Ganhe dinheiro  escrevendo tutoriais para o Fórum do BABOO! Conheça os Tutoriais Pagos 2016

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

narayann

Analise de log. erro (0xc000007b)

20 posts neste tópico

Penso que o meu computador esta infectado com algum tipo de malware.

Tenho vindo a encontrar este erro quando tento abrir alguns programas:

A aplicação falhou a inicialização correcta (0xc000007b). Clique em OK para terminar a aplicação.

Penso que este erro da-se mais em programas que usam Microsoft Framework .NET

também tenho vindo a ter erros constantes na instalacao/desinstalacao do Framework e outras ferramentas Windows.

Assim como o PC tem tido um desempenho bastante lento, e fora do normal.

Agradeco a ajuda

Log do Hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:33:14, on 23-02-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\AEADISRV.EXE

C:\WINDOWS\ATKKBService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\Programas\PowerISO\PWRISOVM.EXE

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

C:\Programas\Windows Media Player\wmplayer.exe

C:\Programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\WINDOWS\system32\notepad.exe

C:\Programas\SecondLifeReleaseCandidate\SecondLifeReleaseCandidate.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {93344865-74BD-4873-BE65-56539D41A65C} - (no file)

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\IXP004.TMP\"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [wuyojunove] Rundll32.exe "C:\WINDOWS\system32\mibagoyo.dll",s (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} - http://earn2life.com/plugin/Earn2Life.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B66BA35-9160-44B0-85E3-D8563EF3A6DC}: NameServer = 194.65.47.43,194.65.47.44

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6278B5-8E09-48B5-B0C9-904A1803E533}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\dofozeha.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programas\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programas\Viewpoint\Common\ViewpointService.exe

--

End of file - 9631 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus e AntiSpyware para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download Banker FIX

Dê um duplo-clique em bankerfix.exe . Dê Enter.

O Internet Explorer será finalizado.aguarde a Ferramenta acabar. Isso pode demorar um pouco.

Quando terminar, aparecerá uma mensagem na tela e então dê Enter.

Reinicie...

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + o Relatorio.txt que encontrará em C:\LinhaDefensiva + um novo Log do HijackThis .

Depois pode apagar esta Pasta LinhaDefensiva. Habilite novamente o seu Antivírus..



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, antes de mais nada obrigado por tentar ajudar-me.

Segui as suas instruções, tirando que não consegui remover um Trojan.BHO que o MBAM me detectou, tentei reiniciar varias vezes como indicado, mas nunca foi removido.

Aqui posto os logs como pedidos:

MBAM LOG:

Malwarebytes' Anti-Malware 1.34

Versão do banco de dados: 1798

Windows 5.1.2600 Service Pack 3

24-02-2009 10:54:02

mbam-log-2009-02-24 (10-54-02).txt

Tipo de Verificação: Rápida

Objetos verificados: 66186

Tempo decorrido: 4 minute(s), 44 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registo infectadas: 1

Valores do Registo infectados: 0

Ítens do Registo infectados: 0

Pastas infectadas: 0

Ficheiros infectados: 0

Processos da Memória infectados:

(Nenhum item malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum item malicioso foi detectado)

Chaves do Registo infectadas:

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

Valores do Registo infectados:

(Nenhum item malicioso foi detectado)

Ítens do Registo infectados:

(Nenhum item malicioso foi detectado)

Pastas infectadas:

(Nenhum item malicioso foi detectado)

Ficheiros infectados:

(Nenhum item malicioso foi detectado)

- - - - - - -

HiJackThis LOG:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:52:13, on 24-02-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\AEADISRV.EXE

C:\WINDOWS\ATKKBService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\Programas\PowerISO\PWRISOVM.EXE

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Viewpoint\Common\ViewpointService.exe

C:\Programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {93344865-74BD-4873-BE65-56539D41A65C} - (no file)

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [wuyojunove] Rundll32.exe "C:\WINDOWS\system32\mibagoyo.dll",s (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} - http://earn2life.com/plugin/Earn2Life.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B66BA35-9160-44B0-85E3-D8563EF3A6DC}: NameServer = 194.65.47.43,194.65.47.44

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6278B5-8E09-48B5-B0C9-904A1803E533}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\dofozeha.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programas\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programas\Viewpoint\Common\ViewpointService.exe

--

End of file - 9223 bytes

- - - - - - -

BankerFIX relatorio.txt:

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-02-24 - 10:40

-------------------------------------------------------

Lista de Definição: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

----- Fim -------------------------

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, continuando.....

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Faça o download do ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

Dê um duplo-clique no combofix.exe, tecle 1 e em seguida Enter para prosseguir o Fix. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.Microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela resposta rapida e ajuda continua (Y)

Segui novamente os passos indicados, aqui estao os logs pedidos.

ComboFix LOG:

ComboFix 09-02-21.01 - Administrador 2009-02-24 14:02:24.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.2047.1581 [GMT 0:00]

Executando de: c:\documents and settings\Administrador\Ambiente de trabalho\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

c:\windows\explorer.exe . . . está infetado!!

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-24 to 2009-02-24 ))))))))))))))))))))))))))))

.

2009-02-23 09:31 . 2009-02-23 09:31 <DIR> d-------- c:\programas\Trend Micro

2009-02-23 09:30 . 2009-02-23 09:31 <DIR> d-------- C:\CCleaner

2009-02-23 09:26 . 2009-02-23 09:26 <DIR> d-------- c:\programas\CCleaner

2009-02-22 17:23 . 2009-02-22 17:23 <DIR> d-------- c:\programas\Microsoft.NET

2009-02-22 17:15 . 2009-02-22 17:15 <DIR> d-------- C:\8ec090f8f29fcc45890e684b3c64bb

2009-02-22 17:15 . 2009-02-22 17:15 <DIR> d-------- C:\52287885bfe694d80d7cbb

2009-02-22 11:39 . 2009-02-22 11:39 <DIR> d-------- c:\windows\system32\URTTemp

2009-02-22 11:29 . 2009-02-22 11:46 <DIR> d-------- c:\windows\SxsCaPendDel

2009-02-22 10:58 . 2009-02-24 10:02 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-02-22 10:58 . 2009-02-22 10:58 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-02-22 10:58 . 2009-02-22 10:58 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-02-22 10:58 . 2009-02-22 10:58 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-02-21 18:48 . 2009-02-21 18:48 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore

2009-02-20 18:45 . 2009-02-21 18:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor

2009-02-20 18:43 . 2009-02-21 19:13 <DIR> d-------- c:\programas\McAfee

2009-02-20 18:38 . 2009-02-21 19:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee

