[Resolvido!]Problemas com o teclado

[eassim 0]

Oi, meu teclado está estranho alguns acentos estão doidos o mais estranho é quando aperto a tecla colchete abre uma pequena janeja com a mensagem "enter the password" e abaixo o campo para digitar o codigo e meu pc anda um pouco lento não sei se isto também tem haver com o mesmo problema. Já passei vários antispywares até no modo de segurança mas nada resolve bem não sei se o procedimento é esse mas estou postando o log do hijackthis abaixo para analise. Desde já agradeço!

 

Logfile of HijackThis v1.99.1

Scan saved at 21:21:40, on 15/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\arquivos comuns\installshield\updateservice\isuspm.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\agent.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.compartilhando.org/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de

programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe"

-start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [bsored] c:\windows\system32\bsored.exe bsored

O4 - HKLM\..\Run: [gpl32junkdoes] C:\Documents and Settings\All Users\Dados de aplicativos\balm start gpl32\ClockStore.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe"-atboottime

O4 - HKLM\..\Run: [system32WRUJ Agent] C:\WINDOWS\system32WRUJ.exe

O4 - HKLM\..\Run: [spywareRemover] C:\Arquivos de programas\SpywareRemover\SpywareRemover.exe -boot

O4 - HKCU\..\Run: [googletalk] "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [PcSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de

programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asi nst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3523ADB-5318-4C46-B467-012BED495398}: NameServer = 200.165.132.155

200.149.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe

Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos

de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

[jgarcia 1]

Opa eassim,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[eassim 0]

Oi, quando dei dois clikes o combofix abriu e quando apertei y não deu em nada só quando eu teclei enter ele fez o processo todo depois gerou o log e se fechou sozinho, não sei se dessa forma também está correto mais ai esta o log. mais uma vez obrigado

 

 

"Administrador" - 2007-07-18 1:14:47 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\regedit.com

C:\WINDOWS\system32\taskmgr.com

 

 

((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))

 

 

2007-07-18 01:11 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-16 22:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Google

2007-07-15 16:48 16 --a------ C:\WINDOWS\popcinfo.dat

2007-07-15 16:33 <DIR> d-------- C:\Arquivos de programas\Atrativa Games

2007-07-14 21:30 <DIR> d-------- C:\LinhaDefensiva

2007-07-14 18:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-07-14 17:29 <DIR> d-a------ C:\WINDOWS\zts2.exe

2007-07-14 17:29 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll

2007-07-14 17:29 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll

2007-07-14 17:29 <DIR> d-a------ C:\WINDOWS\rundll16.exe

2007-07-14 17:29 <DIR> d-a------ C:\WINDOWS\rundl132.dll

2007-07-14 17:29 <DIR> d-a------ C:\WINDOWS\logo1_.exe

2007-07-14 17:27 150,528 --a------ C:\WINDOWS\R.COM

2007-07-14 17:27 141,312 --a------ C:\WINDOWS\system32\T.COM

2007-07-14 16:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\SpywareRemover

2007-07-14 16:27 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-07-14 15:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6

2007-07-13 17:05 402,944 --a------ C:\WINDOWS\system32AKV.exe

2007-07-12 12:26 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2007-07-09 02:10 <DIR> d-------- C:\Arquivos de programas\Axialis

2007-07-09 01:49 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2007-07-06 19:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Apple Computer

2007-07-06 19:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

2007-07-06 19:47 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2007-07-06 19:47 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2007-07-06 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Babylon

2007-07-06 19:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Babylon

2007-07-05 15:12 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-07-05 15:09 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-07-05 15:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-07-05 15:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-06-27 22:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Opera

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-18 01:12:51 -------- d-----w C:\Arquivos de programas\uTorrent

2007-07-17 22:10:31 -------- d-----w C:\Arquivos de programas\eMule

2007-07-17 01:26:00 -------- d-----w C:\Arquivos de programas\Google

2007-07-16 18:41:54 41 ----a-w C:\WINDOWS\system32\aafbaa9_s.dll

2007-07-16 18:41:37 -------- d-----w C:\DOCUME~1\ADMINI~1\DADOSD~1\uTorrent

2007-07-15 23:20:29 2,568 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-07-11 00:13:01 -------- d-----w C:\Arquivos de programas\Soulseek

