[Arquivado]COMO REMOVER O WIN32:wuke B

[V8TUNINGCARS 0]

Ola pessoalNão consigo achar nenhum tipo de ferramenta para remover o :devil: WIN32:wuke B e o meu AVAST não para de dar alertas, ele aponta um arquivo chamado GameSetup.exe mas o qual não encontro.Alguem poderia me ajudar do (zero) para eu pdoer remover este arquivo o qual me atrapalha sempre qdo executo um prgrama...Desde ja muito obrigado.Renato Duarte

[jgarcia 1]

Opa V8TUNINGCARS,

 

Faça o seguinte:

 

Baixe o HijackThis versão 1.99.1.

 

Depois > Iniciar > Meu Computador > 02 cliques no C > Coloca o HijackThis no C (extraindo do zip --> para uma pasta própria tipo c:/Hijack).

 

Execute o Hijack a partir do C, fechando os demais programas (deixando somente a área de trabalho).

 

Clique em Do a system scan and save a logfile, mas não marque nada, apenas poste o log gerado aqui neste mesmo tópico.

 

Abraços.

[V8TUNINGCARS 0]

Agradeço desde ja a ajuda...

Muito obrigado

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 8:03:57 PM, on 7/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\LG Multimedia\LTT-200\Scheduled.exe

C:\Arquivos de programas\Ad Muncher\AdMunch.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe

C:\WINDOWS\system32\crypserv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\ugnx5\lmgrd.exe

C:\ugnx5\lmgrd.exe

C:\ugnx4\UGNXFLEXlm\lmgrd.exe

C:\ugnx4\UGNXFLEXlm\lmgrd.exe

C:\ugnx4\UGNXFLEXlm\uglmd.exe

C:\ugnx5\ugslmd.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\hi\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Quick TV Agent] C:\Arquivos de programas\LG Multimedia\LTT-200\Scheduled.exe

O4 - HKLM\..\Run: [Ad Muncher] C:\Arquivos de programas\Ad Muncher\AdMunch.exe /bt

O4 - HKLM\..\Run: [\\HME-DJESSE82A1\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P43 "\\HME-DJESSE82A1\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [\\ENGENHARIA2\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P40 "\\ENGENHARIA2\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em PARTICUL-4F0B47] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P50 "Auto EPSON Stylus CX4100 Series em PARTICUL-4F0B47" /O29 "\\PARTICUL-4F0B47\Impressora2" /M "Stylus CX4100"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_32.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://200.212.184.212/g_bin/eng/navy_2_0_0_27.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_30.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://200.212.184.212/g_bin/eng/snooker_2_0_0_30.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\Arquivos de programas\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service (file missing)

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: UGS License Server (ugslmd) - Macrovision Corporation - C:\ugnx5\lmgrd.exe

O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\ugnx4\UGNXFLEXlm\lmgrd.exe

[jgarcia 1]

Opa V8TUNINGCARS,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\SYSTEM32\antiwpa.dll

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll

Clique em Fix Checked.

 

3ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Retorne com um novo log do HijackThis.

 

Aguardo retorno.

 

Um abraço.

[V8TUNINGCARS 0]

Aqui esta o LOG

 

Me diz aie o que você acha nesse monte de coisa... hehehe eu só vejo endereços... coisa de loko...

 

 

Logfile of HijackThis v1.99.1

Scan saved at 9:51:48 PM, on 7/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\LG Multimedia\LTT-200\Scheduled.exe

C:\Arquivos de programas\Ad Muncher\AdMunch.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe

C:\WINDOWS\system32\crypserv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\ugnx5\lmgrd.exe

C:\ugnx4\UGNXFLEXlm\lmgrd.exe

C:\ugnx5\lmgrd.exe

C:\ugnx4\UGNXFLEXlm\lmgrd.exe

C:\ugnx4\UGNXFLEXlm\uglmd.exe

C:\ugnx5\ugslmd.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\hi\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Quick TV Agent] C:\Arquivos de programas\LG Multimedia\LTT-200\Scheduled.exe

