[Arquivado]Estarei infectado? É o mais provável.

pteixeira · Outubro 25, 2006

O Computador tem andado estranho, na web não consigo correr páginas feitas em ASP.

Logo não consegui correr o Panda Active Scan, mas junto anexo o Log do Hijack e do Kaspersky

Hijack

Logfile of HijackThis v1.99.1
Scan saved at 14:38:53, on 25-10-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\svchost.exe

C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Programas\OpenOffice.org 2.0\program\soffice.exe

C:\Programas\OpenOffice.org 2.0\program\soffice.BIN

C:\Programas\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [WindowsServicesStartup] "C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\svchost.exe" 1

O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] "C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P] Football Manager 2007

O4 - HKLM\..\Run: [wmz4be62] "RUNDLL32.EXE" w040fd3e.dll,n 0064be5c0000000a040fd3e

O4 - HKCU\..\Run: [Free Download Manager] C:\Programas\Free Download Manager\fdm.exe -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programas\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158249557574

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Kaspersky

Infected Object Name Virus Name Last Action
C:\!KillBox\deskbar_e34.exe/deskbar.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\!KillBox\deskbar_e34.exe/deskbar.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\!KillBox\deskbar_e34.exe/deskbar.exe Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\!KillBox\deskbar_e34.exe ZIP: infected - 3 skipped

C:\!KillBox\dr.exe Infected: Trojan-Downloader.Win32.VB.alt skipped

C:\!KillBox\mc44a36.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped

C:\!KillBox\shell32.exe Infected: Trojan-Downloader.Win32.IstBar.pm skipped

C:\!KillBox\user32.exe Infected: Trojan-Downloader.Win32.Small.dui skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\By Fry - Sitepal.zip.bac_a03416/YSB_toolBar.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\By Fry - Sitepal.zip.bac_a03416/YSB_toolBar.exe Infected: Trojan-Downloader.Win32.IstBar.no skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\By Fry - Sitepal.zip.bac_a03416 ZIP: infected - 2 skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\By Fry - Sitepal.zip.bac_a03416 CryptFF.b: infected - 2 skipped

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\nss6A.tmp.bac_a03416 Infected: Trojan-Downloader.Win32.IstBar.gen skipped

C:\Documents and Settings\Administrator\Application Data\Webroot\Spy Sweeper\Logs\061025093812.ses Object is locked skipped

C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\ApplicationHistory\hpqimzone.exe.b6ce8fd3.ini.inuse Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Temp\svchost.exe Infected: P2P-Worm.Win32.Kapucen.b skipped

C:\Documents and Settings\Administrator\Definições locais\Temp\~DF106C.tmp Object is locked skipped

C:\Documents and Settings\Administrator\Definições locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\NTUser.dat Object is locked skipped