2007-07-07 07:19:10 -------- d-----w C:\Arquivos de programas\FoxScript

2007-07-05 18:13:36 59,216 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-07-05 18:13:36 407,340 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-07-04 20:47:27 -------- d-----w C:\Arquivos de programas\Winamp

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

2005-12-07 14:06 399424 --a------ C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-01-12 20:38 63128 --a------ C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2006-12-15 03:23 440056 --a------ C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 18:22]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bsored]

c:\windows\system32\bsored.exe bsored

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gpl32junkdoes]

C:\Documents and Settings\All Users\Dados de aplicativos\balm start gpl 32\ClockStore.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareRemover]

C:\Arquivos de programas\SpywareRemover\SpywareRemover.exe -boot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a321063-3048-11dc-96c6-000ea6b76e5d}]

Auto\command- H:\fun.xls.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a42114b2-e6b9-11db-9699-000ea6b76e5d}]

Auto\command- fun.xls.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3a87153-055b-11dc-96a5-000ea6b76e5d}]

Auto\command- fun.xls.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-11 22:26:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-07-17 09:00:00 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-07-17 06:00:00 C:\WINDOWS\tasks\SpywareRemover Scheduled Scan.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-18 01:17:22

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-18 1:17:57

C:\ComboFix-quarantined-files.txt ... 2007-07-18 01:17

 

--- E O F ---

[jgarcia 1]

Opa eassim,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\Documents and Settings\All Users\Dados de aplicativos\balm start gpl32\ClockStore.exe

C:\WINDOWS\system32\vcmgcd32.dll

C:\WINDOWS\system32\iifgfgf.dll

C:\WINDOWS\system32\aafbaa9_s.dll

C:\WINDOWS\system32\T.COM

C:\WINDOWS\system32AKV.exe

C:\WINDOWS\system32WRUJ.exe

C:\WINDOWS\system32\bsored.exe

C:\WINDOWS\popcinfo.dat

C:\WINDOWS\zts2.exe

C:\WINDOWS\rundll16.exe

C:\WINDOWS\rundl132.dll

C:\WINDOWS\logo1_.exe

C:\WINDOWS\R.COM

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

 

2ª Etapa

 

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e marque:

O4 - HKLM\..\Run: [bsored] c:\windows\system32\bsored.exe bsored

O4 - HKLM\..\Run: [gpl32junkdoes] C:\Documents and Settings\All Users\Dados de aplicativos\balm start gpl32\ClockStore.exe

O4 - HKLM\..\Run: [system32WRUJ Agent] C:\WINDOWS\system32WRUJ.exe

Clique em Fix Checked.

 

Agora vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte sub-chave:

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

 

Localize e delete as seguintes pastas:

 

{5a321063-3048-11dc-96c6-000ea6b76e5d}

 

{a42114b2-e6b9-11db-9699-000ea6b76e5d}

 

{c3a87153-055b-11dc-96a5-000ea6b76e5d}

 

Saia do Editor do Registro.

 

3ª Etapa

 

Ainda em Modo Seguro localize e delete:

 

C:\Documents and Settings\All Users\Dados de aplicativos\balm start gpl32 <- a pasta

 

4ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da pasta C:\!Killbox.

 

Poste novos logs do HijackThis e ComboFix.

 

Aguardo retorno.

 

Um abraço.

[eassim 0]

Oi amigo ontem antes de ver a ultima etapa que você sugeriu eu passei o antivirus no modo seguro e ele encontrou um virus q não me lembro o nome, sei que era muito danoso e ele removeu. Após isso o problema com o teclado não apareceu mais, acho que por isso não encontrei nada seguindo as ultimas etapas que você sugeriu aqui no forum. De qualquer forma estou postanto os logs para analise. desde já agradeço obg!!!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:54:18, on 19/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [googletalk] "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

 

"Administrador" - 2007-07-19 14:55:31 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))

 

 

2007-07-18 01:11 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-16 22:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Google

2007-07-15 16:33 <DIR> d-------- C:\Arquivos de programas\Atrativa Games

2007-07-14 21:30 <DIR> d-------- C:\LinhaDefensiva

2007-07-14 18:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-07-14 16:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\SpywareRemover

