Jump to content

Foto

entra no google mas nao pesquisa



  • Tópico fechado Tópico fechado
Existem 3 respostas neste tópico

#1 sagazbrutal    

sagazbrutal
  • Participante
  • 5 mensagens

Publicado 18 June 2008 - 05:03 PM

o negocio é o seguinte, nao to conseguindo fazer pesquisa nenhuma no google tanto no firefox quanto no IE, ate entra na pagina inicial do google mas nao efetua pesquisa nenhuma fica tentano carregar a pagina e nada, acho que é um virus, pois nao consigo nem executar o avg, será que alguém poderia me ajudar, ja instalei outro antivírus, e nada, usei o bankerfix, e também nao deu em nada, alguém me da uma luz ai por faor...[sic]

meu problema é exatamente este, dentre outros sites que ele entra e outros que também não entra.

segue log do HijackThis para análise


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:17, on 18/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\AVG\AVG8\avgam.exe
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\ARQUIV~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\pctspk.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
z:\Exawin\EXW.EXE
C:\DOCUME~1\RAFAEL~1\CONFIG~1\Temp\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.Microsof...ss/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8732CD68-CD32-48FC-A537-8A956ED6346E} - (no file)
O2 - BHO: {1c4bad93-d9d8-8409-bab4-a1bccca5b579} - {975b5acc-cb1a-4bab-9048-8d9d39dab4c1} - C:\WINDOWS\system32\boikmkdc.dll
O2 - BHO: (no name) - {BD3C6F7C-6C8D-48F6-AC52-5E4071AEB257} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\ARQUIV~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Arquivos de programas\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [90565312] rundll32.exe "C:\WINDOWS\system32\yrrmynce.dll",b
O4 - HKLM\..\Run: [BM9365608e] Rundll32.exe "C:\WINDOWS\system32\pcjxmywx.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsof...ss/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.Mi...b?1207409188559
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: wvUMFvWN - wvUMFvWN.dll (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

--
End of file - 7162 bytes


 

#2 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 64962 mensagens

Publicado 18 June 2008 - 05:15 PM

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Faça o download do ComboFix

Salve no seu Desktop

Feche todas as janelas e programas.

Dê um duplo-clique no combofix.exe, tecle 1 e em seguida Enter para prosseguir o Fix. Aguarde, pois é um pouco demorado.

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

OBS: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)
MillionMPV.gif

#3 sagazbrutal    

sagazbrutal
  • Participante
  • 5 mensagens

Publicado 19 June 2008 - 12:26 AM

segue o log do ComboFix:


ComboFix 08-06-16.5 - RAFAEL 2008-06-18 23:34:57.1 - NTFSx86
Executando de: C:\DOCUME~1\RAFAEL~1\CONFIG~1\Temp\ComboFix.exe
* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Arquivos de programas\ShoppingReport
C:\Arquivos de programas\ShoppingReport\Uninst.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\boikmkdc.dll
C:\WINDOWS\system32\cyiocckq.ini
C:\WINDOWS\system32\ecnymrry.ini
C:\WINDOWS\system32\edkrfrji.dll
C:\WINDOWS\system32\FgjTwGgh.ini
C:\WINDOWS\system32\FgjTwGgh.ini2
C:\WINDOWS\system32\jbaoslus.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mspykrpw.ini
C:\WINDOWS\system32\nkhtospq.ini
C:\WINDOWS\system32\parbphgu.ini
C:\WINDOWS\system32\pcjxmywx.dll
C:\WINDOWS\system32\yrrmynce.dll

.
((((((((((((((((((((((( Ficheiros criados de 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))
.