C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS002D603E-0290-4439-820E-013D0F96489A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS00D36F27-C6BF-47CB-9456-4269DE537A23.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS02DACB8A-3C7C-41DD-8B5C-CE41C4F1B3D4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS09886D06-8CCC-4DDF-AD41-E21FC2212E56.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0A7595DE-C462-4146-94CD-84804E863BDB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0C95E018-4F3B-4493-A308-29AD1B1640C9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS104093C9-D1BE-4DC1-A0B8-8778B0ADE77D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS106AB11C-B11D-419C-9DBA-9678AEAC2AD0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS10D479E3-0A2D-47AF-AF2E-6DC59E22A01A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS130643A6-E3FE-4546-B3BC-FB6F6D6E2282.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS15E6C0D9-E202-43C2-B6EF-86FEB4761E52.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS18D75B63-A24D-4812-9EB1-68AE0BA47443.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1C019DFD-8281-42DC-9D28-0621ACB15E8F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1FAE07B5-6C40-41DB-8ADF-A5F8057FAB20.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2048317E-E6EC-49E3-82ED-E076389A0CAE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS20D939A1-53C1-4EDF-9F41-D4DFEAD6321B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS21B4E3BC-F548-4208-96C9-A5B3F5EA8A18.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS276EAF06-BBC7-4091-8D29-2DC77CCF3DD5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2EE18FB8-F6B3-4ADD-9CA9-2F6BC27E4530.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS30C6109C-EE87-4E20-A447-E7826D5DABF9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS31C32081-04B0-4698-9D61-1F8A0B083D52.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS32F3CEC8-0BA3-4CC6-952B-2809DD9F2C73.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS34D48792-CE25-47C0-96C1-CE9A7F88B3D9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS34F844D1-726C-458C-90F8-1A5E2CEE8F19.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3518991C-A614-4ADE-8AB7-F60BD1C97AC9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3A1E88AF-F3F1-42F9-BDA8-8257839A62A0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3AC2EFA1-3755-4488-8619-A81D097EA786.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3CE1091D-1954-41C7-8A2A-AFE58B004D22.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3DFE30C2-9A3C-4600-959E-23337C9D597B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3E0ACB41-355A-40CC-B48D-711B602493A5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3F239263-FE07-45C1-A25E-B699487EA3A1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS431E76F3-2AAE-415D-97A9-922F4CF519DB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS44E32124-3AB9-4816-85B5-41E14390B99B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4A5BE65C-970E-4F52-A2EB-47BD7441083A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4D44B976-EA64-410A-8300-61307C239B31.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS52633847-4620-4CEE-9F64-CBD2B3F1463C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5276B61A-5A30-4685-A1CC-323E8DDD2FBB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS53FF1095-0E8B-4FA0-BF22-5145D2932B52.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS55F51A56-E083-4255-A1D1-9DBAC32DEC7E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS565E92EE-C62C-4CE0-8C9B-8A02D422BB30.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5695D8D1-C4BC-4B2C-8807-E8993135A059.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS56AE5800-479E-49E5-A4C2-34864CDE3F54.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5853B238-E67A-48A7-A667-F5981526AE68.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6349A3F3-7969-4538-AFCC-C1847C984729.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS634B11ED-C811-42BA-BE50-D4F0DB605863.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS644CA54E-53FD-4B22-8D47-7FCE6B08E4F0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS65752E9A-3FD1-4636-AFDC-7C84307C6BCC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS75DD631C-BF2C-4015-A53B-612867BEE0BD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS76126E42-89A6-4411-9D64-F9EEAAD76047.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS773DC798-2767-4DE2-9432-65A64374B540.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7A126ED1-7F5E-44CD-B29B-2DAA96F05D30.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7A52142B-1369-4EAE-8C41-C1A3B5773579.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7DBABD92-A6B1-408F-82E6-3CF3FFD5D225.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7E112E4C-9E1B-43D4-B3FD-925AE72F3130.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS80851835-76C3-4E9D-8158-1931935DD528.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS81D70E71-946F-43DC-A2AE-611325BF36A4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8359597F-E3BD-4CFC-B482-87C820D84CCF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS85A88F4F-F473-4473-946C-565F34F87E84.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS89FD0C56-EE4F-4E23-8E5D-ABEBFE02C684.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B34104D-6BBB-440B-9575-3A7327392B64.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8E47C6FA-641F-4732-8E6A-8E4A0079F666.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8EE97E1E-9D15-404A-A137-726068415EC4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS94CFA42C-73BC-4BBE-9048-3498BEC6C6E4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS94FABBA7-9DC9-41B7-B992-EE55E4ACBEE3.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS96CB2F94-1DB7-4C67-ACEE-D522D684685D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS99D0E962-46CA-465D-950B-9E5FDF732349.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9B5D5926-9DC5-4CF9-86F8-761093DC2BE8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9CDE75A2-8EE6-4961-8E41-F6CDD66603E5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2E7D881-9BF9-4207-BC25-63E53A1CF039.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA519B831-BB2B-41AA-B72D-5E42FF40C377.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA64D5E6C-6191-45D8-AE7B-DAA92E293B79.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA9336180-FD5C-4F48-BFB9-67ED5CA23C7F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA98FAEF9-4F4D-4693-A907-761AFC193CFA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAD0A42DF-3E1C-4918-BEBB-ED95564193E8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF7B8156-4901-462F-B254-025E0247625F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFEA3229-FE60-47AE-A2A8-EBEF72832FF2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBBB06707-BE92-4B2C-A4A1-1CBA1B585EA8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBF700ABE-56C8-46C1-990A-DFC14875FF4F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC19DE111-366E-4EB7-A2FB-9A34433B23A4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC3765D3B-B619-49E7-8DB6-643F1F60BED2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC55A94C9-25F8-4B07-9FD0-2C0C55F96BC8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC6F212FB-B2A9-4DAA-92A4-F0ACCA6186FB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC7E64EE2-2886-42A8-B20C-329EA3D5B324.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC83D6B5E-B77F-4241-B853-DFEB805D58EF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCBB1FE96-C14C-4DD7-9B0F-6944B640DFDA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCBB2C455-5B28-4824-9BBB-02F19387252C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCE340B2E-EEB1-4055-B792-EA321ABE10DF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCF0FEAF6-6038-44EF-A1A3-861665B47603.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD0ACCD7D-1779-43CE-AA32-CFF59D1E532E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD4576520-A234-42C0-9767-42AD8B2FC643.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD6B0EFA6-751C-4F23-8EA2-9753B952603F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD93DFD8B-30FE-4F7F-9496-68F91D6B0ABD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDCD16722-B85C-47BF-B6A8-90B0D82F0530.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDE6AD449-35FB-40D2-9777-71CAA66BB379.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDEB12E4F-4D14-4A9E-9876-76F09CE4FF6C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE22E1AA9-4C18-482F-944D-AFD1157F8E58.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE330E548-2CF4-4967-B6BE-148AAE30322C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE43F55CF-4101-4A30-9542-B8CA7A5C7979.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE7CAE29A-0200-4D76-8504-C70E330104A0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE808242C-1462-48AF-9F4E-6FEDECEFDDF7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEE7AE886-B837-4F11-835F-2BFB5CE667AE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF00DF648-C7CE-4695-AEBA-70185E2C0AB1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF2BFF6B6-D6AF-4D81-9D94-F0487196035C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF71B5D8B-72A6-4713-BB18-D379375EC07A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF7721400-DB24-4DEC-8772-C7B6E457240D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF80D8FA2-3BC7-4A86-B27E-95E581473322.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF8585E13-DD17-4A7A-BD66-B7138F93524C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF94E8CC6-D85F-4943-944B-8712D98E14B7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFDE36886-044F-4997-97CF-1141ED8D33E8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Definições locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Definições locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2006-10-25.09-36-21.log Object is locked skipped

