Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Gostaria de ajuda para remoção de vírus
segue meu log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:35, on 4/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\ARQUIV~1\MICROS~4\rapimgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE
C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001
C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001
C:\Arquivos de programas\Adobe\Adobe Flash CS3\Flash.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fxmanager.canalfx.tv:8080/tkt_fox/j...jsp?language=pt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/
O2 - BHO: (no name) - {03E9E33F-6469-4205-A67D-25110AC44806} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F2536368-B7D7-4396-B369-6615FC72CE76} - (no file)
O2 - BHO: (no name) - {F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no file)
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [5836ecee] rundll32.exe "C:\WINDOWS\system32\pfmtcmdk.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8DC99E-352F-4109-ABE5-DC9B6F7973AA}: NameServer = 200.149.55.142 200.165.132.154
O20 - AppInit_DLLs: vchdwo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 10742 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44:11, on 4/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\ARQUIV~1\MICROS~4\rapimgr.exe
C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fxmanager.fxbrasil.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {03E9E33F-6469-4205-A67D-25110AC44806} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F2536368-B7D7-4396-B369-6615FC72CE76} - (no file)
O2 - BHO: (no name) - {F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no file)
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [5836ecee] rundll32.exe "C:\WINDOWS\system32\pfmtcmdk.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8DC99E-352F-4109-ABE5-DC9B6F7973AA}: NameServer = 200.149.55.142 200.165.132.154
O20 - AppInit_DLLs: vchdwo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9564 bytes
------------------------------------------------
ComboFix 09-01-02.01 - Administrador 2009-01-04 23:19:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1791.1150 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Administrador\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\BM5b05df72.txt
c:\windows\BM5b05df72.xml
c:\windows\system32\cpsutvmd.ini
c:\windows\system32\csfjspeo.ini
c:\windows\system32\iwubvghw.ini
c:\windows\system32\kdmctmfp.ini
c:\windows\system32\omuucnbk.ini
c:\windows\system32\QtEdLRqr.ini
c:\windows\system32\QtEdLRqr.ini2
c:\windows\system32\vkddhiap.ini
.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-05 to 2009-01-05 ))))))))))))))))))))))))))))
.
2009-01-03 10:45 . 2009-01-03 10:45 <DIR> d-------- c:\arquivos de programas\Microsoft Office Outlook Connector
2009-01-03 10:43 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-03 10:40 . 2009-01-03 10:40 <DIR> d-------- c:\arquivos de programas\Microsoft Sync Framework
2009-01-03 10:35 . 2009-01-03 10:35 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive2008-12-26 13:55 . 2008-10-03 08:16 247,326 --------- c:\windows\system32\DllCache\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 12:45 --------- d-----w c:\arquivos de programas\Microsoft
2009-01-03 12:43 --------- d-----w c:\arquivos de programas\Windows Live
2009-01-03 12:33 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2008-12-28 23:47 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\U3
2008-12-28 00:07 --------- d-----w c:\arquivos de programas\eMule
2008-12-26 15:41 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Corel
2008-12-26 15:41 --------- d-----w c:\arquivos de programas\Corel
2008-12-26 15:40 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Corel
2008-12-26 15:26 88 --sh--r c:\documents and settings\All Users\Dados de aplicativos\67876D54BA.sys
2008-12-26 15:26 3,140 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys
2008-12-05 01:03 308,072 ----a-w c:\windows\WLXPGSS.SCR
2008-11-17 14:14 7 ----a-w c:\documents and settings\Administrador\Dados de aplicativos\momento_log.dat
2008-11-17 14:12 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\D-Book
2008-11-17 14:11 --------- d-----w c:\arquivos de programas\Digipix D-Book
2008-11-15 22:59 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack
2008-11-15 22:25 --------- d-----w c:\arquivos de programas\Windows Media Components
2008-10-19 00:49 98,304 ----a-w c:\windows\system32CmdLineExt.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-12-06 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"fssui"="c:\arquivos de programas\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vchdwo.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Autodesk\\backburner\\monitor.exe"=
"c:\\Arquivos de programas\\Autodesk\\backburner\\manager.exe"=
"c:\\Arquivos de programas\\Autodesk\\backburner\\server.exe"=
"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Arquivos de programas\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10064:TCP"= 10064:TCP:BitComet 10064 TCP
"10064:UDP"= 10064:UDP:BitComet 10064 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-03 55136]
R4 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R4 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S3 cpuz129;cpuz129;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-117609710-725345543-500.job
2008-08-10 c:\windows\Tasks\McDefragTask.job
2008-11-01 c:\windows\Tasks\McQcTask.job
.
