Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Olá pessoal sou novo aqui no iMasters, e queria pedir ajuda : Meu desktop e os icones SUMIRAM!!!!!!!!!!!!!! :wacko:
Tudo começou num domingo eu tava fazendo um trabalho e desliguei o PC. No dia seguinte quando eu fui ligar...
o desktop e os icones tinham sumido. Só da pra abrir pelo Gerenciador de Tarefas Ctrl+Alt+Del.
Já baixei o avast, e uma lista de outros mais não consigo resolver o problema. Ja restaurei o sistema e nada.
Já vi varios casos igual ao meu que tiveram solução.
Não sei se ajuda mas tá aqui o meu log do HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:13, on 23/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Hijack\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
O1 - Hosts: <tr>
O1 - Hosts: <td width=1% valign=top><a href="[http://www.yahoo.com">http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="[http://help.yahoo.com">Help](http://search.yahoo.com/search%22)
O1 - Hosts: <input size="14" name="p" value="">
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <font face=arial size=-2> <a href="[http://search.yahoo.com/search/options?p=">advanced](http://search.yahoo.com/search/options?p=%22) search</a> <a href="[http://buzz.yahoo.com">most](http://buzz.yahoo.com%22) popular</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="[http://webhosting.yahoo.com/ps/wh/prod/">three](http://webhosting.yahoo.com/ps/wh/prod/%22) affordable plans</a> to meet your needs - starting at just $11.95.
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right>
O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1> </td>
O1 - Hosts: <td valign=top align=center width=445>O1 - Hosts: < script language="JavaScript" type="text/javascript"
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr" >
O1 - Hosts: < /script >
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="[http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address](http://rd.yahoo.com/footer/?http://address.yahoo.com/%22) Book</A> · <AO1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...
O1 - Hosts: </font></td></tr></table></td></tr></table>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Extensão do Navegador - {937833BF-40FC-46BC-806F-34201374A953} - C:\WINDOWS\system32\wgapre32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [lphc943j0e73j] C:\WINDOWS\system32\lphc943j0e73j.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\RunOnce: [spybotDeletingA2682] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\BlockedCookies.dat"
O4 - HKLM\..\RunOnce: [spybotDeletingC2222] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\BlockedCookies.dat"
O4 - HKLM\..\RunOnce: [spybotDeletingA9101] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\DirectoryDefinition.dat"
O4 - HKLM\..\RunOnce: [spybotDeletingC6453] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\DirectoryDefinition.dat"
O4 - HKLM\..\RunOnce: [spybotDeletingA3721] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ENoSignature.dat"
O4 - HKLM\..\RunOnce: [spybotDeletingC1936] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ENoSignature.dat"
O4 - HKLM\..\RunOnce: [spybotDeletingA705] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ExeDefinition.dat"
O4 - HKLM\..\RunOnce: [spybotDeletingC2136] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ExeDefinition.dat"
O4 - HKLM\..\RunOnce: [spybotDeletingA797] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\FileDefinition.dat"
O4 - HKLM\..\RunOnce: [spybotDeletingC8245] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\FileDefinition.dat"
O4 - HKLM\..\RunOnce: [spybotDeletingA3934] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\RegistryDefinition.dat"
O4 - HKLM\..\RunOnce: [spybotDeletingC3310] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\RegistryDefinition.dat"
O4 - HKLM\..\RunOnce: [spybotDeletingA3866] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\Quarantine\Quarantined files will be placed here.txt"
O4 - HKLM\..\RunOnce: [spybotDeletingC2876] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\Quarantine\Quarantined files will be placed here.txt"
O4 - HKLM\..\RunOnce: [spybotDeletingA5014] command /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
O4 - HKLM\..\RunOnce: [spybotDeletingC5793] cmd /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
O4 - HKLM\..\RunOnce: [spybotDeletingA6117] command /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"
O4 - HKLM\..\RunOnce: [spybotDeletingC2724] cmd /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"
O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized
O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [ViStart] C:\Arquivos de programas\ViStart\ViStart
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [shockAero] C:\Documents and Settings\Casa\Meus documentos\ShockAero\ShockAero.exe
O4 - HKCU\..\Run: [PSwitch] C:\Arquivos de programas\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKCU\..\Run: [CMS_RSChecker] "D:\RS FAN v1.1.exe" -m
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [spybotDeletingB3559] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\BlockedCookies.dat"
O4 - HKCU\..\RunOnce: [spybotDeletingD8073] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\BlockedCookies.dat"
O4 - HKCU\..\RunOnce: [spybotDeletingB9224] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\DirectoryDefinition.dat"
O4 - HKCU\..\RunOnce: [spybotDeletingD9035] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\DirectoryDefinition.dat"
O4 - HKCU\..\RunOnce: [spybotDeletingB1167] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ENoSignature.dat"
O4 - HKCU\..\RunOnce: [spybotDeletingD5612] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ENoSignature.dat"
O4 - HKCU\..\RunOnce: [spybotDeletingB9082] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ExeDefinition.dat"
O4 - HKCU\..\RunOnce: [spybotDeletingD2994] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ExeDefinition.dat"
O4 - HKCU\..\RunOnce: [spybotDeletingB4766] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\FileDefinition.dat"
O4 - HKCU\..\RunOnce: [spybotDeletingD7262] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\FileDefinition.dat"
O4 - HKCU\..\RunOnce: [spybotDeletingB4596] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\RegistryDefinition.dat"
O4 - HKCU\..\RunOnce: [spybotDeletingD616] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\RegistryDefinition.dat"
O4 - HKCU\..\RunOnce: [spybotDeletingB4120] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\Quarantine\Quarantined files will be placed here.txt"
O4 - HKCU\..\RunOnce: [spybotDeletingD1353] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\Quarantine\Quarantined files will be placed here.txt"
O4 - HKCU\..\RunOnce: [spybotDeletingB1355] command /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
O4 - HKCU\..\RunOnce: [spybotDeletingD5945] cmd /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
O4 - HKCU\..\RunOnce: [spybotDeletingB8714] command /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"
O4 - HKCU\..\RunOnce: [spybotDeletingD5925] cmd /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Vista Sidebar\sidebar.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Update.exe
O8 - Extra context menu item: &Search - ?p=ZCxdm451YYBR
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 23288 bytes
Baixe o Combofix e salve no seu desktop.