C:\Programas\Webroot\Spy Sweeper\Masters\Masters.bak Object is locked skipped

C:\Programas\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

C:\Programas\Webroot\Spy Sweeper\Masters\Masters.mst Object is locked skipped

C:\Programas\Webroot\Spy Sweeper\Masters.base Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0013139.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0013139.exe SetupFactory: infected - 1 skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0013140.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0013140.exe SetupFactory: infected - 1 skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0013141.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0013141.exe SetupFactory: infected - 1 skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0013142.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0013142.exe SetupFactory: infected - 1 skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0013143.exe/irsetup.dat Infected: Trojan-Dropper.Win32.Peerad.a skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0013143.exe SetupFactory: infected - 1 skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0013144.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014124.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014125.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014128.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014129.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014130.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014132.exe Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014133.exe Infected: Trojan-Clicker.Win32.VB.is skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014134.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014134.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014134.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014135.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014137.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014137.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014137.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014138.dll Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014140.dll Infected: Trojan-Downloader.Win32.Agent.awb skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014141.dll Infected: Trojan-Downloader.Win32.Agent.aol skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014142.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014144.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014145.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014159.exe/deskbar.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014159.exe/deskbar.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014159.exe/deskbar.exe Infected: not-a-virus:AdWare.Win32.Softomate.r skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014159.exe ZIP: infected - 3 skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014160.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014162.exe Infected: Trojan-Downloader.Win32.VB.alt skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014163.exe Infected: Trojan-Downloader.Win32.IstBar.pm skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP58\A0014164.exe Infected: Trojan-Downloader.Win32.Small.dui skipped

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP59\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\user32.exe Infected: Trojan-Downloader.Win32.Small.dui skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Agradeço a todos os que me poderem ajudar.