BHO-{03E9E33F-6469-4205-A67D-25110AC44806} - (no file)
BHO-{F2536368-B7D7-4396-B369-6615FC72CE76} - (no file)
BHO-{F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no file)
HKLM-Run-5836ecee - c:\windows\system32\pfmtcmdk.dll
HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe
.
------- Scan Suplementar -------
.
uStart Page = hxxp://fxmanager.fxbrasil.uol.com.br/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Baixar link usando &BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm
IE: Baixar todos os links usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ig
FF - component: c:\arquivos de programas\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.2.133.33\npGoogleOneClick7.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 23:25:34
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquiv~1\MICROS~4\rapimgr.exe
c:\arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
c:\arquivos de programas\Bonjour\mDNSResponder.exe
c:\arquiv~1\McAfee\MSC\mcmscsvc.exe
c:\arquiv~1\ARQUIV~1\McAfee\MNA\McNASvc.exe
c:\arquiv~1\ARQUIV~1\McAfee\McProxy\McProxy.exe
c:\arquiv~1\McAfee\VIRUSS~1\Mcshield.exe
c:\arquivos de programas\McAfee\MPF\MpfSrv.exe
c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\arquivos de programas\Windows Live\Contacts\wlcomm.exe
c:\arquiv~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\arquivos de programas\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-01-04 23:28:50 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-01-05 01:28:43
PrÚ-execuþÒo: 13 pasta(s) 62.859.395.072 bytes disponíveis
Pós execução: 13 pasta(s) 62,894,850,048 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
197 --- E O F --- 2009-01-03 12:33:57
Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.
Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.
File::G:\LaunchU3.exe -a
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-117609710-725345543-500.job
c:\windows\Tasks\McDefragTask.job
c:\windows\Tasks\McQcTask.job
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.
Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.
/applications/core/interface/imageproxy/imageproxy.php?img=http://virus-protect.org/artikel/bilder/cfscript.gif&key=9b762e2062a60b210b24ca6bb45677b226357ecae5fca060027ef09f35e03016" alt="cfscript.gif" />
O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.
IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.
Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
Poste-o junto com o novo log do hijackthis
Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.
Tutorial Kaspersky Online Scanner
Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.
Segue os logs
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:38:47, on 6/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\ARQUIV~1\MICROS~4\rapimgr.exe
C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
c:\ARQUIV~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe
C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fxmanager.fxbrasil.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {03E9E33F-6469-4205-A67D-25110AC44806} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F2536368-B7D7-4396-B369-6615FC72CE76} - (no file)
O2 - BHO: (no name) - {F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no file)
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [5836ecee] rundll32.exe "C:\WINDOWS\system32\pfmtcmdk.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8DC99E-352F-4109-ABE5-DC9B6F7973AA}: NameServer = 200.149.55.142 200.165.132.154
O20 - AppInit_DLLs: vchdwo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9693 bytes
---------------------------------------------------------------------------------------
ComboFix 09-01-02.01 - Administrador 2009-01-05 17:20:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1791.1351 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt
* Criado um novo ponto de restauro
* Resident AV is active
FILE ::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-117609710-725345543-500.job
c:\windows\Tasks\McDefragTask.job
c:\windows\Tasks\McQcTask.job
G:\LaunchU3.exe -a
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-117609710-725345543-500.job
c:\windows\Tasks\McDefragTask.job
c:\windows\Tasks\McQcTask.job
.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-05 to 2009-01-05 ))))))))))))))))))))))))))))
.