2009-02-20 17:15 . 2008-04-14 21:39 870,784 --------- c:\windows\system32\ati3d1ag.dll

2009-02-20 17:15 . 2008-04-14 21:39 377,984 --------- c:\windows\system32\ati2dvaa.dll

2009-02-20 17:15 . 2008-04-14 21:39 32,768 --------- c:\windows\system32\ativtmxx.dll

2009-02-20 17:15 . 2008-04-14 21:40 23,040 --------- c:\windows\system32\ativmvxx.ax

2009-02-20 17:15 . 2008-04-14 21:40 9,728 --------- c:\windows\system32\ativdaxx.ax

2009-02-20 16:31 . 2006-12-29 00:31 19,569 --a------ c:\windows\000001_.tmp

2009-02-20 16:25 . 2009-02-20 16:54 <DIR> d-------- C:\b4af109b097d9f47026ba7ffff

2009-02-20 15:56 . 2009-02-20 15:56 <DIR> d-------- c:\documents and settings\LocalService\Ambiente de trabalho

2009-02-20 14:50 . 2009-02-20 14:50 <DIR> d-------- c:\windows\system32\CatRoot_bak

2009-02-20 13:44 . 2009-02-20 21:21 593,920 --a------ c:\windows\system32\ati2sgag.exe

2009-02-20 13:28 . 2009-02-20 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SonicFocus

2009-02-20 12:43 . 2009-02-20 12:52 <DIR> d-------- c:\programas\Driver Checker

2009-02-20 12:28 . 2009-02-20 13:30 <DIR> d-------- c:\programas\ATI

2009-02-20 12:24 . 2008-12-04 09:31 53,248 --a------ c:\windows\system32\CSVer.dll

2009-02-20 12:23 . 2009-02-20 12:23 <DIR> d-------- c:\programas\Realtek

2009-02-20 12:23 . 2009-01-16 22:45 73,728 --a------ c:\windows\system32\RtNicProp32.dll

2009-02-20 12:07 . 2009-02-20 13:29 <DIR> d-------- c:\programas\Driver-Soft

2009-02-20 12:07 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx

2009-02-20 12:07 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX

2009-02-20 12:07 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll

2009-02-20 11:58 . 2009-02-20 11:58 <DIR> d-------- c:\programas\iXi Tools

2009-02-20 11:56 . 2009-02-20 11:56 <DIR> d-------- c:\documents and settings\Administrador\Application Data\Thinstall

2009-02-20 11:47 . 2009-02-20 11:47 <DIR> d-------- c:\programas\XPC Tools

2009-02-20 10:56 . 2009-02-20 10:56 <DIR> d-------- c:\programas\Analog Devices

2009-02-20 10:54 . 2009-02-20 10:54 <DIR> d-------- C:\Intel

2009-02-20 10:54 . 2009-02-20 10:54 <DIR> d-------- C:\Drivers

2009-02-20 10:44 . 2009-02-20 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner

2009-02-16 20:17 . 2009-02-16 20:17 <DIR> d-------- c:\windows\system32\VirtualExpander

2009-02-15 10:46 . 2009-02-22 10:44 <DIR> d-------- c:\documents and settings\Administrador\Application Data\SecondLife

2009-02-15 10:44 . 2009-02-15 10:44 <DIR> d-------- c:\programas\SecondLifeReleaseCandidate

2009-02-12 20:08 . 2009-02-15 09:56 <DIR> d-------- c:\documents and settings\Administrador\Application Data\OnRez

2009-02-09 22:52 . 2009-02-09 22:52 <DIR> d-------- c:\documents and settings\Administrador\Application Data\id Software

2009-02-09 22:50 . 2009-02-09 22:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\id Software

2009-02-09 22:50 . 2009-02-20 21:25 2,266,642 --a------ c:\windows\system32\pbsvc.exe

2009-02-09 22:50 . 2009-02-11 20:02 188,896 --a------ c:\windows\system32\PnkBstrB.exe

2009-02-09 22:50 . 2009-02-11 20:02 138,784 --a------ c:\windows\system32\drivers\PnkBstrK.sys

2009-02-09 22:50 . 2009-02-11 20:02 70,968 --a------ c:\windows\system32\PnkBstrA.exe

2009-02-09 22:50 . 2009-02-09 22:50 22,328 --a------ c:\documents and settings\Administrador\Application Data\PnkBstrK.sys

2009-01-24 14:15 . 2009-01-24 14:15 <DIR> d-------- c:\programas\Adobe Media Player

2009-01-24 14:12 . 2009-01-24 14:12 <DIR> d-------- c:\programas\Ficheiros comuns\Adobe AIR

2009-01-24 12:02 . 2009-01-24 12:13 <DIR> d-------- c:\documents and settings\Administrador\Application Data\Download Manager

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-24 10:20 --------- d-----w c:\programas\Malwarebytes' Anti-Malware

2009-02-22 20:19 --------- d-----w c:\documents and settings\Administrador\Application Data\Azureus

2009-02-22 10:58 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-02-21 15:00 --------- d-----w c:\programas\Lavasoft

2009-02-21 15:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-20 21:02 70,656 ----a-w c:\windows\notepad.exe

2009-02-20 21:02 327,168 ----a-w c:\windows\IsUn0816.exe

2009-02-20 21:02 323,072 ----a-w c:\windows\IsUninst.exe

2009-02-20 21:02 310,784 ----a-w c:\windows\IsUn0416.exe

2009-02-20 21:02 299,008 ----a-w c:\windows\uninst.exe

2009-02-20 21:02 288,256 ----a-w c:\windows\winhlp32.exe

2009-02-20 21:02 25,600 ----a-w c:\windows\twunk_32.exe

2009-02-20 21:02 15,872 ----a-w c:\windows\TASKMAN.EXE

2009-02-20 21:02 122,880 ----a-w c:\windows\UnGins.exe

2009-02-20 21:01 35,328 ----a-w c:\windows\emAMCAP.exe

2009-02-20 21:01 20,480 ----a-w c:\windows\HyperDrive.exe

2009-02-20 21:01 188,416 ----a-w c:\windows\emSTI.exe

2009-02-20 21:01 10,752 ----a-w c:\windows\hh.exe

2009-02-20 20:29 --------- d-----w c:\programas\PBP Unpacker

2009-02-20 19:59 --------- d-----w c:\programas\GSalive CS 1.6 NS

2009-02-20 19:03 126,976 ----a-w C:\W3XMapHack120E2.exe

2009-02-20 19:00 1,035,776 ----a-w c:\windows\explorer.exe

2009-02-20 17:54 --------- d-----w c:\programas\MagicISO

2009-02-20 13:34 --------- d-----w c:\programas\ATI Technologies

2009-02-20 13:30 --------- d-----w c:\programas\Ficheiros comuns\Wise Installation Wizard