Cumptos

jgarcia · Outubro 25, 2006

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P] Football Manager 2007

"Eu baixei um software pirata através de um P2P". Olha o motivo da infecção.

Bem, vamos lá.

Habilite o Windows para mostrar todos os arquivos (até ocultos).

1ª Etapa

Baixe o Killbox em:

Killbox

1. Execute o Killbox, clique em Delete on Reboot.

2. Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\svchost.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

4. Aperte em "X". Responda "não" à pergunta.

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

2ª Etapa

Reinicie o computador em Modo Seguro (após reiniciar aperte a tecla F8 até aparecer uma tela preta em DOS e escolha Modo Seguro).

Execute o HijackThis, clique em Do a system scan only e marque:

O4 - HKLM\..\Run: [WindowsServicesStartup] "C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\svchost.exe" 1
O4 - HKLM\..\Run: [i downloaded pirated Software from P2P] Football Manager 2007

Clique em Fix Checked.

3ª Etapa

Ainda em Modo Seguro vá até as seguintes pastas e delete o conteúdo:

C:\!Killbox

C:\Documents and Settings\Administrator\.housecall6.6\Quarantine

4ª Etapa

Reinicie em Modo Normal.

Poste o novo log do HijackThis.

Aguardo retorno.

Um abraço.

pteixeira · Outubro 27, 2006

UPS.

É verdade, o vicio de jogar o FM2007 foi mais forte.

Antes de mais gostava ao jgarcia a rapidez e a eficacia com que trata os tóquicos. O meu obrigado,

Agora vamos aos virus.

Gostava de informar q para tentar eliminar estes "artistas" sem vos chatear instalei o Kaspersky 6 e o Avart Spyware, espero que isso não tenha influenciado em nada embora o log do Hijack vai sair um pouco diferente.

Logfile of HijackThis v1.99.1
Scan saved at 9:56:04, on 27-10-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Spyware Doctor\sdhelp.exe

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Programas\OpenOffice.org 2.0\program\soffice.exe

C:\Programas\OpenOffice.org 2.0\program\soffice.BIN

C:\Programas\HP\Digital Imaging\bin\hpqimzone.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] "C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [kis] "C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe

O4 - HKCU\..\Run: [Free Download Manager] C:\Programas\Free Download Manager\fdm.exe -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programas\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158249557574

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programas\Spyware Doctor\sdhelp.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

jgarcia · Outubro 28, 2006

Opa pteixeira,

Vamos lá.

1ª Etapa

Baixe o CCleaner em:

CCleaner

Baixe, mas não execute ainda.

2ª Etapa

1. Execute o Killbox, clique em Delete on Reboot.

2. Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

c:\windows\system32\_mzu_stonedrv8.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

4. Aperte em "X". Responda "não" à pergunta.

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

3ª Etapa

Reinicie o computador em Modo Seguro.

Execute o HijackThis, clique em Do a system scan only e marque:

O4 - HKLM\..\Run: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe
O4 - HKLM\..\RunServices: [_mzu_stonedrv8] c:\windows\system32\_mzu_stonedrv8.exe

Clique em Fix Checked.

4ª Etapa

Reinicie em Modo Normal.

Execute o CCleaner em clique em Executar Cleaner.

Poste o novo log do HijackThis.

Aguardo retorno.