O4 - HKLM\..\Run: [Ad Muncher] C:\Arquivos de programas\Ad Muncher\AdMunch.exe /bt

O4 - HKLM\..\Run: [\\HME-DJESSE82A1\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P43 "\\HME-DJESSE82A1\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [\\ENGENHARIA2\EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P40 "\\ENGENHARIA2\EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"

O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em PARTICUL-4F0B47] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P50 "Auto EPSON Stylus CX4100 Series em PARTICUL-4F0B47" /O29 "\\PARTICUL-4F0B47\Impressora2" /M "Stylus CX4100"

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link

O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://200.212.184.212/g_bin/eng/boards_2_0_0_32.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://200.212.184.212/g_bin/eng/navy_2_0_0_27.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://200.212.184.212/g_bin/eng/billard8_2_0_0_30.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://200.212.184.212/g_bin/eng/snooker_2_0_0_30.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\Arquivos de programas\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service (file missing)

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: UGS License Server (ugslmd) - Macrovision Corporation - C:\ugnx5\lmgrd.exe

O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\ugnx4\UGNXFLEXlm\lmgrd.exe

[V8TUNINGCARS 0]

Fiz uma varredura com o AVAST e ele me apontou novamente o malware (Win32:Wuke-B), o arquivo ele apontou este : C:\Arquivos de programas\Alwil Software\Avast4\DATA\moved\GameSetup.exe.2.vir .... tipo de malware: Vírus/Verme.. versão: 000756-0, 07/12/2007Obrigado

[jgarcia 1]

Opa V8TUNINGCARS,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[V8TUNINGCARS 0]

Ola

 

Não consigo executar o COMBOFIX atraves daquele link, o arquivo estava co marquivos corrompidos... ele nao finalizava a instalação, então procurei outro combofix e achei este que funcionou (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

 

 

Meu computador nao reiniciou, apenas gerol o LOG abaixo:

 

 

 

 

 

"Administrador" - 2007-07-12 18:19:54 - ComboFix 07-07-12.3 - Service Pack 2

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Documents and Settings\All Users\Documentos\Meus v¡deos\Desktop_.ini

C:\Documents and Settings\All Users\Documentos\Minhas imagens\Amostras de imagens\Desktop_.ini

C:\Documents and Settings\All Users\Documentos\Minhas imagens\Desktop_.ini

C:\Documents and Settings\All Users\Documentos\Minhas m£sicas\Amostra de m£sica\Desktop_.ini

C:\Documents and Settings\All Users\Documentos\Minhas m£sicas\Desktop_.ini

C:\Documents and Settings\All Users\Documentos\Minhas m£sicas\My Playlists\Desktop_.ini

C:\Documents and Settings\All Users\Documentos\Minhas m£sicas\Sample Playlists0849A4\Desktop_.ini

C:\Documents and Settings\All Users\Documentos\Minhas m£sicas\Sample Playlists\Desktop_.ini

C:\Documents and Settings\All Users\Documentos\Minhas m£sicas\Sync Playlists00D64B\Desktop_.ini

C:\Documents and Settings\All Users\Documentos\Minhas m£sicas\Sync Playlists\Desktop_.ini

 

 

((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))

 

 

2007-07-12 18:19 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-12 18:17 1,168,468 --a------ C:\ComboFix.exe

2007-07-11 21:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Yahoo! Companion

2007-07-11 21:49 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-07-11 21:49 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-07-09 20:00 <DIR> d-------- C:\hi

2007-07-06 11:00 <DIR> d-------- C:\!KillBox

2007-07-06 02:17 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll

2007-07-05 14:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\SUPERAntiSpyware.com

2007-07-05 14:57 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\SUPERAntiSpyware.com

2007-07-05 14:57 <DIR> d-------- C:\Arquivos de programas\SUPERAntiSpyware

2007-07-05 14:57 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-07-02 16:11 <DIR> d-------- C:\Shelly Hisley