2009-02-20 12:29 --------- d--h--w c:\programas\InstallShield Installation Information

2009-02-20 10:58 --------- d-----w c:\documents and settings\Administrador\Application Data\Uniblue

2009-02-17 16:48 70,512 ----a-w c:\documents and settings\Administrador\Application Data\GDIPFONTCACHEV1.DAT

2009-02-17 14:20 --------- d-----w c:\documents and settings\Administrador\Application Data\Skype

2009-02-17 14:17 --------- d-----w c:\documents and settings\Administrador\Application Data\skypePM

2009-02-13 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2009-02-12 22:30 --------- d-----w c:\programas\Valve

2009-02-11 17:28 --------- d-----w c:\programas\Messenger Plus! Live

2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-29 23:49 196,608 ----a-w c:\windows\system32\drivers\aStandard.bin

2009-01-29 13:03 --------- d-----w c:\programas\Vuze

2009-01-24 16:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-24 14:48 --------- d-----w c:\programas\Macromedia

2009-01-24 14:17 --------- d-----w c:\programas\Ficheiros comuns\Adobe

2009-01-24 13:50 --------- d-----w c:\programas\Ficheiros comuns\Macromedia

2009-01-21 15:49 118,656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys

2009-01-21 11:12 --------- d-----w c:\programas\CoreCodec

2009-01-19 12:25 --------- d-----w c:\programas\Soulseek

2009-01-18 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS

2009-01-18 21:15 --------- d-----w c:\programas\Pando Networks

2009-01-18 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\PMB Files

2009-01-17 17:38 --------- d-----w c:\documents and settings\Administrador\Application Data\GameScanner

2009-01-17 15:28 --------- d-----w c:\programas\Hewlett-Packard

2009-01-17 15:23 --------- d-----w c:\programas\Pcsx2_0.9.4

2009-01-17 13:27 --------- d-----w c:\programas\K-Lite Codec Pack

2009-01-17 13:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2009-01-17 13:26 --------- d-----w c:\documents and settings\Administrador\Application Data\Apple Computer

2009-01-17 13:24 --------- d-----w c:\programas\Haali

2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys

2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll

2009-01-12 19:45 --------- d-----w c:\programas\XVideoConverter

2009-01-12 19:24 --------- d-----w c:\programas\Azureus

2009-01-12 18:48 --------- d-----w c:\programas\Bluefox Studio

2009-01-12 17:33 --------- d-----w c:\programas\SUPERAntiSpyware

2009-01-12 17:33 --------- d-----w c:\documents and settings\Administrador\Application Data\SUPERAntiSpyware.com

2009-01-12 17:31 --------- d-----w c:\documents and settings\Administrador\Application Data\uTorrent

2009-01-10 20:20 4,608 ----a-w c:\windows\cocowawa.dll

2009-01-10 19:01 --------- d-----w c:\programas\WinXMedia

2009-01-10 15:02 --------- d-----w c:\programas\Ficheiros comuns\xing shared

2009-01-10 15:02 --------- d-----w c:\programas\Ficheiros comuns\Real

2009-01-05 17:24 --------- d-----w c:\programas\Torrent Harvester

2009-01-05 13:45 --------- d-----w c:\programas\Epic MegaGames

2009-01-05 13:07 --------- d-----w c:\programas\eMule

2009-01-03 00:04 --------- d-----w c:\documents and settings\All Users\Application Data\GameScanner

2009-01-03 00:01 --------- d-----w c:\programas\GameSpy Arcade

2009-01-01 12:36 --------- d-----w c:\programas\DarkCheats

2008-12-28 18:21 --------- d-----w c:\programas\Fortego Security

2008-12-27 14:56 --------- d-----w c:\programas\AlienGUIse

2007-11-15 20:17 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat

2008-10-25 09:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Definições locais\Histórico\History.IE5\MSHist012008102520081026\index.dat

.

------- Sigcheck -------

2009-02-20 19:00 1035776 9a0cfda7a8061eae1b49f1c591cd588c c:\windows\explorer.exe

2009-02-20 21:03 1035264 e4786809a1e3cbec2ce929d6b1283f1b c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

2009-02-20 21:05 1052165 ff72246732eae3f3076bf7df675c7995 c:\windows\$NtServicePackUninstall$\explorer.exe

2009-02-20 21:07 1034240 8ce395dd09c0fbe82c8ff529528242b0 c:\windows\$NtUninstallKB938828$\explorer.exe

2009-02-20 21:14 1035776 9a0cfda7a8061eae1b49f1c591cd588c c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-03 23:56 32768 db37a839f4a2be4f93cf7e614bab63d2 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2009-02-20 21:14 15360 93f93102a8c5d0da6750b25a0c339b66 c:\windows\ServicePackFiles\i386\ctfmon.exe

2009-02-20 19:00 15360 93f93102a8c5d0da6750b25a0c339b66 c:\windows\system32\ctfmon.exe

2004-08-03 23:57 42496 bbdb97f728c2eab8b139e78bb8c79579 c:\windows\$NtServicePackUninstall$\userinit.exe

2009-02-20 21:19 26624 7ce5eb4e0a3c37c4c660b626df3db9be c:\windows\ServicePackFiles\i386\userinit.exe

2009-02-20 21:27 26624 7ce5eb4e0a3c37c4c660b626df3db9be c:\windows\system32\userinit.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-02-20 15360]

"MsnMsgr"="c:\programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\programas\CyberLink\PowerDVD\PDVDServ.exe" [2009-02-20 32768]

"AdobeVersionCue"="c:\programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1753088]

"PWRISOVM.EXE"="c:\programas\PowerISO\PWRISOVM.EXE" [2009-02-20 200704]

"SunJavaUpdateSched"="c:\programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2009-01-17 185872]

"AdobeCS4ServiceManager"="c:\programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"ATICustomerCare"="c:\programas\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-02-20 307200]

"SoundMAXPnP"="c:\programas\Analog Devices\Core\smax4pnp.exe" [2009-02-20 1040384]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2009-02-20 171520]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2009-02-20 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-02-20 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\

Adobe Reader Speed Launch.lnk - c:\programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Microsoft Office.lnk - c:\programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 22:34 24576 c:\programas\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-22 10:58 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i420vfw.dll

"msacm.l3fhg"= mp3fhg.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"msacm.ac3filter"= ac3filter.acm

"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

--a------ 2009-02-22 10:58 1601304 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\services]

"avg8wd"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\Microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\Messenger\\msmsgs.exe"=