Um abraço.

pteixeira · Outubro 30, 2006

Caro JGARCIA

antes de anexar o post do Hijack quero q vejas p.f. a falha que foi detectada no ASP NET apos analise no housecall.trendmicro.com

eis o link

http://www.microsoft.com/technet/security/...n/MS05-004.mspx

Logfile of HijackThis v1.99.1
Scan saved at 9:47:00, on 30-10-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Spyware Doctor\sdhelp.exe

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\OpenOffice.org 2.0\program\soffice.exe

C:\Programas\OpenOffice.org 2.0\program\soffice.BIN

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\HP\Digital Imaging\bin\hpqimzone.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] "C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [Free Download Manager] C:\Programas\Free Download Manager\fdm.exe -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programas\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158249557574

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programas\Spyware Doctor\sdhelp.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Obrigado :blush:

jgarcia · Outubro 30, 2006

Opa pteixeira,

Boa notícia: o seu log está LIMPO. :thumbsup:

Para finalizar:

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

2. Atualize o seu Sistema Operacional.

A falha detectada pela TrendMicro será corrigida após instalados todos os patchs disponíveis no site da Microsoft. Utilize o Windows UpDate contido no menu Iniciar para começar o processo de atualização.

Abraços.

pteixeira · Outubro 31, 2006

JGARCIAO sistema continua estranho "lento" e penso q terá afectado a parte gráficatb acho estranho estes tópicos do logR3 - Default URLSearchHook is missingO20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)Obrigado

jgarcia · Outubro 31, 2006

Opa pteixeira,

Ambas as entradas são normais.

Baixe o SilentRunners.

Extraia o arquivo SillentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole aqui.

Abraços.

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

pteixeira · Outubro 31, 2006

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Free Download Manager" = "C:\Programas\Free Download Manager\fdm.exe -autorun" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"HP Software Update" = ""C:\Programas\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Co."]

"Acrobat Assistant 7.0" = ""C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]

"HPWS myPrintMileage Agent" = ""C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe"" [null data]

"SunJavaUpdateSched" = "C:\Programas\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"!AVG Anti-Spyware" = ""C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Programas\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Apresentar extensão de panorâmica CPL"

-> {HKLM...CLSID} = "Apresentar extensão de panorâmica CPL"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

Estava incompleta

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Free Download Manager" = "C:\Programas\Free Download Manager\fdm.exe -autorun" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"HP Software Update" = ""C:\Programas\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Co."]

"Acrobat Assistant 7.0" = ""C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]

"HPWS myPrintMileage Agent" = ""C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe"" [null data]

"SunJavaUpdateSched" = "C:\Programas\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"!AVG Anti-Spyware" = ""C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Programas\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Apresentar extensão de panorâmica CPL"

-> {HKLM...CLSID} = "Apresentar extensão de panorâmica CPL"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Extensão de ícones de ficheiros do Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

-> {HKLM...CLSID} = "AlcoholShellEx"

\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]

"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"

-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Programas\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Programas\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Programas\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Programas\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Programas\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Alentejo.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Alentejo.bmp"

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

"FriendlyName" = ""

"Source" = "C:\Programas\Outlook Express\kyze.html"

"SubscribedURL" = ""

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\

"FriendlyName" = ""

"Source" = "C:\Programas\ComPlus Applications\howymy.html"

"SubscribedURL" = ""

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

Startup items in "Administrator" & "All Users" startup folders:

---------------------------------------------------------------

C:\Documents and Settings\Administrator\Menu Iniciar\Programas\Arranque

"Adobe Gamma" -> shortcut to: "C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"OpenOffice.org 2.0" -> shortcut to: "C:\Programas\OpenOffice.org 2.0\program\quickstart.exe" [null data]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque

"Adobe Acrobat Speed Launcher" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe" [null data]

"Inicialização rápida do HP Image Zone" -> shortcut to: "C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]

Enabled Scheduled Tasks:

------------------------

"At1" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found]

"At2" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found]

"At3" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Pesquisar"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32\(Default) = "C:\Programas\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32\(Default) = "C:\Programas\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Pesquisar"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Programas\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