2008-06-18 15:51 . 2008-06-18 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft
2008-06-18 15:51 . 2008-06-18 15:57 <DIR> d-------- C:\Arquivos de programas\Ad-Aware
2008-06-18 15:47 . 2008-06-18 15:47 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-06-18 11:44 . 2008-06-18 11:48 <DIR> d-------- C:\LinhaDefensiva
2008-06-13 09:44 . 2008-06-13 09:44 0 --a------ C:\WINDOWS\BM9365608e.xml
2008-06-12 11:11 . 2008-06-18 23:23 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-12 10:46 . 2008-06-18 11:13 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-12 10:46 . 2008-06-12 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg8
2008-06-12 10:46 . 2008-06-12 10:46 <DIR> d-------- C:\Arquivos de programas\AVG
2008-06-12 10:46 . 2008-06-12 10:46 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-12 10:46 . 2008-06-12 11:32 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-12 10:46 . 2008-06-12 10:46 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-12 10:46 . 2008-06-13 12:56 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-11 16:24 . 2008-06-18 16:20 <DIR> d-------- C:\Arquivos de programas\MansionPoker
2008-06-11 09:06 . 2008-04-14 12:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 09:06 . 2008-05-08 11:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-07 11:32 . 2008-06-07 11:32 <DIR> d-------- C:\Arquivos de programas\M3Development_WhenUSave_Installer
2008-06-07 11:32 . 2002-01-19 21:24 909,312 --a------ C:\WINDOWS\system32\DGCDRipPro.ocx
2008-06-07 11:32 . 2002-08-22 22:27 348,160 --a------ C:\WINDOWS\system32\FlatBtn6.ocx
2008-06-07 11:32 . 2002-08-22 22:29 48,128 --a------ C:\WINDOWS\system32\wnaspi32.dll
2008-06-07 11:32 . 2002-08-22 22:29 5,600 --a------ C:\WINDOWS\system32\winaspi.dll
2008-06-07 11:32 . 2002-08-22 22:29 4,672 --a------ C:\WINDOWS\system32\wowpost.exe
2008-06-03 17:05 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-06-03 17:05 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-06-03 17:05 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-06-03 17:05 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-06-03 17:05 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-06-03 17:05 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-06-03 17:05 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-06-03 17:05 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-06-03 17:05 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-05-29 11:29 . 2008-06-02 08:42 <DIR> d-------- C:\Arquivos de programas\Runtime Software
2008-05-28 16:11 . 2008-05-28 16:11 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-28 15:26 . 2008-04-13 23:20 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-05-28 15:26 . 2008-04-13 23:20 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-05-28 15:26 . 2008-04-13 23:20 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-05-28 15:26 . 2008-04-13 23:20 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-05-28 15:24 . 2008-04-13 23:20 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-05-28 15:23 . 2008-04-13 23:20 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-05-28 14:32 . 2008-05-28 14:32 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0
2008-05-27 15:41 . 2008-03-03 09:39 31,896,064 --a------ C:\kav.br.msi
2008-05-27 15:41 . 2007-09-05 13:56 2,684,884 --a------ C:\kav7.0pb.pdf
2008-05-27 15:41 . 2008-05-15 12:19 700 --a------ C:\setup.reg
2008-05-23 09:56 . 2008-05-23 09:56 <DIR> d-------- C:\Arquivos de programas\Sybase
2008-05-21 14:22 . 2001-09-05 23:50 175,104 --a--c--- C:\WINDOWS\system32\dllcache\csamsp.dll
2008-05-21 14:22 . 2001-09-05 23:50 175,104 --a------ C:\WINDOWS\system32\csamsp.dll