"c:\\Programas\\mIRC\\mirc.exe"=

"c:\\Programas\\NetMeeting\\conf.exe"=

"c:\\Hybrid\\Hybrid.exe"=

"c:\\Programas\\Autodesk\\Backburner\\monitor.exe"=

"c:\\Programas\\Autodesk\\Backburner\\manager.exe"=

"c:\\Programas\\Autodesk\\Backburner\\server.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Os meus documentos\\Azureus Downloads\\Star Wars Jedi Knight - Jedi Academy\\GameData\\GameData\\jamp.exe"=

"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programas\\Soulseek\\slsk.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Programas\\Ficheiros comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programas\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

"c:\\Programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programas\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:Blizzard Downloader

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"13050:UDP"= 13050:UDP:SecondLife

"58036:TCP"= 58036:TCP:Pando Media Booster

"58036:UDP"= 58036:UDP:Pando Media Booster

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-22 325128]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-22 107272]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\programas\Viewpoint\Common\ViewpointService.exe [2008-03-29 24576]

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys --> c:\windows\system32\Drivers\e4ldr.sys [?]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\programas\McAfee\SiteAdvisor\McSACore.exe" --> c:\programas\McAfee\SiteAdvisor\McSACore.exe [?]

S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2002-06-11 34048]

S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys --> c:\windows\system32\DRIVERS\e4usbaw.sys [?]

S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-22 298264]

S4 Dpt42swmcnzat;Dpt42swmcnzat; [x]

[HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{fc990470-1880-11dd-89af-00173f99dbc7}]

\Shell\Auto\command - McRegWizz.exe e

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL McRegWizz.exe e

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-02-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

.

- - - - ORFÃOS REMOVIDOS - - - -

Toolbar-{93344865-74BD-4873-BE65-56539D41A65C} - (no file)

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.deviantart.com/

mStart Page = hxxp://br.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

IE: {{07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - {93344865-74BD-4873-BE65-56539D41A65C} -

TCP: {5B66BA35-9160-44B0-85E3-D8563EF3A6DC} = 194.65.47.43,194.65.47.44

TCP: {BA6278B5-8E09-48B5-B0C9-904A1803E533} = 192.168.0.1

DPF: {93344865-74BD-4873-BE65-56539D41A65C} - hxxp://earn2life.com/plugin/Earn2Life.cab

FF - ProfilePath - c:\documents and settings\Administrador\Application Data\Mozilla\Firefox\Profiles\qffrjskl.nightelfmohawk\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.bleachexile.com

FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=

FF - component: c:\programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\programas\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\programas\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----

c:\programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-24 14:05:47

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwOpenFile

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]

"ImagePath"="\Sys"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

[HKEY_USERS\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43613DEA-565E-A006-2C4B-FC450A21DB9C}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaebnkomfijooflbpk"=hex:6a,61,6e,62,63,61,68,62,68,6b,69,6d,66,67,61,70,63,68,

63,63,00,00

"haknhmigdicaonnh"=hex:6a,61,6e,62,63,61,68,62,68,6b,69,6d,66,67,61,70,63,68,

63,63,00,ff

"iaaacenelhmpapmpjl"=hex:63,61,62,63,6f,61,00,7c

[HKEY_USERS\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F7F8EFB-70A2-EDC4-812A-8D0FFECE72AA}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"ialpdhnmpoiemphijc"=hex:6a,61,68,65,6c,6d,70,63,69,66,64,65,6c,67,62,67,69,68,

70,6c,00,00

"hafoffinekdamfej"=hex:69,61,6b,65,66,6e,63,6e,6b,63,70,68,67,62,70,6d,65,70,

00,00

[HKEY_USERS\Administrator\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b2,d1,fc,91,95,2f,7e,04,60,b8,4b,41,9d,42,17,d3,80,92,4f,14,62,79,d3,

28,5b,e1,f2,44,72,cf,86,65,8a,60,36,6a,bd,65,78,be,60,72,27,3c,f1,b4,45,09,\

"??"=hex:25,52,30,17,cb,a9,95,ed,7b,3b,30,64,7b,4d,07,ff

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F7F8EFB-70A2-EDC4-812A-8D0FFECE72AA}\InProcServer32*]

"jajpohhbpmdnpbbpkbad"=hex:6a,61,68,65,6c,6d,70,63,69,66,64,65,6c,67,62,67,69,

68,70,6c,00,00

"iajpienhbgmfjcdgnc"=hex:69,61,6b,65,66,6e,63,6e,6b,63,70,68,67,62,70,6d,65,70,

00,00

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(788)

c:\windows\system32\Ati2evxx.dll

c:\programas\AlienGUIse\fastload.dll

c:\programas\Bonjour\mdnsNSP.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\programas\AVG\AVG8\avgrsx.exe

c:\windows\system32\AEADISRV.EXE

c:\windows\ATKKBService.exe

c:\programas\Bonjour\mDNSResponder.exe

c:\programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\notepad.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-02-24 14:11:14 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-02-24 14:10:12

Pré-execução: 38.908.866.560 bytes livres

Pós execução: 40,386,924,544 bytes livres

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

371 --- E O F --- 2009-02-22 17:28:23

-------------------

HiJackThis LOG:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:12:17, on 24-02-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programas\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\AEADISRV.EXE

C:\WINDOWS\ATKKBService.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Viewpoint\Common\ViewpointService.exe

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\Programas\PowerISO\PWRISOVM.EXE

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B66BA35-9160-44B0-85E3-D8563EF3A6DC}: NameServer = 194.65.47.43,194.65.47.44

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6278B5-8E09-48B5-B0C9-904A1803E533}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programas\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programas\Viewpoint\Common\ViewpointService.exe

--

End of file - 8550 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Clique em Iniciar -> Executar e digite msconfig -> Ok. Na guia Inicializar -> Marque todos os itens e confirme.

Reinicie e poste um novo Log do Hijackthis feito em Modo Normal.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:46:33, on 24-02-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\AEADISRV.EXE

C:\WINDOWS\ATKKBService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\Programas\PowerISO\PWRISOVM.EXE

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Viewpoint\Common\ViewpointService.exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B66BA35-9160-44B0-85E3-D8563EF3A6DC}: NameServer = 194.65.47.43,194.65.47.44

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6278B5-8E09-48B5-B0C9-904A1803E533}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programas\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programas\Viewpoint\Common\ViewpointService.exe

--

End of file - 8807 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções.

Delete a pasta qoobox que está localizada em C:\, delete também o Log ComboFix.txt também localizado em C:\.

Sugiro que imprima ou salve os procedimentos abaixo, e não use a Internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho ( Desktop), com o nome de CFScript.txt.