Machine Debug Manager, MDM, ""C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

SSL de HTTP, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}

StarWind iSCSI Service, StarWindService, "C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

Print Monitors:

---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]

HP LaserJet 5 Language Monitor\Driver = "hpdcmon.dll" ["Hewlett-Packard"]

HPWSLMN\Driver = "hpwslmn.dll" ["HP"]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

----------

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 199 seconds, including 18 seconds for message boxes)

jgarcia · Novembro 1, 2006

Opa pteixeira,

1. Execute o Killbox, clique em Delete on Reboot.

2. Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

C:\WINDOWS\system32\wunauclt.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

4. Aperte em "X". Responda "não" à pergunta.

Reinicie em Modo Normal.

Poste o novo log do SilentRunners.

Um abraço.

pteixeira · Novembro 2, 2006

Caro J Garcia

quanto ao desempenho da máquina está tudo na mesma, lenta e com o aspecto visual estranho, mas como você é q é o especialista junto anexo o log.

Cumptos

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Free Download Manager" = "C:\Programas\Free Download Manager\fdm.exe -autorun" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"HP Software Update" = ""C:\Programas\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Co."]

"Acrobat Assistant 7.0" = ""C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]

"HPWS myPrintMileage Agent" = ""C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe"" [null data]

"SunJavaUpdateSched" = "C:\Programas\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]

"!AVG Anti-Spyware" = ""C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Programas\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Apresentar extensão de panorâmica CPL"

-> {HKLM...CLSID} = "Apresentar extensão de panorâmica CPL"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Extensão de ícones de ficheiros do Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

-> {HKLM...CLSID} = "AlcoholShellEx"

\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]

"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"

-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]

"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Programas\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Programas\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Programas\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Programas\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = ""C:\Programas\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Alentejo.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Alentejo.bmp"

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

"FriendlyName" = ""

"Source" = "C:\Programas\Outlook Express\kyze.html"

"SubscribedURL" = ""

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\

"FriendlyName" = ""

"Source" = "C:\Programas\ComPlus Applications\howymy.html"

"SubscribedURL" = ""

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

Startup items in "Administrator" & "All Users" startup folders:

---------------------------------------------------------------

C:\Documents and Settings\Administrator\Menu Iniciar\Programas\Arranque

"Adobe Gamma" -> shortcut to: "C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"OpenOffice.org 2.0" -> shortcut to: "C:\Programas\OpenOffice.org 2.0\program\quickstart.exe" [null data]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque

"Adobe Acrobat Speed Launcher" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe" [null data]

"Inicialização rápida do HP Image Zone" -> shortcut to: "C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]

Enabled Scheduled Tasks:

------------------------

"At1" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found]

"At2" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found]

"At3" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Pesquisar"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32\(Default) = "C:\Programas\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32\(Default) = "C:\Programas\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Pesquisar"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Programas\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

Machine Debug Manager, MDM, ""C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

SSL de HTTP, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}

StarWind iSCSI Service, StarWindService, "C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

Print Monitors:

---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]

HP LaserJet 5 Language Monitor\Driver = "hpdcmon.dll" ["Hewlett-Packard"]

HPWSLMN\Driver = "hpwslmn.dll" ["HP"]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

----------

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 118 seconds, including 4 seconds for message boxes)

jgarcia · Novembro 2, 2006

Opa pteixeira,

Vamos lá.

1ª Etapa

Baixe o Ewido em:

Ewido

* Selecione "English" como idioma para a instalação;

* Clique em Next --> I Agree --> Next --> Next. Desmarque a caixa Install background guard e clique em Install e depois Finish;

* Na janela principal do Ewido clique em Actualizar no menu esquerdo e então clique em Iniciar actualização;

* Quando a atualização terminar, você verá a mensagem Actualizado com sucesso no canto inferior esquerdo;

* Pronto, mas não o execute ainda.

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo Seguro e a conexão à internet não será possível.

2ª Etapa

Reinicie o computador em Modo Seguro.