2007-06-21 00:43 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

2007-06-21 00:35 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-06-21 00:35 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-06-21 00:35 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-06-21 00:35 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-06-21 00:35 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-06-21 00:35 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-06-21 00:35 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-21 00:35 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-06-21 00:35 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-06-20 00:04 <DIR> d--h----- C:\WINDOWS\PIF

2007-06-12 02:40 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-06-12 02:40 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-06-12 01:51 <DIR> d-------- C:\Arquivos de programas\Picasa2

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-12 20:50:16 -------- d-----w C:\DOCUME~1\ADMINI~1\DADOSD~1\Skype

2007-06-14 00:21:12 -------- d-----w C:\DOCUME~1\ADMINI~1\DADOSD~1\Google

2007-06-14 00:21:01 -------- d-----w C:\Arquivos de programas\Google

2007-06-01 19:17:54 -------- d-----w C:\Arquivos de programas\SWiSH v2.0

2007-06-01 19:05:52 -------- d-----w C:\DOCUME~1\ADMINI~1\DADOSD~1\Corel

2007-05-29 12:57:39 -------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-05-29 12:49:11 -------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2007-05-29 12:46:59 -------- d-----w C:\Arquivos de programas\Corel

2007-05-28 16:10:37 -------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-05-28 16:10:36 -------- d-----w C:\Arquivos de programas\MSN Messenger

2007-05-16 20:01:13 -------- d-----w C:\Arquivos de programas\EPSON

2007-05-16 18:42:45 -------- d-----w C:\Arquivos de programas\Dassault Systemes

2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-24 15:29:18 4 ----a-w C:\WINDOWS\system32\proc20744962.bin

2007-04-18 16:13:00 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 01:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 01:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 01:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 01:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 01:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 01:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 01:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 01:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

2006-10-26 10:28 440384 --a------ C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-10-22 23:08 62080 --a------ C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

2006-08-31 20:33 322368 --a------ C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-06-13 21:21 2403392 -ra------ c:\arquivos de programas\google\googletoolbar1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 20:42 C:\WINDOWS\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2006-08-11 10:43 C:\WINDOWS\system32\nwiz.exe]

"Quick TV Agent"="C:\Arquivos de programas\LG Multimedia\LTT-200\Scheduled.exe" [2004-10-11 10:46]

"Ad Muncher"="C:\Arquivos de programas\Ad Muncher\AdMunch.exe" [2007-04-07 16:51]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-05-02 03:08]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2007-03-30 13:34]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-13 21:21]

"SUPERAntiSpyware"="C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ClearRecentDocsOnExit"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Remote Control.lnk]

backup=C:\WINDOWS\pss\Remote Control.lnkCommon Startup

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05230776-e2a9-11db-af6c-806d6172696f}]

AutoRun\command- E:\Setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{997f2974-18fd-11dc-a0d1-000461d5d8c1}]

AutoRun\command- E:\RavMon.exe

explore\Command- E:\RavMon.exe -e

open\Command- E:\RavMon.exe

 

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-12 18:26:14

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-12 18:26:40

C:\ComboFix-quarantined-files.txt ... 2007-07-12 18:26

 

--- E O F ---

[jgarcia 1]

Opa V8TUNINGCARS,

 

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

 

Salve-o em sua área de trabalho (desktop) e o execute. Aceite o acordo. Clique em Scan e aguarde.

 

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

 

Ao final do scan será gerado o arquivo fsbl-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

 

Abraços.