File::

c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL McRegWizz.exe

Registry::

[-HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{fc990470-1880-11dd-89af-00173f99dbc7}]

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

Faça um novo Log com o HijackThis em Modo Normal e poste + o ComboFix.txt.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui estao:

ComboFIX:

ComboFix 09-02-21.01 - Administrador 2009-02-24 17:55:34.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.2047.1586 [GMT 0:00]

Executando de: c:\documents and settings\Administrador\Ambiente de trabalho\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Ambiente de trabalho\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

FILE ::

c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL McRegWizz.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\explorer.exe . . . está infetado!!

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-24 to 2009-02-24 ))))))))))))))))))))))))))))

.

2009-02-23 09:31 . 2009-02-23 09:31 <DIR> d-------- c:\programas\Trend Micro

2009-02-23 09:30 . 2009-02-23 09:31 <DIR> d-------- C:\CCleaner

2009-02-23 09:26 . 2009-02-23 09:26 <DIR> d-------- c:\programas\CCleaner

2009-02-22 17:23 . 2009-02-22 17:23 <DIR> d-------- c:\programas\Microsoft.NET

2009-02-22 17:15 . 2009-02-22 17:15 <DIR> d-------- C:\8ec090f8f29fcc45890e684b3c64bb

2009-02-22 17:15 . 2009-02-22 17:15 <DIR> d-------- C:\52287885bfe694d80d7cbb

2009-02-22 11:39 . 2009-02-22 11:39 <DIR> d-------- c:\windows\system32\URTTemp

2009-02-22 11:29 . 2009-02-22 11:46 <DIR> d-------- c:\windows\SxsCaPendDel

2009-02-22 10:58 . 2009-02-24 10:02 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-02-22 10:58 . 2009-02-22 10:58 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-02-22 10:58 . 2009-02-22 10:58 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-02-22 10:58 . 2009-02-22 10:58 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-02-21 18:48 . 2009-02-21 18:48 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore

2009-02-20 18:45 . 2009-02-21 18:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor

2009-02-20 18:43 . 2009-02-21 19:13 <DIR> d-------- c:\programas\McAfee

2009-02-20 18:38 . 2009-02-21 19:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee

2009-02-20 17:15 . 2008-04-14 21:39 870,784 --------- c:\windows\system32\ati3d1ag.dll

2009-02-20 17:15 . 2008-04-14 21:39 377,984 --------- c:\windows\system32\ati2dvaa.dll

2009-02-20 17:15 . 2008-04-14 21:39 32,768 --------- c:\windows\system32\ativtmxx.dll

2009-02-20 17:15 . 2008-04-14 21:40 23,040 --------- c:\windows\system32\ativmvxx.ax

2009-02-20 17:15 . 2008-04-14 21:40 9,728 --------- c:\windows\system32\ativdaxx.ax

2009-02-20 16:31 . 2006-12-29 00:31 19,569 --a------ c:\windows\000001_.tmp

2009-02-20 16:25 . 2009-02-20 16:54 <DIR> d-------- C:\b4af109b097d9f47026ba7ffff

2009-02-20 15:56 . 2009-02-20 15:56 <DIR> d-------- c:\documents and settings\LocalService\Ambiente de trabalho

2009-02-20 14:50 . 2009-02-20 14:50 <DIR> d-------- c:\windows\system32\CatRoot_bak

2009-02-20 13:44 . 2009-02-20 21:21 593,920 --a------ c:\windows\system32\ati2sgag.exe

2009-02-20 13:28 . 2009-02-20 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SonicFocus

2009-02-20 12:43 . 2009-02-20 12:52 <DIR> d-------- c:\programas\Driver Checker

2009-02-20 12:28 . 2009-02-20 13:30 <DIR> d-------- c:\programas\ATI

2009-02-20 12:24 . 2008-12-04 09:31 53,248 --a------ c:\windows\system32\CSVer.dll

2009-02-20 12:23 . 2009-02-20 12:23 <DIR> d-------- c:\programas\Realtek

2009-02-20 12:23 . 2009-01-16 22:45 73,728 --a------ c:\windows\system32\RtNicProp32.dll

2009-02-20 12:07 . 2009-02-20 13:29 <DIR> d-------- c:\programas\Driver-Soft

2009-02-20 12:07 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx

2009-02-20 12:07 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX

2009-02-20 12:07 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll

2009-02-20 11:58 . 2009-02-20 11:58 <DIR> d-------- c:\programas\iXi Tools

2009-02-20 11:56 . 2009-02-20 11:56 <DIR> d-------- c:\documents and settings\Administrador\Application Data\Thinstall

2009-02-20 11:47 . 2009-02-20 11:47 <DIR> d-------- c:\programas\XPC Tools

2009-02-20 10:56 . 2009-02-20 10:56 <DIR> d-------- c:\programas\Analog Devices

2009-02-20 10:54 . 2009-02-20 10:54 <DIR> d-------- C:\Intel

2009-02-20 10:54 . 2009-02-20 10:54 <DIR> d-------- C:\Drivers

2009-02-20 10:44 . 2009-02-20 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner

2009-02-16 20:17 . 2009-02-16 20:17 <DIR> d-------- c:\windows\system32\VirtualExpander

2009-02-15 10:46 . 2009-02-22 10:44 <DIR> d-------- c:\documents and settings\Administrador\Application Data\SecondLife

2009-02-15 10:44 . 2009-02-15 10:44 <DIR> d-------- c:\programas\SecondLifeReleaseCandidate

2009-02-12 20:08 . 2009-02-15 09:56 <DIR> d-------- c:\documents and settings\Administrador\Application Data\OnRez

2009-02-09 22:52 . 2009-02-09 22:52 <DIR> d-------- c:\documents and settings\Administrador\Application Data\id Software

2009-02-09 22:50 . 2009-02-09 22:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\id Software

2009-02-09 22:50 . 2009-02-20 21:25 2,266,642 --a------ c:\windows\system32\pbsvc.exe

2009-02-09 22:50 . 2009-02-11 20:02 188,896 --a------ c:\windows\system32\PnkBstrB.exe

2009-02-09 22:50 . 2009-02-11 20:02 138,784 --a------ c:\windows\system32\drivers\PnkBstrK.sys

2009-02-09 22:50 . 2009-02-11 20:02 70,968 --a------ c:\windows\system32\PnkBstrA.exe

2009-02-09 22:50 . 2009-02-09 22:50 22,328 --a------ c:\documents and settings\Administrador\Application Data\PnkBstrK.sys

2009-01-24 14:15 . 2009-01-24 14:15 <DIR> d-------- c:\programas\Adobe Media Player