2007-07-14 16:27 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-07-14 15:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6

2007-07-12 12:26 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2007-07-09 02:10 <DIR> d-------- C:\Arquivos de programas\Axialis

2007-07-09 01:49 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2007-07-06 19:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Apple Computer

2007-07-06 19:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

2007-07-06 19:47 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2007-07-06 19:47 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2007-07-06 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Babylon

2007-07-06 19:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Babylon

2007-07-05 15:12 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-07-05 15:09 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-07-05 15:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-07-05 15:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-06-27 22:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Opera

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-19 17:20:58 -------- d-----w C:\DOCUME~1\ADMINI~1\DADOSD~1\uTorrent

2007-07-19 15:25:37 -------- d-----w C:\Arquivos de programas\eMule

2007-07-18 18:27:32 2,568 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-07-18 01:12:51 -------- d-----w C:\Arquivos de programas\uTorrent

2007-07-17 01:26:00 -------- d-----w C:\Arquivos de programas\Google

2007-07-11 00:13:01 -------- d-----w C:\Arquivos de programas\Soulseek

2007-07-07 07:19:10 -------- d-----w C:\Arquivos de programas\FoxScript

2007-07-05 18:13:36 59,216 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-07-05 18:13:36 407,340 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-07-04 20:47:27 -------- d-----w C:\Arquivos de programas\Winamp

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

2005-12-07 14:06 399424 --a------ C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-01-12 20:38 63128 --a------ C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2006-12-15 03:23 440056 --a------ C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 18:22]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bsored]

c:\windows\system32\bsored.exe bsored

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gpl32junkdoes]

C:\Documents and Settings\All Users\Dados de aplicativos\balm start gpl 32\ClockStore.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareRemover]

C:\Arquivos de programas\SpywareRemover\SpywareRemover.exe -boot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a321063-3048-11dc-96c6-000ea6b76e5d}]

Auto\command- H:\fun.xls.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a42114b2-e6b9-11db-9699-000ea6b76e5d}]

Auto\command- fun.xls.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3a87153-055b-11dc-96a5-000ea6b76e5d}]

Auto\command- fun.xls.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-18 22:26:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-07-19 09:00:00 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-07-19 06:00:00 C:\WINDOWS\tasks\SpywareRemover Scheduled Scan.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-19 14:58:03

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-19 14:58:44

C:\ComboFix-quarantined-files.txt ... 2007-07-19 14:58

C:\ComboFix2.txt ... 2007-07-18 01:17

 

--- E O F ---

[jgarcia 1]

Opa eassim,

 

Você chegou a executar todos os passos do meu post anterior? Pergunto isto em função das seguintes entradas, que ainda aparecem no log do Combo:

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a321063-3048-11dc-96c6-000ea6b76e5d}]

Auto\command- H:\fun.xls.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a42114b2-e6b9-11db-9699-000ea6b76e5d}]

Auto\command- fun.xls.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3a87153-055b-11dc-96a5-000ea6b76e5d}]

Auto\command- fun.xls.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

Aguardo retorno.

 

Abraços.

[eassim 0]

oi, desculpa a demora pra responder eu analisei direto e encontrei estas entradas, no caso é só exclui-las no modo seguro e postar novamente o log do Hijackthis e combo fix? obrigado!!

[jgarcia 1]

oi, desculpa a demora pra responder eu analisei direto e encontrei estas entradas, no caso é só exclui-las no modo seguro e postar novamente o log do Hijackthis e combo fix? obrigado!!

Exatamente. :thumbsup:

[eassim 0]

Oi, localizei e deletei as entradas que você citou. Postarei novamente o log do combo fix e do hijackthis. Mais uma vez Obrigado!!!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:49:03, on 24/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\Services\SERVIC~1.EXE

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [googletalk] "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

 

"Administrador" - 2007-07-24 18:43:21 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))

 

 