2008-05-21 14:22 . 2004-09-17 06:37 61,440 -ra------ C:\WINDOWS\system32\vuins32.dll
2008-05-21 14:22 . 2005-03-18 05:39 42,496 -ra------ C:\WINDOWS\system32\drivers\fetnd5bv.sys
2008-05-21 14:22 . 2001-08-17 21:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-05-21 14:22 . 2001-08-17 21:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-05-21 14:22 . 2008-05-21 14:22 1,536 --a------ C:\WINDOWS\system32\TrueSoft.dat
2008-05-21 14:22 . 2008-05-21 14:22 0 --a------ C:\WINDOWS\system32\PTPTT.dat
2008-05-21 14:22 . 2008-05-21 14:22 0 --a------ C:\WINDOWS\system32\PTHSP.dat
2008-05-21 14:21 . 2004-03-19 22:52 804,754 -ra------ C:\WINDOWS\system32\drivers\vpctcom.sys
2008-05-21 14:21 . 2004-03-19 22:54 703,737 -ra------ C:\WINDOWS\system32\drivers\vmodem.sys
2008-05-21 14:21 . 2004-05-24 09:54 362,878 -ra------ C:\WINDOWS\system32\drivers\ptserial.sys
2008-05-21 14:21 . 2004-01-29 21:33 180,224 -ra------ C:\WINDOWS\system32\pctspk.exe
2008-05-21 14:21 . 2004-01-29 21:31 159,744 -ra------ C:\WINDOWS\system32\ptsetup.dll
2008-05-21 14:21 . 2004-01-29 21:31 131,072 -ra------ C:\WINDOWS\system32\ptuninst.exe
2008-05-21 14:21 . 2004-03-19 22:55 70,384 -ra------ C:\WINDOWS\system32\drivers\vvoice.sys
2008-05-21 14:10 . 2008-05-21 14:10 <DIR> d-------- C:\Arquivos de programas\Realtek Sound Manager
2008-05-21 14:10 . 2008-05-21 14:10 <DIR> d-------- C:\Arquivos de programas\Realtek AC97
2008-05-21 14:10 . 2008-05-21 14:10 <DIR> d-------- C:\Arquivos de programas\AvRack
2008-05-21 14:10 . 2001-07-05 13:19 164 -r------- C:\WINDOWS\avrack.ini
2008-05-21 14:09 . 2005-06-20 23:09 18,751,488 -ra------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-05-21 14:09 . 2005-06-20 10:39 9,410,048 -ra------ C:\WINDOWS\system32\RTLCPL.EXE
2008-05-21 14:09 . 2005-06-20 11:08 2,324,480 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-05-21 14:09 . 2005-06-02 05:31 294,912 -r------- C:\WINDOWS\alcupd.exe
2008-05-21 14:09 . 2005-06-02 05:43 200,704 -r------- C:\WINDOWS\alcrmv.exe
2008-05-21 14:09 . 2004-09-07 03:23 156,672 -ra------ C:\WINDOWS\system32\RTLCPAPI.dll
2008-05-21 14:09 . 2002-02-05 02:54 141,016 -ra------ C:\WINDOWS\system32\ALSNDMGR.WAV
2008-05-21 14:09 . 2005-06-20 10:42 77,824 -ra------ C:\WINDOWS\SOUNDMAN.EXE
2008-05-21 14:09 . 2005-05-18 02:38 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-05-21 14:00 . 2008-05-21 14:00 <DIR> d-------- C:\Arquivos de programas\S3Inc
2008-05-21 13:59 . 1998-01-23 12:21 305,664 --a------ C:\WINDOWS\IsUn0416.exe
2008-05-21 13:54 . 2005-06-20 07:53 60,928 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2008-05-21 13:52 . 2008-05-21 13:54 <DIR> d-------- C:\Arquivos de programas\VIA
2008-05-21 13:50 . 2008-05-21 13:50 <DIR> d-------- C:\WINDOWS\system32\Tools
2008-05-21 11:07 . 2008-05-21 11:49 <DIR> d-------- C:\Documents and Settings\RAFAEL TRISTAO\Dados de aplicativos\DivX
2008-05-21 11:02 . 2008-05-21 16:46 <DIR> d-------- C:\Arquivos de programas\DivX
2008-05-21 10:59 . 2004-12-29 02:57 17,505 -ra------ C:\DBI.EXE
2008-05-21 10:50 . 2008-05-21 10:50 <DIR> d-------- C:\Drivers
2008-05-21 08:53 . 2008-06-11 09:34 <DIR> d-------- C:\Arquivos de programas\EVEREST Ultimate Edition
2008-05-20 17:11 . 2008-05-20 17:14 <DIR> d-------- C:\Arquivos de programas\SitNGo Wizard
2008-05-20 13:09 . 1998-06-24 00:00 115,016 --------- C:\WINDOWS\system32\MSINET.OCX
2008-05-20 13:09 . 1998-07-22 00:00 102,912 --------- C:\WINDOWS\system32\Vb6stkit.dll
2008-05-20 13:09 . 1998-07-22 00:00 102,160 --------- C:\WINDOWS\system32\VB6KO.DLL
2008-05-20 13:09 . 2008-05-21 14:29 0 --a------ C:\WINDOWS\lgfwup.ini
2008-05-20 13:01 . 2008-05-20 13:01 <DIR> d-------- C:\Arquivos de programas\Real Alternative