2009-01-04 23:39 . 2009-01-04 23:39 <DIR> d-------- c:\windows\system32\xircom
2009-01-04 23:39 . 2009-01-04 23:39 <DIR> d-------- c:\windows\system32\oobe
2009-01-04 23:39 . 2009-01-04 23:39 <DIR> d-------- c:\arquivos de programas\microsoft frontpage
2009-01-03 10:45 . 2009-01-03 10:45 <DIR> d-------- c:\arquivos de programas\Microsoft Office Outlook Connector2009-01-03 10:43 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-03 10:40 . 2009-01-03 10:40 <DIR> d-------- c:\arquivos de programas\Microsoft Sync Framework
2009-01-03 10:35 . 2009-01-03 10:35 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive2008-12-26 13:55 . 2008-10-03 08:16 247,326 --------- c:\windows\system32\DllCache\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 12:45 --------- d-----w c:\arquivos de programas\Microsoft
2009-01-03 12:43 --------- d-----w c:\arquivos de programas\Windows Live
2009-01-03 12:33 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2008-12-28 23:47 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\U3
2008-12-28 00:07 --------- d-----w c:\arquivos de programas\eMule
2008-12-26 15:41 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Corel
2008-12-26 15:41 --------- d-----w c:\arquivos de programas\Corel
2008-12-26 15:40 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Corel
2008-12-26 15:26 88 --sh--r c:\documents and settings\All Users\Dados de aplicativos\67876D54BA.sys
2008-12-26 15:26 3,140 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys
2008-12-12 17:35 3,081,216 ------w c:\windows\system32\DllCache\mshtml.dll
2008-12-05 01:03 308,072 ----a-w c:\windows\WLXPGSS.SCR
2008-12-03 00:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-17 14:14 7 ----a-w c:\documents and settings\Administrador\Dados de aplicativos\momento_log.dat
2008-11-17 14:12 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\D-Book
2008-11-17 14:11 --------- d-----w c:\arquivos de programas\Digipix D-Book
2008-11-15 22:59 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack
2008-11-15 22:25 --------- d-----w c:\arquivos de programas\Windows Media Components
2008-10-24 11:25 455,936 ------w c:\windows\system32\DllCache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ------w c:\windows\system32\DllCache\gdi32.dll
2008-10-19 00:49 98,304 ----a-w c:\windows\system32CmdLineExt.dll
2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 16:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 16:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:59 332,800 ------w c:\windows\system32\DllCache\netapi32.dll
2008-10-15 09:45 18,432 ------w c:\windows\system32\DllCache\iedw.exe
.
((((((((((((((((((((((((((((( snapshot@2009-01-04_23.27.10.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-05 19:13:11 16,384 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
+ 2009-01-05 19:13:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-05 01:29:47 66,486 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-05 01:29:47 75,100 ----a-w c:\windows\system32\perfc016.dat
+ 2009-01-05 01:29:47 429,788 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-05 01:29:47 462,738 ----a-w c:\windows\system32\perfh016.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-12-06 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"fssui"="c:\arquivos de programas\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"5836ecee"="c:\windows\system32\pfmtcmdk.dll" [bU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vchdwo.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Autodesk\\backburner\\monitor.exe"=
"c:\\Arquivos de programas\\Autodesk\\backburner\\manager.exe"=
"c:\\Arquivos de programas\\Autodesk\\backburner\\server.exe"=
"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Arquivos de programas\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10064:TCP"= 10064:TCP:BitComet 10064 TCP
"10064:UDP"= 10064:UDP:BitComet 10064 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-03 55136]
R4 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R4 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S3 cpuz129;cpuz129;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?]
.
BHO-{03E9E33F-6469-4205-A67D-25110AC44806} - (no file)
BHO-{F2536368-B7D7-4396-B369-6615FC72CE76} - (no file)
BHO-{F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no file)
.
------- Scan Suplementar -------
.
uStart Page = hxxp://fxmanager.fxbrasil.uol.com.br/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Baixar link usando &BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm
IE: Baixar todos os links usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ig
FF - component: c:\arquivos de programas\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.2.133.33\npGoogleOneClick7.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 17:22:35
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
Tempo para conclusão: 2009-01-05 17:24:04
ComboFix-quarantined-files.txt 2009-01-05 19:23:54
ComboFix2.txt 2009-01-05 01:28:53
Pré-execução: 13 pasta(s) 64.575.733.760 bytes disponíveis
Pós execução: 13 pasta(s) 64,565,747,712 bytes disponíveis
194 --- E O F --- 2009-01-03 12:33:57
-----------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 6, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, January 05, 2009 18:07:48
Records in database: 1564760--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\
Scan statistics:
Files scanned: 165380
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 03:59:19
File name / Threat name / Threats count
C:\Downloads\130.osCommerce.Templates.zip Infected: Trojan-Dropper.Win32.Delf.agp 1
C:\Downloads\130.osCommerce.Templates.zip Infected: Hoax.Win32.Agent.s 1
The selected area was scanned.
Faça o download SmitfraudFix
Você deve imprimir estas instruções, ou copiá-las para um arquivo Bloco de notas para a leitura, enquanto no modo de segurança, porque você não será capaz de se conectar à Internet para ler a partir deste site.