2007-07-24 18:31 <DIR> d-------- C:\WINDOWS\CSC

2007-07-21 14:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\AdobeAUM

2007-07-21 14:22 <DIR> d-------- C:\Arquivos de programas\Disc2Phone

2007-07-21 14:16 87,824 -ra------ C:\WINDOWS\system32\drivers\Z550mgmt.sys

2007-07-21 14:16 85,696 -ra------ C:\WINDOWS\system32\drivers\Z550obex.sys

2007-07-21 14:15 96,352 -ra------ C:\WINDOWS\system32\drivers\Z550mdm.sys

2007-07-21 14:15 9,264 -ra------ C:\WINDOWS\system32\drivers\Z550mdfl.sys

2007-07-21 14:15 60,800 -ra------ C:\WINDOWS\system32\drivers\Z550bus.sys

2007-07-21 14:15 6,208 -ra------ C:\WINDOWS\system32\drivers\Z550cmnt.sys

2007-07-21 14:15 6,208 -ra------ C:\WINDOWS\system32\drivers\Z550cm.sys

2007-07-21 14:15 5,840 -ra------ C:\WINDOWS\system32\drivers\Z550whnt.sys

2007-07-21 14:15 5,840 -ra------ C:\WINDOWS\system32\drivers\Z550wh.sys

2007-07-21 14:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Teleca

2007-07-21 14:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Documents

2007-07-21 14:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Sony Ericsson

2007-07-21 14:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Teleca

2007-07-21 14:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2007-07-18 01:11 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-16 22:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Google

2007-07-15 16:33 <DIR> d-------- C:\Arquivos de programas\Atrativa Games

2007-07-14 21:30 <DIR> d-------- C:\LinhaDefensiva

2007-07-14 18:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-07-14 16:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\SpywareRemover

2007-07-14 16:27 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-07-14 15:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6

2007-07-12 12:26 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2007-07-09 02:10 <DIR> d-------- C:\Arquivos de programas\Axialis

2007-07-09 01:49 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2007-07-06 19:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Apple Computer

2007-07-06 19:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

2007-07-06 19:47 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2007-07-06 19:47 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2007-07-06 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Babylon

2007-07-06 19:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Babylon

2007-07-05 15:12 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-07-05 15:09 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-07-05 15:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-07-05 15:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-06-27 22:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Opera

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-24 19:34:57 -------- d-----w C:\Arquivos de programas\eMule

2007-07-23 20:03:44 2,568 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-07-23 06:06:37 -------- d-----w C:\Arquivos de programas\FoxScript

2007-07-21 17:06:56 -------- d-----w C:\Arquivos de programas\Sony Ericsson

2007-07-20 20:23:56 -------- d-----w C:\Arquivos de programas\uTorrent

2007-07-19 18:56:03 -------- d-----w C:\DOCUME~1\ADMINI~1\DADOSD~1\uTorrent

2007-07-17 01:26:00 -------- d-----w C:\Arquivos de programas\Google

2007-07-11 00:13:01 -------- d-----w C:\Arquivos de programas\Soulseek

2007-07-05 18:13:36 59,216 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-07-05 18:13:36 407,340 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-07-04 20:47:27 -------- d-----w C:\Arquivos de programas\Winamp

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

2005-12-07 14:06 399424 --a------ C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-01-12 20:38 63128 --a------ C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2006-12-15 03:23 440056 --a------ C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 18:22]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bsored]

c:\windows\system32\bsored.exe bsored

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gpl32junkdoes]

C:\Documents and Settings\All Users\Dados de aplicativos\balm start gpl 32\ClockStore.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareRemover]

C:\Arquivos de programas\SpywareRemover\SpywareRemover.exe -boot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-18 22:26:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-07-24 09:00:00 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-07-24 06:00:00 C:\WINDOWS\tasks\SpywareRemover Scheduled Scan.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-24 18:46:04

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-24 18:46:55

C:\ComboFix-quarantined-files.txt ... 2007-07-24 18:46

C:\ComboFix2.txt ... 2007-07-19 14:58

C:\ComboFix3.txt ... 2007-07-18 01:17

 

--- E O F ---

[jgarcia 1]

Opa eassim,

 

Reinicie em Modo Seguro.

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue até a seguinte sub-chave:

 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg

 

Localize e delete as seguintes pastas:

 

bsored

gpl32junkdoes

 

Saia do Editor do Registro.

 

Poste um novo log do ComboFix.

 

Abraços.