Feche todas as janelas e programas
Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.
Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.
Atenção:
Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.
Para parar ou sair do ComboFix, tecle "2" e Enter.
Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.
ComboFix 08-09-22.04 - Casa 2008-09-23 17:49:45.1 - NTFSx86
Executando de: C:\Documents and Settings\Casa\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Arquivos de programas\FunWebProducts
C:\Arquivos de programas\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Arquivos de programas\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Arquivos de programas\internet explorer\msimg32.dll
C:\Arquivos de programas\MyWebSearch
C:\autorun.inf
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\windows update.exe
C:\Documents and Settings\Gustavo\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\n.com
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\ckvo2.dll
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo2.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\skinboxer43.dll
C:\WINDOWS\system32\wgaprem32.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NPF
-------\Service_MyWebSearchService
-------\Service_NPF
((((((((((((((((((((((( Ficheiros criados de 2008-08-23 to 2008-09-23 ))))))))))))))))))))))))))))))))
.
2008-09-23 17:15 . 2008-09-23 17:15 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-23 17:12 . 2008-09-23 17:33 <DIR> d-------- C:\SDFix
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo2008-09-23 12:16 . 2008-09-23 12:16 993 --a------ C:\WINDOWS\wininit.ini
2008-09-23 06:07 . 2008-09-23 06:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software
2008-09-22 23:04 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2008-09-22 23:04 . 2008-09-23 13:44 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy
2008-09-22 22:19 . 2008-09-22 22:19 <DIR> d-------- C:\Arquivos de programas\IObit
2008-09-22 22:14 . 2008-09-23 16:32 <DIR> d-------- C:\Hijack
2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos
2008-09-22 21:17 . 2008-09-23 13:44 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos
2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais
2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador2008-09-21 22:25 . 2008-09-21 22:25 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-09-17 17:50 . 2008-09-17 17:49 115,913 -r-hs---- C:\k2d8j3wa.bat
2008-09-08 14:40 . 2008-09-08 14:40 33 --a------ C:\WINDOWS\KB1369769.ini
2008-09-06 19:11 . 2008-09-06 19:11 90,834 -r-hs---- C:\r1y1.bat
2008-09-05 15:12 . 2008-09-05 15:13 <DIR> d-------- C:\Arquivos de programas\VDOWNLOADER
2008-09-05 14:21 . 2008-09-05 14:21 <DIR> d-------- C:\Arquivos de programas\4U Computing
2008-09-05 13:41 . 2008-09-05 13:41 <DIR> d-------- C:\OutputFolder
2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Arquivos de programas\Allok Video to MP4 Converter2008-09-05 13:39 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-09-05 13:39 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-09-05 13:39 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-09-05 12:07 . 2008-09-05 12:07 92,932 -r-hs---- C:\ktnquo.exe
2008-09-02 18:46 . 2008-09-02 18:47 90,911 -r-hs---- C:\f.bat
2008-09-02 18:31 . 2008-09-02 18:30 109,043 -r-hs---- C:\hpkq.cmd
2008-09-01 19:17 . 2008-09-01 19:29 1,750,528 --a------ C:\WINDOWS\system32\wgapre32.dll
2008-09-01 17:58 . 2008-09-01 17:57 90,623 -r-hs---- C:\kk3.bat
2008-09-01 13:16 . 2008-09-01 13:16 <DIR> d-------- C:\Arquivos de programas\Nero
2008-09-01 13:16 . 2008-09-01 13:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead
2008-08-29 13:23 . 2008-09-01 12:26 <DIR> d-------- C:\Arquivos de programas\Pivot Stickfigure Animator
.((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 21:38 --------- d-----w C:\Arquivos de programas\ViStart
2008-09-22 16:43 14,328,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-22 16:26 556,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-22 02:30 53,132 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-22 02:30 194,468 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-22 01:32 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2008-09-17 00:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
2008-09-01 23:46 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\Ahead
2008-09-01 17:07 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion
2008-08-23 00:27 --------- d-----w C:\Arquivos de programas\NitroPC