2009-01-24 14:12 . 2009-01-24 14:12 <DIR> d-------- c:\programas\Ficheiros comuns\Adobe AIR

2009-01-24 12:02 . 2009-01-24 12:13 <DIR> d-------- c:\documents and settings\Administrador\Application Data\Download Manager

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-24 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-02-24 10:20 --------- d-----w c:\programas\Malwarebytes' Anti-Malware

2009-02-22 20:19 --------- d-----w c:\documents and settings\Administrador\Application Data\Azureus

2009-02-21 15:00 --------- d-----w c:\programas\Lavasoft

2009-02-21 15:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-20 21:28 32,256 ----a-w c:\windows\system32\wupdmgr.exe

2009-02-20 21:28 32,256 ----a-w c:\windows\system32\wpabaln.exe

2009-02-20 21:28 30,720 ----a-w c:\windows\system32\xcopy.exe

2009-02-20 21:28 28,168 ----a-w c:\windows\system32\wpnpinst.exe

2009-02-20 21:28 17,408 ----a-w c:\windows\system32\wpdshextautoplay.exe

2009-02-20 21:28 163,336 ----a-w c:\windows\system32\WudfHost.exe

2009-02-20 21:28 155,648 ----a-w c:\windows\system32\wscript.exe

2009-02-20 21:26 99,328 ----a-w c:\windows\system32\scardsvr.exe

2009-02-20 21:25 9,728 ----a-w c:\windows\system32\proxycfg.exe

2009-02-20 21:24 87,552 ----a-w c:\windows\system32\netsh.exe

2009-02-20 21:23 9,728 ----a-w c:\windows\system32\label.exe

2009-02-20 21:22 9,728 ----a-w c:\windows\system32\finger.exe

2009-02-20 21:21 98,304 ----a-w c:\windows\system32\ahui.exe

2009-02-20 21:12 769,024 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe

2009-02-20 21:12 744,448 ----a-w c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2009-02-20 21:12 171,520 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe

2009-02-20 21:02 70,656 ----a-w c:\windows\notepad.exe

2009-02-20 21:02 327,168 ----a-w c:\windows\IsUn0816.exe

2009-02-20 21:02 323,072 ----a-w c:\windows\IsUninst.exe

2009-02-20 21:02 310,784 ----a-w c:\windows\IsUn0416.exe

2009-02-20 21:02 299,008 ----a-w c:\windows\uninst.exe

2009-02-20 21:02 288,256 ----a-w c:\windows\winhlp32.exe

2009-02-20 21:02 25,600 ----a-w c:\windows\twunk_32.exe

2009-02-20 21:02 15,872 ----a-w c:\windows\TASKMAN.EXE

2009-02-20 21:02 122,880 ----a-w c:\windows\UnGins.exe

2009-02-20 21:01 35,328 ----a-w c:\windows\emAMCAP.exe

2009-02-20 21:01 20,480 ----a-w c:\windows\HyperDrive.exe

2009-02-20 21:01 188,416 ----a-w c:\windows\emSTI.exe

2009-02-20 21:01 10,752 ----a-w c:\windows\hh.exe

2009-02-20 20:29 --------- d-----w c:\programas\PBP Unpacker

2009-02-20 19:59 --------- d-----w c:\programas\GSalive CS 1.6 NS

2009-02-20 19:03 90,112 ----a-w c:\windows\system32\AEADISRV.EXE

2009-02-20 19:03 126,976 ----a-w C:\W3XMapHack120E2.exe

2009-02-20 19:00 598,016 ----a-w c:\windows\system32\ati2evxx.exe

2009-02-20 19:00 15,360 ----a-w c:\windows\system32\ctfmon.exe

2009-02-20 19:00 1,035,776 ----a-w c:\windows\explorer.exe

2009-02-20 17:54 --------- d-----w c:\programas\MagicISO

2009-02-20 13:34 --------- d-----w c:\programas\ATI Technologies

2009-02-20 13:30 --------- d-----w c:\programas\Ficheiros comuns\Wise Installation Wizard

2009-02-20 12:29 --------- d--h--w c:\programas\InstallShield Installation Information

2009-02-20 10:58 --------- d-----w c:\documents and settings\Administrador\Application Data\Uniblue

2009-02-17 16:48 70,512 ----a-w c:\documents and settings\Administrador\Application Data\GDIPFONTCACHEV1.DAT

2009-02-17 14:20 --------- d-----w c:\documents and settings\Administrador\Application Data\Skype

2009-02-17 14:17 --------- d-----w c:\documents and settings\Administrador\Application Data\skypePM

2009-02-13 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2009-02-12 22:30 --------- d-----w c:\programas\Valve

2009-02-11 17:28 --------- d-----w c:\programas\Messenger Plus! Live

2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-29 23:49 196,608 ----a-w c:\windows\system32\drivers\aStandard.bin

2009-01-29 13:03 --------- d-----w c:\programas\Vuze

2009-01-24 16:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-24 14:48 --------- d-----w c:\programas\Macromedia

2009-01-24 14:17 --------- d-----w c:\programas\Ficheiros comuns\Adobe

2009-01-24 13:50 --------- d-----w c:\programas\Ficheiros comuns\Macromedia

2009-01-21 15:49 118,656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys

2009-01-21 11:12 --------- d-----w c:\programas\CoreCodec

2009-01-19 12:25 --------- d-----w c:\programas\Soulseek

2009-01-18 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS

2009-01-18 21:15 --------- d-----w c:\programas\Pando Networks

2009-01-18 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\PMB Files

2009-01-17 17:38 --------- d-----w c:\documents and settings\Administrador\Application Data\GameScanner

2009-01-17 15:28 --------- d-----w c:\programas\Hewlett-Packard

2009-01-17 15:23 --------- d-----w c:\programas\Pcsx2_0.9.4

2009-01-17 13:27 --------- d-----w c:\programas\K-Lite Codec Pack

2009-01-17 13:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2009-01-17 13:26 --------- d-----w c:\documents and settings\Administrador\Application Data\Apple Computer