[V8TUNINGCARS 0]

Olá.. ai está07/12/07 21:20:23 [info]: BlackLight Engine 1.0.64 initialized07/12/07 21:20:23 [info]: OS: 5.1 build 2600 (Service Pack 2)07/12/07 21:20:23 [Note]: 7019 407/12/07 21:20:23 [Note]: 7005 007/12/07 21:20:25 [Note]: 7006 007/12/07 21:20:25 [Note]: 7011 339207/12/07 21:20:25 [Note]: 7026 007/12/07 21:20:25 [Note]: 7026 007/12/07 21:20:27 [Note]: FSRAW library version 1.7.102207/12/07 21:20:28 [Note]: 4025 12496507/12/07 21:20:28 [Note]: 4027 124965 13107207/12/07 21:20:28 [Note]: 4020 124963 13107207/12/07 21:20:28 [Note]: 4018 124963 13107207/12/07 21:23:33 [Note]: 2000 101207/12/07 23:19:16 [Note]: 7007 0

[jgarcia 1]

Opa V8TUNINGCARS,

 

Baixe o SilentRunners.

 

Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

 

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta.

 

Abraços.

 

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

[V8TUNINGCARS 0]

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"MsnMsgr" = ""C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background" [MS]

"Skype" = ""C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"swg" = "C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]

"SUPERAntiSpyware" = "C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"Quick TV Agent" = "C:\Arquivos de programas\LG Multimedia\LTT-200\Scheduled.exe" [empty string]

"Ad Muncher" = "C:\Arquivos de programas\Ad Muncher\AdMunch.exe /bt" [null data]

"Picasa Media Detector" = "C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]

"avast!" = "C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

 

HKLM\Software\Microsoft\Active Setup\Installed Components\

<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub"

\StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Facilitador de Leitor de Link Adobe PDF"

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Sign-in Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "c:\arquivos de programas\google\googletoolbar1.dll" ["Google Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

-> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Dispositivos Plug and Play universais"

-> {HKLM...CLSID} = "Dispositivos Plug and Play universais"

\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"

\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

-> {HKLM...CLSID} = "History Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "Componente da extensão do shell do CorelDRAW"

-> {HKLM...CLSID} = "CorelDRAW Shell Extension Component"

\InProcServer32\(Default) = "C:\Arquivos de programas\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll" [null data]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)

-> {HKLM...CLSID} = "SABShellExecuteHook Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> !SASWinLogon\DLLName = "C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

FileEncrypt\(Default) = "{90A07ACC-0331-4aee-9AAD-A854A9C37667}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Advanced System Optimizer\ShellExt.dll" ["Systweak Inc"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

 

 

Startup items in "Administrador" & "All Users" startup folders:

---------------------------------------------------------------

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

"Adobe Gamma Loader.exe" -> shortcut to: "C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Adobe Reader Speed Launch" -> shortcut to: "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

"Adobe Reader Synchronizer" -> shortcut to: "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" [null data]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 16 - 17

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\arquivos de programas\google\googletoolbar1.dll" ["Google Inc."]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32\(Default) = "c:\arquivos de programas\google\googletoolbar1.dll" ["Google Inc."]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Arquivos de programas\Messenger\msmsgs.exe" [MS]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"

[strings]: SAFESITE_VALUE="search.msn.com.br"

 

Missing lines (compared with English-language version):

[strings]: 2 lines

 

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*Z" (unwritable string)

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

avast! Antivirus, avast! Antivirus, ""C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

Backbone Service, BBDemon, ""C:\Arquivos de programas\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service" ["Dassault Systemes"]

Crypkey License, Crypkey License, "crypserv.exe" ["Kenonic Controls Ltd."]

Machine Debug Manager, MDM, ""C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader, usnjsvc, ""C:\Arquivos de programas\MSN Messenger\usnsvc.exe"" [MS]

UGS License Server (ugslmd), UGS License Server (ugslmd), "C:\ugnx5\lmgrd.exe" ["Macrovision Corporation"]

Unigraphics License Server (uglmd), Unigraphics License Server (uglmd), "C:\ugnx4\UGNXFLEXlm\lmgrd.exe" ["Macrovision Corporation"]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

 

 

----------

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 36 seconds, including 18 seconds for message boxes)

[jgarcia 1]

Opa V8TUNINGCARS,

 

Execute o Active Scan da Panda e retorne com o resultado.