2008-08-18 22:44 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\uTorrent
2008-08-18 19:55 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2
2008-08-18 17:42 --------- d-----w C:\Arquivos de programas\Spyware Remover 7.0 Demo
2008-08-08 16:55 --------- d-----w C:\Arquivos de programas\Nokia
2008-08-02 03:58 --------- d-----w C:\Arquivos de programas\Dolphin
2008-08-01 20:22 40 ----a-w C:\Documents and Settings\Casa\language.dat
2008-07-24 18:06 --------- d-----w C:\Arquivos de programas\Vista Sidebar
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\WinFlip
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\VisualTooltip
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\ViOrb
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\TrueTransparency
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\Styler
2008-07-24 18:01 --------- d-----w C:\Arquivos de programas\LClock
2008-07-23 13:15 --------- d-----w C:\Arquivos de programas\uTorrent
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-11 17:15 10,121,656 ----a-w C:\Arquivos de programas\Alcohol120_trial_1.9.7.6221.exe
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-24 20:58 8,351,908 ----a-w C:\Arquivos de programas\windows_sidebar_XP_PT_BR.rar
2007-08-31 18:40 2,234,899 ----a-w C:\Arquivos de programas\fastaero0751.rar
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40, on 2008-09-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Arquivos de programas\ViOrb\ViOrb.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe
C:\Arquivos de programas\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\ViStart\ViStart.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Styler\Styler.exe
C:\Arquivos de programas\Vista Sidebar\sidebar.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijack\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Extensão do Navegador - {937833BF-40FC-46BC-806F-34201374A953} - C:\WINDOWS\system32\wgapre32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lphc943j0e73j] C:\WINDOWS\system32\lphc943j0e73j.exe
O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViStart] C:\Arquivos de programas\ViStart\ViStart
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [shockAero] C:\Documents and Settings\Casa\Meus documentos\ShockAero\ShockAero.exe
O4 - HKCU\..\Run: [CMS_RSChecker] "D:\RS FAN v1.1.exe" -m
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\Casa\Meus documentos\TransBar.exe /s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Vista Sidebar\sidebar.exe
O8 - Extra context menu item: &Search - ?p=ZCxdm451YYBR
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8677 bytes
O lo do combofix estar incompleto, por favor poste o log completo!
Depois de reiniciar o PC com o ComboFix voltou ao normal
Eu já vi suas dicas quando você ajudou o ErMac
http://forum.imasters.com.br/index.php?showtopic=3025
Eu segui as mesmas dicas e tudo voltou ao normal :grin:
vlw vcs sao d+ :clap: :clap: :clap:
Vlw nem sei como te agradecer :clap: :grin:
Queria saber como é que pega esses virus
Vou postar um outro log do Combofix, do SDfix e do HiJackThis
foi mal o link do tópico é esse: http://forum.imasters.com.br/index.php?showtopic=302573 :grin:
vai ajudar muita gente
foi mal o link do tópico é esse: http://forum.imasters.com.br/index.php?showtopic=302573 :grin:
vai ajudar muita gente! :thumbsup:
Tá aqui os logs
ComboFix:
ComboFix 08-09-22.04 - Casa 2008-09-24 13:07:54.2 - NTFSx86
Executando de: C:\Documents and Settings\Casa\Meus documentos\Aplicativos Diversos\ComboFix.exe
ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Arquivos de programas\FunWebProducts
C:\Arquivos de programas\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Arquivos de programas\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Arquivos de programas\internet explorer\msimg32.dll
C:\Arquivos de programas\MyWebSearch
C:\autorun.inf
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\windows update.exe
C:\Documents and Settings\Gustavo\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\n.com
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo1.dll
C:\WINDOWS\system32\ckvo2.dll
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo2.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\skinboxer43.dll
C:\WINDOWS\system32\wgaprem32.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NPF
-------\Service_MyWebSearchService
-------\Service_NPF
((((((((((((((((((((((( Ficheiros criados de 2008-08-24 to 2008-09-24 ))))))))))))))))))))))))))))))))
.