[eassim 0]

Oi amigo deletei as entradas que você indicou, mas apareceu novamente este fun.xls.exe acredito q esta vindo do pendrive q tenho. Isto é algum virus mesmo, faço o mesmo procedimento, como evitar esse tipo de coisa? desde já agradeço!!!

 

 

 

 

"Administrador" - 2007-07-26 12:51:57 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))

 

 

2007-07-24 18:59 <DIR> d-------- C:\!KillBox

2007-07-24 18:31 <DIR> d-------- C:\WINDOWS\CSC

2007-07-21 14:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\AdobeAUM

2007-07-21 14:22 <DIR> d-------- C:\Arquivos de programas\Disc2Phone

2007-07-21 14:16 87,824 -ra------ C:\WINDOWS\system32\drivers\Z550mgmt.sys

2007-07-21 14:16 85,696 -ra------ C:\WINDOWS\system32\drivers\Z550obex.sys

2007-07-21 14:15 96,352 -ra------ C:\WINDOWS\system32\drivers\Z550mdm.sys

2007-07-21 14:15 9,264 -ra------ C:\WINDOWS\system32\drivers\Z550mdfl.sys

2007-07-21 14:15 60,800 -ra------ C:\WINDOWS\system32\drivers\Z550bus.sys

2007-07-21 14:15 6,208 -ra------ C:\WINDOWS\system32\drivers\Z550cmnt.sys

2007-07-21 14:15 6,208 -ra------ C:\WINDOWS\system32\drivers\Z550cm.sys

2007-07-21 14:15 5,840 -ra------ C:\WINDOWS\system32\drivers\Z550whnt.sys

2007-07-21 14:15 5,840 -ra------ C:\WINDOWS\system32\drivers\Z550wh.sys

2007-07-21 14:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Teleca

2007-07-21 14:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Documents

2007-07-21 14:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Sony Ericsson

2007-07-21 14:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Teleca

2007-07-21 14:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2007-07-18 01:11 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-18 01:04 1,168,935 --a------ C:\ComboFix.exe

2007-07-16 22:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Google

2007-07-15 16:33 <DIR> d-------- C:\Arquivos de programas\Atrativa Games

2007-07-14 21:30 <DIR> d-------- C:\LinhaDefensiva

2007-07-14 18:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-07-14 16:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\SpywareRemover

2007-07-14 16:27 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-07-14 15:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6

2007-07-12 12:26 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2007-07-09 02:10 <DIR> d-------- C:\Arquivos de programas\Axialis

2007-07-09 01:49 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2007-07-06 19:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Apple Computer

2007-07-06 19:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

2007-07-06 19:47 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2007-07-06 19:47 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2007-07-06 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Babylon

2007-07-06 19:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Babylon

2007-07-05 15:12 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-07-05 15:09 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-07-05 15:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-07-05 15:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-06-27 22:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Opera

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-26 15:16:57 -------- d-----w C:\Arquivos de programas\eMule

2007-07-26 00:11:30 -------- d-----w C:\Arquivos de programas\FoxScript

2007-07-25 02:49:00 2,568 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-07-25 02:48:53 -------- d-----w C:\Arquivos de programas\Soulseek

2007-07-24 22:01:41 -------- d-----w C:\DOCUME~1\ADMINI~1\DADOSD~1\uTorrent

2007-07-21 17:06:56 -------- d-----w C:\Arquivos de programas\Sony Ericsson

2007-07-20 20:23:56 -------- d-----w C:\Arquivos de programas\uTorrent

2007-07-17 01:26:00 -------- d-----w C:\Arquivos de programas\Google

2007-07-05 18:13:36 59,216 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-07-05 18:13:36 407,340 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-07-04 20:47:27 -------- d-----w C:\Arquivos de programas\Winamp

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

2005-12-07 14:06 399424 --a------ C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-01-12 20:38 63128 --a------ C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2006-12-15 03:23 440056 --a------ C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 18:22]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareRemover]

C:\Arquivos de programas\SpywareRemover\SpywareRemover.exe -boot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a42114b2-e6b9-11db-9699-000ea6b76e5d}]

Auto\command- H:\fun.xls.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9a248c1-3a2f-11dc-96e8-000ea6b76e5d}]

Auto\command- fun.xls.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-25 22:26:08 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-07-26 09:00:00 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-07-26 06:00:00 C:\WINDOWS\tasks\SpywareRemover Scheduled Scan.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-26 12:54:18

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-26 12:54:54

C:\ComboFix-quarantined-files.txt ... 2007-07-26 12:54

 

--- E O F ---

[jgarcia 1]

Oi amigo deletei as entradas que você indicou, mas apareceu novamente este fun.xls.exe acredito q esta vindo do pendrive q tenho. Isto é algum virus mesmo, faço o mesmo procedimento, como evitar esse tipo de coisa?