 

Abraços.

[V8TUNINGCARS 0]

Boa tarde , aqui esta o log:Incident Status Location Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@888[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@acesso.uol.com[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@ad.yieldmanager[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@atdmt[2].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@azjmp[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@de.uol.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@ig.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@terra.com[1].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@tradedoubler[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@uol.com[2].txt Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Administrador\Cookies\administrador@www.lop[2].txt

[jgarcia 1]

Opa V8TUNINGCARS,

 

Execute o CCleaner e clique em Executar Cleaner.

 

Execute o Active Scan novamente e veja se ainda detecta algo.

 

Aguardo retorno.

 

Um abraço.

[V8TUNINGCARS 0]

Ola amigo,Infelizmente ate agora o virus nao saiu do meu micro, o avast ainda acha ele e não o remove.Tem como continuar a me ajudando ai... Para ter ideia eu nunca tinha pego 1 virus ate o dia que levei meu micro para usar na empresa onde trabalho e plugado na rede... Muito obrigadoRenato

[jgarcia 1]

Opa V8TUNINGCARS,

 

Quais são os arquivos que o Avast está detectando como sendo o W32 Wuke?

[V8TUNINGCARS 0]

O Arquivo GAMESETUP.EXE

[jgarcia 1]

Opa V8TUNINGCARS,

 

Execute o ComboFix mais uma vez e poste o log em sua próxima resposta.

 

Abraços.

[V8TUNINGCARS 0]

ComboFix 07-08-09.3 - "Administrador" 2007-08-15 12:57:53.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.635 [GMT -3:00]

 

 

((((((((((((((((((((((((( Files Created from 2007-07-15 to 2007-08-15 )))))))))))))))))))))))))))))))

 

 

2007-08-05 17:49 <DIR> d-------- C:\USINAGENS

2007-07-26 00:07 <DIR> d-------- C:\Arquivos de programas\WL Sistemas

2007-07-24 22:56 <DIR> d-------- C:\Arquivos de programas\Borland

2007-07-21 21:57 6,656 --a------ C:\WINDOWS\system32\foxhhelpps8.dll

2007-07-21 21:57 57,344 --a------ C:\WINDOWS\system32\foxhhelp8.exe

2007-07-21 21:57 <DIR> d-------- C:\Ciaf-312

2007-07-19 12:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Yahoo! Companion

2007-07-19 11:59 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-07-16 12:59 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-07-15 02:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\ref knob phone bike

2007-07-15 02:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\SlowForkHold

2007-07-15 02:17 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-07-15 02:17 <DIR> d-------- C:\Arquivos de programas\SlowForkHold

2007-07-15 02:17 <DIR> d-------- C:\Arquivos de programas\Adverts

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-27 19:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-27 19:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-27 19:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-27 19:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 18:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 18:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 18:57 95608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-07-21 00:51 --------- d-------- C:\Arquivos de programas\SUPERAntiSpyware

2007-07-21 00:51 --------- d-------- C:\Arquivos de programas\Picasa2

2007-07-21 00:51 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-07-21 00:42 --------- d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-07-20 23:49 --------- d-------- C:\Arquivos de programas\Ad Muncher

2007-07-19 12:37 --------- d-------- C:\Arquivos de programas\Advanced System Optimizer

2007-07-19 11:59 --------- d-------- C:\Arquivos de programas\Yahoo!