2008-09-23 20:26 . 2008-09-23 20:26 <DIR> d-------- C:\Arquivos de programas\TopDesk
2008-09-23 20:05 . 2008-09-23 20:05 <DIR> d-------- C:\Arquivos de programas\EA SPORTS
2008-09-23 17:15 . 2008-09-23 17:15 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-23 17:12 . 2008-09-23 17:33 <DIR> d-------- C:\SDFix
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão2008-09-23 12:16 . 2008-09-23 12:16 993 --a------ C:\WINDOWS\wininit.ini
2008-09-23 06:07 . 2008-09-23 06:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software
2008-09-22 23:04 . 2008-09-23 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2008-09-22 22:19 . 2008-09-22 22:19 <DIR> d-------- C:\Arquivos de programas\IObit
2008-09-22 22:14 . 2008-09-23 19:40 <DIR> d-------- C:\Hijack
2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos
2008-09-22 21:17 . 2008-09-23 13:44 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos
2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais
2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador2008-09-21 22:25 . 2008-09-21 22:25 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-09-17 17:50 . 2008-09-17 17:49 115,913 -r-hs---- C:\k2d8j3wa.bat
2008-09-08 14:40 . 2008-09-08 14:40 33 --a------ C:\WINDOWS\KB1369769.ini
2008-09-06 19:11 . 2008-09-06 19:11 90,834 -r-hs---- C:\r1y1.bat
2008-09-05 15:12 . 2008-09-05 15:13 <DIR> d-------- C:\Arquivos de programas\VDOWNLOADER
2008-09-05 13:41 . 2008-09-05 13:41 <DIR> d-------- C:\OutputFolder2008-09-05 12:07 . 2008-09-05 12:07 92,932 -r-hs---- C:\ktnquo.exe
2008-09-02 18:46 . 2008-09-02 18:47 90,911 -r-hs---- C:\f.bat
2008-09-02 18:31 . 2008-09-02 18:30 109,043 -r-hs---- C:\hpkq.cmd
2008-09-01 19:17 . 2008-09-01 19:29 1,750,528 --a------ C:\WINDOWS\system32\wgapre32.dll
2008-09-01 17:58 . 2008-09-01 17:57 90,623 -r-hs---- C:\kk3.bat
2008-09-01 13:16 . 2008-09-01 13:16 <DIR> d-------- C:\Arquivos de programas\Nero
2008-09-01 13:16 . 2008-09-01 13:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead
2008-08-29 13:23 . 2008-09-01 12:26 <DIR> d-------- C:\Arquivos de programas\Pivot Stickfigure Animator
.((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 16:27 --------- d-----w C:\Arquivos de programas\ViStart
2008-09-23 22:52 --------- d-----w C:\Arquivos de programas\free-downloads.net
2008-09-23 22:52 --------- d-----w C:\Arquivos de programas\Conduit
2008-09-23 22:03 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2008-09-22 16:43 14,328,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-22 16:26 556,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-22 02:30 53,132 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-22 02:30 194,468 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-17 00:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
2008-09-01 23:46 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\Ahead
2008-09-01 17:07 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion
2008-08-23 00:27 --------- d-----w C:\Arquivos de programas\NitroPC
2008-08-18 22:44 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\uTorrent
2008-08-18 19:55 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2
2008-08-18 17:42 --------- d-----w C:\Arquivos de programas\Spyware Remover 7.0 Demo
2008-08-08 16:55 --------- d-----w C:\Arquivos de programas\Nokia
2008-08-02 03:58 --------- d-----w C:\Arquivos de programas\Dolphin
2008-08-01 20:22 40 ----a-w C:\Documents and Settings\Casa\language.dat
2008-07-24 18:06 --------- d-----w C:\Arquivos de programas\Vista Sidebar
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\WinFlip
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\VisualTooltip
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\ViOrb
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\TrueTransparency
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\Styler
2008-07-24 18:01 --------- d-----w C:\Arquivos de programas\LClock
2008-07-11 17:15 10,121,656 ----a-w C:\Arquivos de programas\Alcohol120_trial_1.9.7.6221.exe
2007-12-24 20:58 8,351,908 ----a-w C:\Arquivos de programas\windows_sidebar_XP_PT_BR.rar
2007-08-31 18:40 2,234,899 ----a-w C:\Arquivos de programas\fastaero0751.rar
.
