" Reinicia y nos contas los resultados junto a un nuevo reporte de HJT y DelPSGuard. Salu2 Hablándole al mundo en "Twitter"" Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
|
|
Todas las horas son GMT -4. La hora es 02:38:10.