2009-01-17 13:24 --------- d-----w c:\programas\Haali

2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys

2009-01-14 05:46 11,591,680 ----a-w c:\windows\system32\atioglxx.dll

2009-01-14 04:53 286,720 ----a-w c:\windows\system32\atiok3x2.dll

2009-01-14 04:49 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll

2009-01-14 04:47 323,584 ----a-w c:\windows\system32\ati2dvag.dll

2009-01-14 04:36 196,608 ----a-w c:\windows\system32\atipdlxx.dll

2009-01-14 04:36 151,552 ----a-w c:\windows\system32\Oemdspif.dll

2009-01-14 04:35 43,520 ----a-w c:\windows\system32\ati2edxx.dll

2009-01-14 04:35 155,648 ----a-w c:\windows\system32\ati2evxx.dll

2009-01-14 04:32 53,248 ----a-w c:\windows\system32\ATIDDC.DLL

2009-01-14 04:22 4,009,152 ----a-w c:\windows\system32\ati3duag.dll

2009-01-14 04:05 2,500,224 ----a-w c:\windows\system32\ativvaxx.dll

2009-01-14 03:50 48,640 ----a-w c:\windows\system32\amdpcom32.dll

2009-01-14 03:45 401,408 ----a-w c:\windows\system32\atikvmag.dll

2009-01-14 03:44 17,408 ----a-w c:\windows\system32\atitvo32.dll

2009-01-14 03:44 110,592 ----a-w c:\windows\system32\atiadlxx.dll

2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll

2009-01-14 03:37 577,536 ----a-w c:\windows\system32\ati2cqag.dll

2009-01-14 03:37 307,200 ----a-w c:\windows\system32\atiiiexx.dll

2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalrt.dll

2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalcl.dll

2009-01-14 02:34 3,227,648 ----a-w c:\windows\system32\Amdcaldd.dll

2009-01-12 19:45 --------- d-----w c:\programas\XVideoConverter

2009-01-12 19:24 --------- d-----w c:\programas\Azureus

2009-01-12 18:48 --------- d-----w c:\programas\Bluefox Studio

2009-01-12 17:33 --------- d-----w c:\programas\SUPERAntiSpyware

2009-01-12 17:33 --------- d-----w c:\documents and settings\Administrador\Application Data\SUPERAntiSpyware.com

2008-10-25 09:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Definições locais\Histórico\History.IE5\MSHist012008102520081026\index.dat

.

------- Sigcheck -------

2009-02-20 19:00 1035776 9a0cfda7a8061eae1b49f1c591cd588c c:\windows\explorer.exe

2009-02-20 21:03 1035264 e4786809a1e3cbec2ce929d6b1283f1b c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

2009-02-20 21:05 1052165 ff72246732eae3f3076bf7df675c7995 c:\windows\$NtServicePackUninstall$\explorer.exe

2009-02-20 21:07 1034240 8ce395dd09c0fbe82c8ff529528242b0 c:\windows\$NtUninstallKB938828$\explorer.exe

2009-02-20 21:14 1035776 9a0cfda7a8061eae1b49f1c591cd588c c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-03 23:56 32768 db37a839f4a2be4f93cf7e614bab63d2 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2009-02-20 21:14 15360 93f93102a8c5d0da6750b25a0c339b66 c:\windows\ServicePackFiles\i386\ctfmon.exe

2009-02-20 19:00 15360 93f93102a8c5d0da6750b25a0c339b66 c:\windows\system32\ctfmon.exe

2004-08-03 23:57 42496 bbdb97f728c2eab8b139e78bb8c79579 c:\windows\$NtServicePackUninstall$\userinit.exe

2009-02-20 21:19 26624 7ce5eb4e0a3c37c4c660b626df3db9be c:\windows\ServicePackFiles\i386\userinit.exe

2009-02-20 21:27 26624 7ce5eb4e0a3c37c4c660b626df3db9be c:\windows\system32\userinit.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-02-20 15360]

"MsnMsgr"="c:\programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\programas\CyberLink\PowerDVD\PDVDServ.exe" [2009-02-20 32768]

"AdobeVersionCue"="c:\programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1753088]

"PWRISOVM.EXE"="c:\programas\PowerISO\PWRISOVM.EXE" [2009-02-20 200704]

"SunJavaUpdateSched"="c:\programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2009-01-17 185872]

"AdobeCS4ServiceManager"="c:\programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"ATICustomerCare"="c:\programas\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-02-20 307200]

"SoundMAXPnP"="c:\programas\Analog Devices\Core\smax4pnp.exe" [2009-02-20 1040384]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-22 1601304]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2009-02-20 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-02-20 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\

Adobe Reader Speed Launch.lnk - c:\programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Microsoft Office.lnk - c:\programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 22:34 24576 c:\programas\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-22 10:58 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i420vfw.dll

"msacm.l3fhg"= mp3fhg.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"msacm.ac3filter"= ac3filter.acm

"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\Microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\Messenger\\msmsgs.exe"=

"c:\\Programas\\mIRC\\mirc.exe"=

"c:\\Programas\\NetMeeting\\conf.exe"=

"c:\\Hybrid\\Hybrid.exe"=

"c:\\Programas\\Autodesk\\Backburner\\monitor.exe"=

"c:\\Programas\\Autodesk\\Backburner\\manager.exe"=

"c:\\Programas\\Autodesk\\Backburner\\server.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Os meus documentos\\Azureus Downloads\\Star Wars Jedi Knight - Jedi Academy\\GameData\\GameData\\jamp.exe"=

"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programas\\Soulseek\\slsk.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Programas\\Ficheiros comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programas\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

"c:\\Programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programas\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:Blizzard Downloader

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"13050:UDP"= 13050:UDP:SecondLife

"58036:TCP"= 58036:TCP:Pando Media Booster

"58036:UDP"= 58036:UDP:Pando Media Booster

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-22 325128]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-22 107272]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-22 298264]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\programas\Viewpoint\Common\ViewpointService.exe [2008-03-29 24576]

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys --> c:\windows\system32\Drivers\e4ldr.sys [?]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\programas\McAfee\SiteAdvisor\McSACore.exe" --> c:\programas\McAfee\SiteAdvisor\McSACore.exe [?]

S2 OMSCAN;OMSCAN;\Sysi --> \Sysi [?]

S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2002-06-11 34048]

S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys --> c:\windows\system32\DRIVERS\e4usbaw.sys [?]