------- Sigcheck -------
2005-03-02 14:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 08:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-03 23:55 2070400 7b6e20eda4457e87986aabefa07ad0ba C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 14:08 2061056 d5ed391b213fa2a6ee25de5ab8512360 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 12:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2008-04-13 22:00 2070144 f84054bfd1d688b901ad907499879bbd C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntkrnlpa.exe
2007-02-28 12:02 2071168 556bfec77107e78076d3d470cef72b9f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 12:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 12:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe
2005-03-02 14:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 12:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-03 23:40 2194560 b09517124a659d5764b2e1760a609c2e C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 14:09 2183552 0da99d0cbd578ad96effd3a571ce8437 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 12:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2008-04-13 22:01 2193280 185f6c64734019e7e9f626e53cc37fb4 C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntoskrnl.exe
2007-02-28 12:02 2193920 239adfb7b15a5d2032842f260d19d735 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 12:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 12:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\system32\VITrans\ntoskrnl.exe
2007-06-13 09:21 1425920 16ad50b47ae6a73ba54cb016b85e4aa5 C:\WINDOWS\explorer.exe
2007-06-13 09:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-03 23:45 1424896 90a6eb2a3ce24982d96ee51f23b07de5 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 22:20 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\explorer.exe
2007-06-13 09:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 09:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\system32\VITrans\explorer.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias & legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{937833BF-40FC-46BC-806F-34201374A953}]
2008-09-01 19:29 1750528 --a------ C:\WINDOWS\system32\wgapre32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViStart"="C:\Arquivos de programas\ViStart\ViStart" [X]
"ViOrb"="C:\Arquivos de programas\ViOrb\ViOrb.exe" [2007-11-19 163840]
"VisualTaskTips"="C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2007-08-15 36352]
"LClock"="C:\Arquivos de programas\LClock\lclock.exe" [2004-09-20 65536]
"TrueTransparency"="C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe" [2008-06-24 372224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kav"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 139367]
"TopDesk"="C:\Arquivos de programas\TopDesk\topdesk.exe" [2006-03-01 201216]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-03 159744]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^Styler.lnk]
path=C:\Documents and Settings\Casa\Menu Iniciar\Programas\Inicializar\Styler.lnk
backup=C:\WINDOWS\pss\Styler.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^Thoosje Vista Sidebar.lnk]
path=C:\Documents and Settings\Casa\Menu Iniciar\Programas\Inicializar\Thoosje Vista Sidebar.lnk
backup=C:\WINDOWS\pss\Thoosje Vista Sidebar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-03-20 12:46 217544 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-12-16 12:57 94208 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:45 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NitroPC]
--a------ 2007-11-15 13:03 1975824 C:\Arquivos de programas\NitroPC\NitroPC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-03-09 13:29 7561216 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viwc]
--a------ 2007-11-30 05:56 329029 C:\WINDOWS\system32\viwc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\Casa\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Arquivos de programas\\Alwil Software\\Avast4\\ashSimpl.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 AVPsys;AVPsys;C:\WINDOWS\system32\drivers\tdi.sys [2004-08-03 18560]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{007c8316-946b-11dc-ae8b-0013d4ececad}]
\Shell\AutoRun\command - F:\m6dqm2vd.exe
\Shell\explore\Command - F:\m6dqm2vd.exe
\Shell\open\Command - F:\m6dqm2vd.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a3b98ef-b707-11dc-aa49-0013d4ececad}]
\Shell\AutoRun\command - F:\oufddh.exe
\Shell\explore\Command - F:\oufddh.exe
\Shell\open\Command - F:\oufddh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4de2d8b3-2f34-11dd-99cd-0013d4ececad}]
\Shell\AutoRun\command - E:\bpu.exe
\Shell\explore\Command - E:\bpu.exe
\Shell\open\Command - E:\bpu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68142a2e-616a-11dd-9a2e-0013d4ececad}]
\Shell\AutoRun\command - D:\fufb6tq3.cmd
\Shell\explore\Command - D:\fufb6tq3.cmd
\Shell\open\Command - D:\fufb6tq3.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abab42c1-a25a-11dc-92fb-0013d4ececad}]
\Shell\AutoRun\command - qeoc6sj.exe
\Shell\explore\Command - qeoc6sj.exe
\Shell\open\Command - qeoc6sj.exe
.
URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
MSConfigStartUp-CMS_RSChecker - D:\RS FAN v1.1.exe
MSConfigStartUp-kamsoft - C:\WINDOWS\system32\ckvo.exe
MSConfigStartUp-kava - C:\WINDOWS\system32\kavo.exe
MSConfigStartUp-lphc943j0e73j - C:\WINDOWS\system32\lphc943j0e73j.exe
MSConfigStartUp-PSwitch - C:\Arquivos de programas\Proxy Switcher Standard\ProxySwitcher.exe
MSConfigStartUp-ShockAero - C:\Documents and Settings\Casa\Meus documentos\ShockAero\ShockAero.exe
MSConfigStartUp-SpybotSD TeaTimer - C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-TransBar - C:\Documents and Settings\Casa\Meus documentos\TransBar.exe
.
------- Ccan Suplementar -------
.
FireFox -: Profile - C:\Documents and Settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\xhvmh2al.default\
FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Arquivos de programas\Mozilla Firefox\plugins\NPMyWebS.dll
FF -: plugin - C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 13:11:59
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execuçao ---------------------
PROCESSOS: C:\WINDOWS\explorer.exe
-> C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparencyHook.dll
-> C:\Arquivos de programas\VisualTaskTips\VttHooks.dll
.