.
((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 02:32 --------- d-----w C:\Documents and Settings\RAFAEL TRISTAO\Dados de aplicativos\Free Download Manager
2008-06-18 21:09 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2008-06-18 19:15 --------- d-----w C:\Arquivos de programas\FlashFXP
2008-06-18 19:12 --------- d-----w C:\Arquivos de programas\Babylon-Pro
2008-06-18 18:42 --------- d-----w C:\Arquivos de programas\Everest Poker
2008-06-18 03:17 --------- d-----w C:\Arquivos de programas\LogMeIn
2008-06-17 14:45 --------- d-----w C:\Arquivos de programas\Lexmark X1100 Series
2008-06-17 12:59 --------- d-----w C:\Arquivos de programas\Itau
2008-06-16 13:56 --------- d-----w C:\Arquivos de programas\Mozilla Thunderbird
2008-06-12 12:10 87,608 ----a-w C:\Documents and Settings\RAFAEL TRISTAO\Dados de aplicativos\ezpinst.exe
2008-06-12 12:10 47,360 ----a-w C:\Documents and Settings\RAFAEL TRISTAO\Dados de aplicativos\pcouffin.sys
2008-06-12 12:10 --------- d-----w C:\Documents and Settings\RAFAEL TRISTAO\Dados de aplicativos\Vso
2008-06-12 12:10 --------- d-----w C:\Arquivos de programas\DreMule
2008-06-03 11:52 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-05-27 19:36 --------- d-----w C:\Arquivos de programas\Avast4
2008-05-23 05:10 --------- d-----w C:\Arquivos de programas\JetAudio
2008-05-21 16:50 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield
2008-05-13 21:06 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-05-12 14:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn
2008-05-12 13:22 --------- d-----w C:\Arquivos de programas\PokerStars
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 18:12 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack
2008-05-06 18:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
2008-05-06 17:57 --------- d-----w C:\Arquivos de programas\EverestEye
2008-05-05 18:59 --------- d-----w C:\Documents and Settings\RAFAEL TRISTAO\Dados de aplicativos\Thunderbird
2008-05-05 18:59 --------- d-----w C:\Documents and Settings\RAFAEL TRISTAO\Dados de aplicativos\Talkback
2008-04-29 20:07 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2008-04-29 14:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 14:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 14:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-28 17:28 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2
2008-04-26 12:04 --------- d-----w C:\Arquivos de programas\VobSub
2008-04-25 15:02 --------- d-----w C:\Documents and Settings\RAFAEL TRISTAO\Dados de aplicativos\FlashFXP
2008-04-25 13:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FlashFXP
2008-04-22 19:19 --------- d-----w C:\Arquivos de programas\Classic Menu for Office
2008-04-22 16:24 --------- d-----w C:\Arquivos de programas\Microsoft Works
2008-04-22 16:23 --------- d-----w C:\Arquivos de programas\MSBuild
2008-04-22 16:22 --------- d-----w C:\Arquivos de programas\Microsoft.NET
2008-04-22 16:17 --------- d-----w C:\Arquivos de programas\Microsoft Visual Studio 8
2008-04-22 12:40 --------- d-----w C:\Arquivos de programas\MagicISO
2008-04-14 02:21 769,024 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
2008-04-14 02:21 744,448 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
2008-04-14 02:21 70,144 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 02:21 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 02:21 287,744 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 02:21 18,432 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe
2008-04-14 02:21 171,520 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
2008-04-14 02:21 151,040 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\uploadm.exe
2008-04-14 02:21 150,528 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 02:21 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-05 14:42 558,142 ----a-w C:\WINDOWS\java\Packages\2O0P3Z75.ZIP
2008-04-05 14:42 155,995 ----a-w C:\WINDOWS\java\Packages\MHRXJD7R.ZIP
2007-08-09 16:08 8,784 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 16:10 245,408 ----a-w C:\Arquivos de programas\mozilla firefox\plugins\unicows.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 23:20 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"VTTimer"="VTTimer.exe" [2004-09-01 05:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 10:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"PCTVOICE"="pctspk.exe" [2004-01-29 21:33 180224 C:\WINDOWS\system32\pctspk.exe]
"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-06-12 11:32 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 23:20 15360]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-04-30 18:08 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\wvUMFvWN]
wvUMFvWN.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2005-01-05 15:24 495616 C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 08:12 57344 C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2008-02-28 15:31 63048 C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Documents and Settings\\All Users\\Menu Iniciar\\Programas\\Ferramentas administrativas\\Recycle Bin\\kdja.exe"=
"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=
"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=
"C:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-12 10:46]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-12 10:46]
R2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-06-12 10:46]
R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-06-12 11:32]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-12 11:32]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]


[HKEY_LOCAL_MACHINE\software\Microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
C:\Documents and Settings\All Users\Menu iniciar\Programas\Ferramentas administrativas\Recycle Bin\kdja.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 00:01:57
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Arquivos de programas\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Arquivos de programas\LogMeIn\x86\ramaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\ARQUIV~1\AVG\AVG8\avgam.exe
C:\Arquivos de programas\AVG\AVG8\avgrsx.exe
C:\ARQUIV~1\AVG\AVG8\avgnsx.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
.
**************************************************************************
.
Tempo para conclusÆo: 2008-06-19 0:08:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 03:07:37

Pre-Run: 1,936,683,008 bytes disponíveis
Post-Run: 1,857,712,128 bytes dispon¡veis

261 --- E O F --- 2008-06-11 12:17:11

#4 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 64962 mensagens

Publicado 19 June 2008 - 10:25 AM

Edite o Post acima acrescentando o Log do Trend Micro HijackThis v2.0.2. (Y)
MillionMPV.gif