Execute uma verificação completa com o Ewido.

* Abra o Ewido e clique em Verificar --> Verificação Completa do Sistema;

* O Ewido detecta alguns programas legítimos, portanto não marque a caixa que diz Executar a ação em todas as infecções. Se o Ewido encontrar um arquivo que você acredita ser legítimo, escolha a opção "Nenhuma" e clique em OK. Caso contrário, deixe em Remover e clique em OK.

* Quando o Ewido terminar, feche-o.

3ª Etapa

Reinicie o computador em Modo Normal.

Retorne com o resultado.

Abraços.

pteixeira · Novembro 7, 2006

Oi JGarcia, estive fora uns dias e não tive oportunidade de continuar o tópico, cá vamos.

Corri Ewido como disses-te em modo de segurança.

Cá está o Log

---------------------------------------------------------
AVG Anti-Spyware - Relatório de verificação

---------------------------------------------------------

+ Criação: 13:59:10 07-11-2006

+ Resultado da verificação:

C:\Documents and Settings\Administrator\Ambiente de trabalho\FLASH AIMMP\wer\changespeed.rar/ChangeSpeed/Change Speed/Change Speed win200 NT XP/Hook.dll -> Backdoor.AXW : Nenhuma ação executada.

C:\System Volume Information\_restore{AEB1A6E6-E6A8-47AB-8BDC-D00D1D820959}\RP9\A0001909.exe -> Downloader.Small.cib : Nenhuma ação executada.

:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6ccoz8eb.default\cookies.txt -> TrackingCookie.2o7 : Nenhuma ação executada.

C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> TrackingCookie.Atdmt : Nenhuma ação executada.

C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[2].txt -> TrackingCookie.Burstnet : Nenhuma ação executada.

C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nenhuma ação executada.

:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6ccoz8eb.default\cookies.txt -> TrackingCookie.Cqcounter : Nenhuma ação executada.

:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6ccoz8eb.default\cookies.txt -> TrackingCookie.Doubleclick : Nenhuma ação executada.

C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt -> TrackingCookie.Fastclick : Nenhuma ação executada.

:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6ccoz8eb.default\cookies.txt -> TrackingCookie.Tribalfusion : Nenhuma ação executada.

C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nenhuma ação executada.

:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6ccoz8eb.default\cookies.txt -> TrackingCookie.Yieldmanager : Nenhuma ação executada.

:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6ccoz8eb.default\cookies.txt -> TrackingCookie.Yieldmanager : Nenhuma ação executada.

C:\Documents and Settings\Administrator\Definições locais\Temporary Internet Files\Content.IE5\4DUBSL6Z\Microsoft_Windows_XP_SP2_Quick_Cleaner_v3[1].zip/fff-sp23.exe -> Trojan.Deprep.A : Nenhuma ação executada.

::Fim do relatório

Além duns Cookies encontrou ainda um Trojan e um Backdoor

jgarcia · Novembro 8, 2006

Opa pteixeira,

Execute o Ewido novamente, mas desta vez escolha Remover.

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

Salve-o em sua área de trabalho e o execute. Aceite o acordo.

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

Ao final do scan será gerado o arquivo fsb-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

Abraços.

pteixeira · Novembro 9, 2006

Oi Garcia

Isto está preto, vê a mensagem de erro q da quando tento correr F-Secure Blacklight

Aproveito e junto novo log do Hijack

Logfile of HijackThis v1.99.1
Scan saved at 16:34:57, on 09-11-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\HP\Digital Imaging\bin\hpqimzone.exe

C:\Programas\Webroot\Spy Sweeper\SSU.EXE

C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\HPWSTBX.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {84CD283D-87BC-4CC2-8F32-57382200672D} - C:\WINDOWS\system32\ljhfg.dll (file missing)

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\encaelgx.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] "C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [Free Download Manager] C:\Programas\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [eMuleAutoStart] "C:\Programas\eMule\emule.exe" -AutoStart

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programas\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158249557574