S4 Dpt42swmcnzat;Dpt42swmcnzat; [x]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-02-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.deviantart.com/

mStart Page = hxxp://br.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

IE: {{07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - {93344865-74BD-4873-BE65-56539D41A65C} -

TCP: {5B66BA35-9160-44B0-85E3-D8563EF3A6DC} = 194.65.47.43,194.65.47.44

TCP: {BA6278B5-8E09-48B5-B0C9-904A1803E533} = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Administrador\Application Data\Mozilla\Firefox\Profiles\qffrjskl.nightelfmohawk\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.bleachexile.com

FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=

FF - component: c:\programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\programas\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\programas\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----

c:\programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-24 17:59:11

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwOpenFile

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]

"ImagePath"="\Sys"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

[HKEY_USERS\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43613DEA-565E-A006-2C4B-FC450A21DB9C}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaebnkomfijooflbpk"=hex:6a,61,6e,62,63,61,68,62,68,6b,69,6d,66,67,61,70,63,68,

63,63,00,00

"haknhmigdicaonnh"=hex:6a,61,6e,62,63,61,68,62,68,6b,69,6d,66,67,61,70,63,68,

63,63,00,ff

"iaaacenelhmpapmpjl"=hex:63,61,62,63,6f,61,00,7c

[HKEY_USERS\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F7F8EFB-70A2-EDC4-812A-8D0FFECE72AA}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"ialpdhnmpoiemphijc"=hex:6a,61,68,65,6c,6d,70,63,69,66,64,65,6c,67,62,67,69,68,

70,6c,00,00

"hafoffinekdamfej"=hex:69,61,6b,65,66,6e,63,6e,6b,63,70,68,67,62,70,6d,65,70,

00,00

[HKEY_USERS\Administrator\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b2,d1,fc,91,95,2f,7e,04,60,b8,4b,41,9d,42,17,d3,80,92,4f,14,62,79,d3,

28,5b,e1,f2,44,72,cf,86,65,8a,60,36,6a,bd,65,78,be,60,72,27,3c,f1,b4,45,09,\

"??"=hex:25,52,30,17,cb,a9,95,ed,7b,3b,30,64,7b,4d,07,ff

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F7F8EFB-70A2-EDC4-812A-8D0FFECE72AA}\InProcServer32*]

"jajpohhbpmdnpbbpkbad"=hex:6a,61,68,65,6c,6d,70,63,69,66,64,65,6c,67,62,67,69,

68,70,6c,00,00

"iajpienhbgmfjcdgnc"=hex:69,61,6b,65,66,6e,63,6e,6b,63,70,68,67,62,70,6d,65,70,

00,00

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(740)

c:\windows\system32\Ati2evxx.dll

c:\programas\AlienGUIse\fastload.dll

.

Tempo para conclusão: 2009-02-24 18:01:28

ComboFix-quarantined-files.txt 2009-02-24 18:00:11

Pré-execução: 40.378.363.904 bytes livres

Pós execução: 40,367,415,296 bytes livres

358 --- E O F --- 2009-02-22 17:28:23

- - - -

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:02:22, on 24-02-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\AEADISRV.EXE

C:\WINDOWS\ATKKBService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Viewpoint\Common\ViewpointService.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B66BA35-9160-44B0-85E3-D8563EF3A6DC}: NameServer = 194.65.47.43,194.65.47.44

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6278B5-8E09-48B5-B0C9-904A1803E533}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programas\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programas\Viewpoint\Common\ViewpointService.exe

--

End of file - 8636 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça download do Kaspersky Removal Tool.

Salve no seu Desktop

Instale o programa normalmente seguindo todos os seus passos.

Na tela principal do programa clique na opção "Meu computador" e depois clique no botão "Scan".

Seja paciente, o scan pode demorar

Se ele encontrar alguma infecção clique em "disinfect".

Após completar tudo clique na aba Events, desmarque a caixa de seleção "Show all events" e depois em "Save to file".

Dê um nome para o Arquivo e salve numa Pasta de sua preferência

Poste o conteúdo desse Arquivo em sua próxima resposta, juntamente com um novo Log do HijackThis.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:12:00, on 25-02-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\AEADISRV.EXE

C:\WINDOWS\ATKKBService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\Programas\PowerISO\PWRISOVM.EXE

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programas\Viewpoint\Common\ViewpointService.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B66BA35-9160-44B0-85E3-D8563EF3A6DC}: NameServer = 194.65.47.43,194.65.47.44

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6278B5-8E09-48B5-B0C9-904A1803E533}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programas\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programas\Viewpoint\Common\ViewpointService.exe

--

End of file - 8726 bytes

Log do Kaspersky Removal Tool:

Deixei o scan a correr de noite antes de ir dormir, de manha quando acordei vi que a janela do Kaspersky ja nao estava aberta, mas quando fui vi que tinha detectado cerca de 200 infeçoes, por isso corri um novo scan para obter o log, e desta vez so detectou 13, o log do Kaspersky era muito grande para postar no forum, por isso alojei numa pagina web, pode encontra-lo aqui: http://hackz.com.sapo.pt/index.htm

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite as proteções residentes de AntiVírus e AntiSpywares!

Faça o download do EliStarA.

Baixe-a para o Disco Local-C e crie uma pasta para a ferramenta,estabelecendo um caminho para o Desktop! ( Atalho. )

Faça o download do ELINOTIF.DLL.Salve-o no interior da pasta criada para o EliStarA!.

Faça o download do EliTriIP.

Baixe-a para o Desktop!

Ps: Ambas,as Ferramentas,estarão na página descargas ( Descargas > Utilidades SATINFO ).

Selecione as Ferramentas ( Uma por vez! ) e clique no pé da página,no botão Descargar xxx.Onde xxx é a denominação da Ferramenta escolhida!

Faça o download do Clean.

Salve-o no Disco Local-C e descompacte-o aí mesmo,enviando o executável ( Atalho ) para o Desktop!

O executável é um ícone denominado: clean.

Reinicie o PC em entre em Modo Seguro (pressione F8 intermitentemente durante a Inicialização e escolha Modo Seguro na tela de seleção);

Execute,primeiro,a Ferramenta: EliStartA.

Vá ao seu ícone e execute-a!

Aceite as condições propostas e aguarde o término do scan.Aguarde!Pois vai demorar um pouco para concluír a varredura do PC.

Terminando,execute a Ferramenta EliTriIP.

O scan desta Ferramenta é mais rápido!

Terminando,execute o Programa de limpeza profunda Clean com um duplo clique no seu executável.

Abrir-se-á um prompt com três opções: Escolha o dois ( 2 )!

Aperte Enter! >> Aperte Enter,novamente! >> Aguarde!

Aperte Enter,novamente!

Surgirá um Relatório ( rapport_clean ),que voçê deverá salvar e postar para análise.

Poste o relatório infoSAT.txt que está na raíz C:\ ( Disco Local-C ) + rapport_clean.

Selecione e copie!

Poste,também,um novo Log do HijackThis,feito em Modo Normal,na sua resposta.

A Ferramenta EliStarA,deletará a sua página inicial!

Posteriormente,voçê à configurará novamente.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 3 Mensagens
    • 50 Visualizações
    • 4 Mensagens
    • 90 Visualizações
    • 13 Mensagens
    • 216 Visualizações
    • 2 Mensagens
    • 62 Visualizações
    • 3 Mensagens
    • 61 Visualizações