Tempo para conclusão: 2008-09-24 13:15:56
ComboFix-quarantined-files.txt 2008-09-24 17:15:49
Pre-Run: 17 pasta(s) 13,746,212,864 bytes disponíveis
Post-Run: 23 pasta(s) 13,738,602,496 bytes disponíveis
261 --- E O F --- 2008-09-22 02:25:41
HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:48, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Arquivos de programas\ViOrb\ViOrb.exe
C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe
C:\Arquivos de programas\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\ViStart\ViStart.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe
C:\Arquivos de programas\Styler\Styler.exe
C:\Arquivos de programas\Vista Sidebar\sidebar.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Hijack\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Extensão do Navegador - {937833BF-40FC-46BC-806F-34201374A953} - C:\WINDOWS\system32\wgapre32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TopDesk] C:\Arquivos de programas\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe
O4 - HKCU\..\Run: [ViStart] C:\Arquivos de programas\ViStart\ViStart
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZCxdm451YYBR
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 7991 bytes
E o SDFix:
SDFix: Version 1.228
Run by Casa on 23/09/2008 at 17:18
Microsoft Windows XP [versÆo 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\Windows Update.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 17:29:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:4c,c9,1f,20,10,49,f4,4f,bf,be,f8,60,14,27,34,47,63,96,11,1b,fd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:11,ac,7e,02,76,34,be,70,aa,ac,6d,d8,9e,d6,e3,47,e9,6e,3b,19,00,..
"p0"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:725c49ba
"s2"=dword:fb9f099b
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:11,ac,7e,02,76,34,be,70,aa,ac,6d,d8,9e,d6,e3,47,e9,6e,3b,19,00,..
"p0"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:11,ac,7e,02,76,34,be,70,aa,ac,6d,d8,9e,d6,e3,47,e9,6e,3b,19,00,..
"p0"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Arquivos de programas\\DAP\\DAP.exe"="C:\\Arquivos de programas\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService"
"C:\\Arquivos de programas\\Warp Pipe\\warppipe.exe"="C:\\Arquivos de programas\\Warp Pipe\\warppipe.exe:*:Enabled:Warp Pipe Beta"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="C:\\Arquivos de programas\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Documents and Settings\\Casa\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"="C:\\Documents and Settings\\Casa\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\\WINDOWS\\system32\\a.exe"="C:\\WINDOWS\\system32\\a.exe:*:Disabled:a"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 5 Sep 2008 92,932 ..SHR --- "C:\ktnquo.exe"
Mon 25 Aug 2008 89,420 ..SHR --- "C:\n.com"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"
Sat 6 Sep 2008 90,834 ..SHR --- "C:\WINDOWS\system32\ckvo.exe"
Sun 21 Sep 2008 84,992 ..SHR --- "C:\WINDOWS\system32\ckvo0.dll"
Sat 6 Sep 2008 84,992 ..SHR --- "C:\WINDOWS\system32\ckvo1.dll"
Mon 1 Sep 2008 84,992 ..SHR --- "C:\WINDOWS\system32\ckvo2.dll"
Mon 22 Sep 2008 187,392 ..SHR --- "C:\WINDOWS\system32\kavo0.dll"
Wed 17 Sep 2008 187,392 ..SHR --- "C:\WINDOWS\system32\kavo2.dll"
Wed 6 Feb 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 6 Feb 2008 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Fri 28 Mar 2008 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"
Sun 15 Sep 2002 7,221 A..H. --- "C:\Documents and Settings\Casa\Desktop\StartHook.dll"
Mon 18 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 27 Nov 2007 525,192 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\34724ce2be5d963d34d33d37894bf8b1\BIT5E.tmp"
Wed 6 Feb 2008 4,348 ...H. --- "C:\Documents and Settings\Casa\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv1key.bak"
Wed 6 Feb 2008 401 A..H. --- "C:\Documents and Settings\Casa\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv1lic.bak"
Mon 12 Nov 2007 312 A.SH. --- "C:\Documents and Settings\Casa\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv2key.bak"
Finished!
Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções.
Delete a pasta qoobox que está localizada em C:\, delete também o Log ComboFix.txt também localizado em C:\.
Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.
Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.
File::C:\k2d8j3wa.bat
C:\WINDOWS\KB1369769.ini
C:\r1y1.bat
C:\OutputFolder
C:\ktnquo.exe
C:\f.bat
C:\hpkq.cmd
C:\kk3.bat
F:\m6dqm2vd.exe
F:\oufddh.exe
E:\bpu.exe
D:\fufb6tq3.cmd
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{007c8316-946b-11dc-ae8b-0013d4ececad}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a3b98ef-b707-11dc-aa49-0013d4ececad}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4de2d8b3-2f34-11dd-99cd-0013d4ececad}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68142a2e-616a-11dd-9a2e-0013d4ececad}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abab42c1-a25a-11dc-92fb-0013d4ececad}]
Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.
Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.
/applications/core/interface/imageproxy/imageproxy.php?img=http://virus-protect.org/artikel/bilder/cfscript.gif&key=9b762e2062a60b210b24ca6bb45677b226357ecae5fca060027ef09f35e03016" alt="cfscript.gif" />
O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.
IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.
Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
Poste-o junto com o novo log do hijackthis
Tá aqui os logs:
Combofix:
ComboFix 08-09-24.01 - Casa 2008-09-24 15:25:19.3 - NTFSx86
Executando de: C:\Documents and Settings\Casa\Meus documentos\Aplicativos Diversos\ComboFix.exe
Command switches used :: C:\Documents and Settings\Casa\Desktop\CFScript.txt
* Criado um novo ponto de restauro
ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
FILE ::
C:\f.bat
C:\hpkq.cmd
C:\k2d8j3wa.bat
C:\kk3.bat
C:\ktnquo.exe
C:\OutputFolder
C:\r1y1.bat
C:\WINDOWS\KB1369769.ini
D:\fufb6tq3.cmd
E:\bpu.exe
F:\m6dqm2vd.exe
F:\oufddh.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\f.bat
C:\hpkq.cmd
C:\k2d8j3wa.bat
C:\kk3.bat
C:\ktnquo.exe
C:\r1y1.bat
C:\WINDOWS\KB1369769.ini
F:\m6dqm2vd.exe
F:\oufddh.exe
.
((((((((((((((((((((((( Ficheiros criados de 2008-08-24 to 2008-09-24 ))))))))))))))))))))))))))))))))
.
2008-09-23 20:26 . 2008-09-23 20:26 <DIR> d-------- C:\Arquivos de programas\TopDesk
2008-09-23 20:05 . 2008-09-23 20:05 <DIR> d-------- C:\Arquivos de programas\EA SPORTS
2008-09-23 17:15 . 2008-09-23 17:15 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-23 17:12 . 2008-09-23 17:33 <DIR> d-------- C:\SDFix
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede
2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão2008-09-23 12:16 . 2008-09-23 12:16 993 --a------ C:\WINDOWS\wininit.ini
2008-09-23 06:07 . 2008-09-23 06:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software
2008-09-22 23:04 . 2008-09-23 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2008-09-22 22:19 . 2008-09-22 22:19 <DIR> d-------- C:\Arquivos de programas\IObit
2008-09-22 22:14 . 2008-09-24 13:20 <DIR> d-------- C:\Hijack
2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos
2008-09-22 21:17 . 2008-09-23 13:44 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos
2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais
2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador2008-09-21 22:25 . 2008-09-21 22:25 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-09-05 15:12 . 2008-09-05 15:13 <DIR> d-------- C:\Arquivos de programas\VDOWNLOADER
2008-09-05 13:41 . 2008-09-05 13:41 <DIR> d-------- C:\OutputFolder2008-09-01 19:17 . 2008-09-01 19:29 1,750,528 --a------ C:\WINDOWS\system32\wgapre32.dll
2008-09-01 13:16 . 2008-09-01 13:16 <DIR> d-------- C:\Arquivos de programas\Nero
2008-09-01 13:16 . 2008-09-01 13:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead
2008-08-29 13:23 . 2008-09-01 12:26 <DIR> d-------- C:\Arquivos de programas\Pivot Stickfigure Animator
.((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 19:05 --------- d-----w C:\Arquivos de programas\D-Tools
2008-09-24 18:41 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2008-09-24 18:35 --------- d-----w C:\Arquivos de programas\ViStart
2008-09-24 00:37 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
2008-09-23 22:52 --------- d-----w C:\Arquivos de programas\free-downloads.net
2008-09-23 22:52 --------- d-----w C:\Arquivos de programas\Conduit
2008-09-22 16:43 14,328,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-22 16:26 556,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-22 02:30 53,132 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-22 02:30 194,468 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-17 00:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
2008-09-01 23:46 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\Ahead
2008-09-01 17:07 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion
2008-08-23 00:27 --------- d-----w C:\Arquivos de programas\NitroPC
2008-08-18 22:44 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\uTorrent
2008-08-18 19:55 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2
2008-08-18 17:42 --------- d-----w C:\Arquivos de programas\Spyware Remover 7.0 Demo
2008-08-08 16:55 --------- d-----w C:\Arquivos de programas\Nokia
2008-08-02 03:58 --------- d-----w C:\Arquivos de programas\Dolphin
2008-08-01 20:22 40 ----a-w C:\Documents and Settings\Casa\language.dat
2008-07-24 18:06 --------- d-----w C:\Arquivos de programas\Vista Sidebar
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\WinFlip
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\VisualTooltip
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\ViOrb
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\TrueTransparency
2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\Styler
2008-07-24 18:01 --------- d-----w C:\Arquivos de programas\LClock
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-11 17:15 10,121,656 ----a-w C:\Arquivos de programas\Alcohol120_trial_1.9.7.6221.exe
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2007-12-24 20:58 8,351,908 ----a-w C:\Arquivos de programas\windows_sidebar_XP_PT_BR.rar
2007-08-31 18:40 2,234,899 ----a-w C:\Arquivos de programas\fastaero0751.rar
.