2007-07-16 19:38 --------- d-------- C:\Arquivos de programas\Google

2007-07-15 12:39 --------- d-------- C:\Arquivos de programas\SWiSH v2.0

2007-07-12 18:19 1168468 --a------ C:\ComboFix.exe

2007-07-05 14:57 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\SUPERAntiSpyware.com

2007-07-05 14:57 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-06-26 11:37 667648 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-26 10:57 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 03:10 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll

2007-06-21 00:43 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

2007-06-21 00:35 --------- d-------- C:\Arquivos de programas\Alwil Software

2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-19 10:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll

2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe

2007-06-15 05:12 96768 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll

2007-06-15 05:12 617984 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-15 05:12 55808 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-15 05:12 532480 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll

2007-06-15 05:12 474112 -----c--- C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-06-15 05:12 449024 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-15 05:12 39424 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-06-15 05:12 357888 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-06-15 05:12 3085312 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll

2007-06-15 05:12 251904 --a--c--- C:\WINDOWS\system32\dllcache\iepeers.dll

2007-06-15 05:12 205824 --a--c--- C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-06-15 05:12 16384 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-15 05:12 151552 -----c--- C:\WINDOWS\system32\dllcache\cdfview.dll

2007-06-15 05:12 1498112 -----c--- C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-06-15 05:12 146432 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll

2007-06-15 05:12 1055744 -----c--- C:\WINDOWS\system32\dllcache\danim.dll

2007-06-15 05:12 1023488 -----c--- C:\WINDOWS\system32\dllcache\browseui.dll

2007-06-14 07:32 18432 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe

2007-06-13 10:10 1035264 --a------ C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe

2007-05-17 08:30 549376 --a------ C:\WINDOWS\system32\oleaut32.dll

2007-05-17 08:30 549376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll

2007-05-16 12:13 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll

2007-05-16 12:13 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll

2007-05-16 12:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll

2007-05-16 12:13 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2007-05-16 12:13 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll

2007-05-16 12:13 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 20:42 C:\WINDOWS\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2006-08-11 10:43 C:\WINDOWS\system32\nwiz.exe]

"Quick TV Agent"="C:\Arquivos de programas\LG Multimedia\LTT-200\Scheduled.exe" [2004-10-11 10:46]

"Ad Muncher"="C:\Arquivos de programas\Ad Muncher\AdMunch.exe" [2007-04-07 16:51]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-06-15 20:15]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 10:43]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"SUPERAntiSpyware"="C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

"Axis inside"="C:\DOCUME~1\ADMINI~1\DADOSD~1\SLOWFO~1\Bind less trust.exe" []

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.exe.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-29 09:52:36]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ClearRecentDocsOnExit"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Remote Control.lnk]

backup=C:\WINDOWS\pss\Remote Control.lnkCommon Startup

 

R1 LUMDriver;LUMDriver;\??\C:\WINDOWS\system32\drivers\LUMDriver.sys

R1 NetworkX;NetworkX;C:\WINDOWS\system32\ckldrv.sys

R1 SASDIFSV;SASDIFSV;\??\C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS

R1 SASKUTIL;SASKUTIL;\??\C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys

R2 BBDemon;Backbone Service;"C:\Arquivos de programas\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" -service

R2 UGS License Server (ugslmd);UGS License Server (ugslmd);C:\ugnx5\lmgrd.exe

R2 Unigraphics License Server (uglmd);Unigraphics License Server (uglmd);C:\ugnx4\UGNXFLEXlm\lmgrd.exe

R3 SASENUM;SASENUM;\??\C:\Arquivos de programas\SUPERAntiSpyware\SASENUM.SYS

S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys

S3 FXDRV;FXDRV;\??\E:\Fxdrv.sys

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05230776-e2a9-11db-af6c-806d6172696f}]

AutoRun\command- E:\Setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{997f2974-18fd-11dc-a0d1-000461d5d8c1}]

AutoRun\command- E:\RavMon.exe

explore\Command- E:\RavMon.exe -e

open\Command- E:\RavMon.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-15 16:00:00 C:\WINDOWS\Tasks\AEC2605591861059.job - c:\docume~1\admini~1\dadosd~1\slowfo~1\that bleh deaf.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-15 13:04:24

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-15 13:05:24

C:\ComboFix-quarantined-files.txt ... 2007-08-15 13:04

C:\ComboFix2.txt ... 2007-08-09 22:52

C:\ComboFix3.txt ... 2007-07-12 18:26

 

--- E O F ---