Por favor, reinicie o seu computador no Modo de Segurança, faça o seguinte:
• Reinicie o computador
• Depois de ouvir o seu computador apitar uma vez durante a inicialização, mas antes do Windows ícone aparece, toque na tecla F8 continuamente;
• Em vez de carregar o Windows como normal, um menu com opções deverá aparecer;• Selecione a primeira opção, para executar o Windows no Modo de Segurança e, em seguida, pressione "Enter".
• Escolha o seu habitual conta.
Uma vez em modo de segurança, dê um duplo clique SmitfraudFix.exe.
Selecione a opção # 2 - Limpeza, digitando 2 e pressione "Enter" para apagar arquivos infectados.
Você será perguntado: "Registro limpeza - Você deseja limpar o registro?"; Responder "Sim", digitando Y e pressione "Enter", a fim de remover o fundo desktop e limpar registro chaves associados à infecção.
A ferramenta pode precisar reiniciar o computador para concluir o processo de limpeza, se não, por favor reinicie o Windows normal qualquer maneira. um arquivo de texto irár aparecer na tela, com os resultados dos processos de limpeza, copie / cole o conteúdo do SmitfraudFix relatório em sua próxima resposta, juntamente com um novo log HijackThis. O relatório também pode ser encontrado na raiz da unidade do sistema, normalmente em C: \ rapport.txt.
Segue os logs
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:09, on 6/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de
programas\Java\jre1.5.0_05\bin\jusched.exe
C:\Arquivos de
programas\McAfee.com\Agent\mcagent.exe
C:\Arquivos de programas\Analog
Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows
Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Microsoft
ActiveSync\wcescomm.exe
C:\Arquivos de programas\Spybot - Search &
Destroy\TeaTimer.exe
C:\Documents and
Settings\Administrador\Configurações
locais\Dados de
aplicativos\Google\Update\GoogleUpdate.exe
C:\ARQUIV~1\MICROS~4\rapimgr.exe
C:\Arquivos de
programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
mscorsvw.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.ex
e
C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
C:\Arquivos de programas\Analog
Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol
120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Windows
Live\Contacts\wlcomm.exe
C:\Documents and
Settings\Administrador\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://fxmanager.fxbrasil.uol.com.br/
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion
\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) -
{03E9E33F-6469-4205-A67D-25110AC44806} - (no
file)
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) -
{F2536368-B7D7-4396-B369-6615FC72CE76} - (no
file)
O2 - BHO: (no name) -
{F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no
file)
O4 - HKLM\..\Run: [sunJavaUpdateSched]
C:\Arquivos de
programas\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de
programas\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de
programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [5836ecee] rundll32.exe
"C:\WINDOWS\system32\pfmtcmdk.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de
programas\Windows Live\Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run: [H/PC Connection Agent]
"C:\Arquivos de programas\Microsoft
ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount]
"C:\Arquivos de programas\Alcohol Soft\Alcohol
120\axcmd.exe" /automount
O4 - HKCU\..\Run: [spybotSD TeaTimer]
C:\Arquivos de programas\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite]
"C:\Arquivos de programas\DAEMON Tools
Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update]
"C:\Documents and
Settings\Administrador\Configurações
locais\Dados de
aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe
/C move /Y
"%SystemRoot%\System32\syssetub.dll"
"%SystemRoot%\System32\syssetup.dll" (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'Default
user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe
/C move /Y
"%SystemRoot%\System32\syssetub.dll"
"%SystemRoot%\System32\syssetup.dll" (User
'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de
programas\Arquivos
comuns\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: Adobe Reader Speed
Launch.lnk = C:\Arquivos de
programas\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Baixar link
usando &BitComet - res://C:\Arquivos de
programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Baixar todos os
links usando BitComet - res://C:\Arquivos de
programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Baixar todos os
vídeos usando BitComet - res://C:\Arquivos de
programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: E&xportar para o
Microsoft Excel -
res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/
3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Arquivos de
programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console
C:\Arquivos de
programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito
Móvel... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet -
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -
res://C:\Arquivos de
programas\BitComet\tools\BitCometBHO_1.2.8.7.d
ll/206 (file missing)
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search &
Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF:
SEARCH_PAGE_URL=&http://home.microsoft.com/int
l/br/access/allinone.asp
O14 - IERESET.INF:
START_PAGE_URL=http://www.compartilhando.org/
O20 - AppInit_DLLs: vchdwo.dll
O23 - Service: Adobe LM Service - Adobe
Systems - C:\Arquivos de programas\Arquivos
comuns\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service:
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879
762## (Bonjour Service) - Apple Computer, Inc.
programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service -
Macrovision Europe Ltd. - C:\Arquivos de
programas\Arquivos comuns\Macrovision
Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Arquivos de programas\Arquivos
comuns\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: Macromedia Licensing Service -
Unknown owner - C:\Arquivos de
programas\Arquivos comuns\Macromedia
Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) -
McAfee, Inc. -
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc)
c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) -
McAfee, Inc. -
C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy)
c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.ex
e
O23 - Service: McAfee Real-time Scanner
(McShield) - McAfee, Inc. -
C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon)
C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall
Service (MpfService) - McAfee, Inc. -
C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
O23 - Service: SoundMAX Agent Service
(SoundMAX Agent Service (default)) - Analog
Devices, Inc. - C:\Arquivos de
programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service
(StarWindServiceAE) - Rocket Division Software
Soft\Alcohol
120\StarWind\StarWindServiceAE.exe
--
End of file - 7932 bytes
------------------------------------------------------------------------------------------------
SmitFraudFix v2.388
Scan done at 19:46:02,79, ter 06/01/2009
Run from C:\Documents and Settings\Administrador\Desktop\SmitfraudFix
OS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Segue o log
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, January 8, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, January 08, 2009 00:24:06
Records in database: 1582621--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\
Scan statistics:
Files scanned: 161147
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:11:34
File name / Threat name / Threats count
C:\RECYCLER\S-1-5-21-606747145-117609710-725345543-500\Dc1.zip Infected: Trojan-Dropper.Win32.Delf.agp 1
C:\RECYCLER\S-1-5-21-606747145-117609710-725345543-500\Dc1.zip Infected: Hoax.Win32.Agent.s 1
The selected area was scanned.
Esvazei a lixeira, no mais seu log estar limpo.
◘ Clique em Salvar e quando terminado o download, faça a instalação;
◘ Abra o programa e clique em **Executar Limpeza**;
◘ Após isto, clique em **Registro > Procurar erros > Corrigir erros selecionados**.Pronto , mas ainda aparece uma mensagem quando eu inicio o PC, o que seria isso?
/applications/core/interface/imageproxy/imageproxy.php?img=http://www.magalhaesrj.com.br/transf/imagem-defeito.jpg&key=ce2a321a68d202da4569fc9075d20d9395e48d188ec8744d8f823f1fd50a3778" alt="imagem-defeito.jpg" />
Poste um novo log do hijackthis
Segue
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:32, on 8/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\ARQUIV~1\MICROS~4\rapimgr.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\~e5d141.tmp
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\~e5d141.tmp
C:\WINDOWS\system32\wuauclt.exe
C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrador\Desktop\Programas para remover virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fxmanager.fxbrasil.uol.com.br/
O2 - BHO: (no name) - {03E9E33F-6469-4205-A67D-25110AC44806} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F2536368-B7D7-4396-B369-6615FC72CE76} - (no file)
O2 - BHO: (no name) - {F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no file)
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [5836ecee] rundll32.exe "C:\WINDOWS\system32\pfmtcmdk.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8DC99E-352F-4109-ABE5-DC9B6F7973AA}: NameServer = 200.149.55.142 200.165.132.154
O20 - AppInit_DLLs: vchdwo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8253 bytes
Faça um scan online com o [url=]http://forum.messbrasil.com.br/index.php?showtopic=4452&hl=Bitdefender e poste o log do scan aqui mesmo no tópico.
Pode colocar o topico como resolvido
agradeço mais uma vez a equipe
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
• Baixe: < ComboFix.exe >
• Salve-o no Desktop!
• Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )
• Feche todas as janelas e execute a ferramenta!
• Na solicitação: "Negação de garantia de software" --> Clique em Sim!
• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!
-- Ps: Nomeie durante o salvamento,e não após salvá-la!
-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.
-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.
• Abrir-se-á a janela Auto Scan. --> Aguarde!
• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.
• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.
• Aguarde a conclusão!
• Durante o scan,evite manusear o mouse ou teclado! <-- Importante!
• Para parar ou sair do ComboFix,tecle "N" --> Enter.
----------------------
• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.