------- Sigcheck -------
2005-03-02 14:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 08:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-03 23:55 2070400 7b6e20eda4457e87986aabefa07ad0ba C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 14:08 2061056 d5ed391b213fa2a6ee25de5ab8512360 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 12:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2008-04-13 22:00 2070144 f84054bfd1d688b901ad907499879bbd C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntkrnlpa.exe
2007-02-28 12:02 2071168 556bfec77107e78076d3d470cef72b9f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 12:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 12:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe
2005-03-02 14:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 12:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-03 23:40 2194560 b09517124a659d5764b2e1760a609c2e C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 14:09 2183552 0da99d0cbd578ad96effd3a571ce8437 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 12:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2008-04-13 22:01 2193280 185f6c64734019e7e9f626e53cc37fb4 C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntoskrnl.exe
2007-02-28 12:02 2193920 239adfb7b15a5d2032842f260d19d735 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 12:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 12:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\system32\VITrans\ntoskrnl.exe
2007-06-13 09:21 1425920 16ad50b47ae6a73ba54cb016b85e4aa5 C:\WINDOWS\explorer.exe
2007-06-13 09:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-03 23:45 1424896 90a6eb2a3ce24982d96ee51f23b07de5 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 22:20 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\explorer.exe
2007-06-13 09:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 09:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\system32\VITrans\explorer.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias & legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{937833BF-40FC-46BC-806F-34201374A953}]
2008-09-01 19:29 1750528 --a------ C:\WINDOWS\system32\wgapre32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViStart"="C:\Arquivos de programas\ViStart\ViStart" [X]
"ViOrb"="C:\Arquivos de programas\ViOrb\ViOrb.exe" [2007-11-19 163840]
"VisualTaskTips"="C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2007-08-15 36352]
"LClock"="C:\Arquivos de programas\LClock\lclock.exe" [2004-09-20 65536]
"TrueTransparency"="C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe" [2008-06-24 372224]
"viwc"="C:\WINDOWS\system32\viwc.exe" [2007-11-30 329029]
"NitroPC"="C:\Arquivos de programas\NitroPC\NitroPC.exe" [2007-11-15 1975824]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2005-12-16 94208]
"AlcoholAutomount"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kav"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 139367]
"TopDesk"="C:\Arquivos de programas\TopDesk\topdesk.exe" [2006-03-01 201216]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 7561216]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]
C:\Documents and Settings\Casa\Menu Iniciar\Programas\Inicializar\
Styler.lnk - C:\Documents and Settings\Casa\Dados de aplicativos\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-07-05 15086]
Thoosje Vista Sidebar.lnk - C:\Arquivos de programas\Vista Sidebar\sidebar.exe [2008-07-24 524288]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\Casa\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Arquivos de programas\\Alwil Software\\Avast4\\ashSimpl.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R4 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [ ]
S3 AVPsys;AVPsys;C:\WINDOWS\system32\drivers\tdi.sys [2004-08-03 18560]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 15:27:49
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d344prt]
"ImagePath"="System32\Drivers\d344prt.sys"
.
Tempo para conclusão: 2008-09-24 15:31:15
ComboFix-quarantined-files.txt 2008-09-24 19:31:11
Pre-Run: 17 pasta(s) 10.849.910.784 bytes disponíveis
Post-Run: 23 pasta(s) 10,849,513,472 bytes disponíveis
205 --- E O F --- 2008-09-22 02:25:41
HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:41, on 24/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\ViOrb\ViOrb.exe
C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Arquivos de programas\LClock\lclock.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Styler\Styler.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Hijack\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Extensão do Navegador - {937833BF-40FC-46BC-806F-34201374A953} - C:\WINDOWS\system32\wgapre32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TopDesk] C:\Arquivos de programas\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe
O4 - HKCU\..\Run: [ViStart] C:\Arquivos de programas\ViStart\ViStart
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Vista Sidebar\sidebar.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZCxdm451YYBR
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9322 bytes
Faça o download do Kill Box
• Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):
C:\WINDOWS\system32\viwc.exe
• Volte ao KillBox. Clique em **File > Paste from clipboard**. Clique no botão **All Files**;
• Clique no e responda **Não** à pergunta.
- Reinicie o computador em **Modo Seguro** (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17, on 2008-09-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Hijack\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Extensão do Navegador - {937833BF-40FC-46BC-806F-34201374A953} - C:\WINDOWS\system32\wgapre32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TopDesk] C:\Arquivos de programas\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe
O4 - HKCU\..\Run: [ViStart] C:\Arquivos de programas\ViStart\ViStart
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Styler.lnk = ?
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Vista Sidebar\sidebar.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZCxdm451YYBR
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 7803 bytes
:thumbsup:
Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.
Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.
Registry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"viwc"=-
Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.
Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.
/applications/core/interface/imageproxy/imageproxy.php?img=http://virus-protect.org/artikel/bilder/cfscript.gif&key=9b762e2062a60b210b24ca6bb45677b226357ecae5fca060027ef09f35e03016" alt="cfscript.gif" />
O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.
IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.
Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
Poste-o junto com o novo log do hijackthis
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Baixe o Combofix e salve no seu desktop.
Feche todas as janelas e programas
Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.
Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.
Atenção:
Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.
Para parar ou sair do ComboFix, tecle "2" e Enter.
Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.