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: ljhfg - C:\WINDOWS\system32\ljhfg.dll (file missing)

O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

Abraço

jgarcia · Novembro 9, 2006

Opa pteixeira,

1. Baixe o SmitfraudFix;

2. Desabilite a proteção do seu anti-vírus (temporariamente);

3. Extraia o arquivo SmitFraudFix para o seu desktop;

4. Reinicie em Modo Seguro;

5. Execute o SmitfraudFix dando um duplo clique sobre smitfraudfix.cmd --> escolha a Opção 2;

6. Responda sim (y) à pergunta sobre a limpeza no registro (Do you want to clean the registry?);

7. Aguarde o término do scan e a geração do log;

8. Reinicie em Modo Normal;

9. Poste o log do SmitfraudFix (opção 2) + log HijackThis (gerado em Modo Normal).

Aguardo breve retorno.

Abraços.

pteixeira · Novembro 10, 2006

Cá vai

SmitFraudFix v2.120

Scan done at 15:25:21,00, 10-11-2006

Run from C:\Documents and Settings\Administrador\Ambiente de trabalho\SmitfraudFix

OS: Microsoft Windows XP [VersÆo 5.1.2600] - Windows_NT

Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\impgsje.dll Deleted

C:\WINDOWS\system32\ismini.exe Deleted

C:\WINDOWS\system32\isnotify.exe Deleted

C:\WINDOWS\system32\ixt?.dll Deleted

C:\WINDOWS\system32\ot.ico Deleted

C:\WINDOWS\system32\components\flx?.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Hijack

Logfile of HijackThis v1.99.1
Scan saved at 15:33:41, on 10-11-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Programas\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {84CD283D-87BC-4CC2-8F32-57382200672D} - C:\WINDOWS\system32\ljhfg.dll (file missing)

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\encaelgx.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] "C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programas\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158249557574

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: ljhfg - C:\WINDOWS\system32\ljhfg.dll (file missing)

O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

E também já desabilitei e reactivei o Restauro de Sistema do Windows

Cumptos

jgarcia · Novembro 10, 2006

Opa pteixeira,

Vamos lá.

1ª Etapa

1. Execute o Killbox, clique em Delete on Reboot.

2. Copie a lista abaixo em negrito para a área de transferência. Selecione --> Editar --> Copiar.

C:\WINDOWS\system32\ljhfg.dll
C:\WINDOWS\system32\encaelgx.dll

C:\WINDOWS\system32\winwim32.dll

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

4. Aperte em "X". Responda "não" à pergunta.

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

2ª Etapa

Reinicie o computador em Modo Seguro.

Execute o HijackThis, clique em Do a system scan only e marque:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {84CD283D-87BC-4CC2-8F32-57382200672D} - C:\WINDOWS\system32\ljhfg.dll (file missing)

O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\encaelgx.dll

O20 - Winlogon Notify: ljhfg - C:\WINDOWS\system32\ljhfg.dll (file missing)

O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)

Clique em Fix Checked.

3ª Etapa

Reinicie em Modo Normal.

Execute o CCleaner em clique em Executar Cleaner.

Poste o novo log do HijackThis.

Aguardo retorno.

Um abraço.

pteixeira · Novembro 13, 2006

Logfile of HijackThis v1.99.1
Scan saved at 9:34:17, on 13-11-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe

C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Programas\OpenOffice.org 2.0\program\soffice.exe

C:\Programas\OpenOffice.org 2.0\program\soffice.BIN

C:\Programas\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] "C:\Programas\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - Startup: Adobe Gamma.lnk = C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programas\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158249557574

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe

jgarcia · Novembro 13, 2006

Opa pteixeira,

Tente executar o F-Secure Blacklight.

Abraços.

Arquivado

[Arquivado]Estarei infectado? É o mais provável.

Recommended Posts

pteixeira 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

pteixeira 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

pteixeira 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

pteixeira 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

pteixeira 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

pteixeira 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

pteixeira 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

pteixeira 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

pteixeira 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

pteixeira 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1