As entradas são maliciosas, portanto as remova novamente. Sugiro ainda a execução de um scan, com o seu AV, no Pendrive.

 

Abraços.

[eassim 0]

Oi amigo já removi as entradas, sendo q surgiu um problema, ou pelo menos só agora eu percebi, a pasta windows não aparece, só quando digito c:\windows e quando vou em propriedades dentro da pasta a opção oculto esta marcada porem inativa (travada) mas mesmo quando eu coloco em opções de pasta mostrar arquivos ocultos a pasta não aparece só dessa forma q lhe falei, digitando. estou postando mais uma vez o log que você me pediu. Mais uma vez obrigado!!!

 

 

"Administrador" - 2007-07-27 21:01:04 - ComboFix 07-07-13.8 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))

 

 

2007-07-24 18:59 <DIR> d-------- C:\!KillBox

2007-07-24 18:31 <DIR> d-------- C:\WINDOWS\CSC

2007-07-21 14:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\AdobeAUM

2007-07-21 14:22 <DIR> d-------- C:\Arquivos de programas\Disc2Phone

2007-07-21 14:16 87,824 -ra------ C:\WINDOWS\system32\drivers\Z550mgmt.sys

2007-07-21 14:16 85,696 -ra------ C:\WINDOWS\system32\drivers\Z550obex.sys

2007-07-21 14:15 96,352 -ra------ C:\WINDOWS\system32\drivers\Z550mdm.sys

2007-07-21 14:15 9,264 -ra------ C:\WINDOWS\system32\drivers\Z550mdfl.sys

2007-07-21 14:15 60,800 -ra------ C:\WINDOWS\system32\drivers\Z550bus.sys

2007-07-21 14:15 6,208 -ra------ C:\WINDOWS\system32\drivers\Z550cmnt.sys

2007-07-21 14:15 6,208 -ra------ C:\WINDOWS\system32\drivers\Z550cm.sys

2007-07-21 14:15 5,840 -ra------ C:\WINDOWS\system32\drivers\Z550whnt.sys

2007-07-21 14:15 5,840 -ra------ C:\WINDOWS\system32\drivers\Z550wh.sys

2007-07-21 14:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Teleca

2007-07-21 14:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Documents

2007-07-21 14:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Sony Ericsson

2007-07-21 14:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Teleca

2007-07-21 14:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2007-07-18 01:11 51,200 -ra------ C:\WINDOWS\nircmd.exe

2007-07-18 01:04 1,168,935 --a------ C:\ComboFix.exe

2007-07-16 22:26 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Google

2007-07-15 16:33 <DIR> d-------- C:\Arquivos de programas\Atrativa Games

2007-07-14 21:30 <DIR> d-------- C:\LinhaDefensiva

2007-07-14 18:24 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-07-14 16:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\SpywareRemover

2007-07-14 16:27 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-07-14 15:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6

2007-07-12 12:26 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2007-07-09 02:10 <DIR> d-------- C:\Arquivos de programas\Axialis

2007-07-09 01:49 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2007-07-06 19:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Apple Computer

2007-07-06 19:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

2007-07-06 19:47 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2007-07-06 19:47 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2007-07-06 19:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Babylon

2007-07-06 19:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Babylon

2007-07-05 15:12 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-07-05 15:09 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-07-05 15:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-07-05 15:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-06-27 22:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Opera

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-28 00:02:21 -------- d-----w C:\Arquivos de programas\eMule

2007-07-27 23:37:19 2,568 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-07-26 00:11:30 -------- d-----w C:\Arquivos de programas\FoxScript

2007-07-25 02:48:53 -------- d-----w C:\Arquivos de programas\Soulseek

2007-07-24 22:01:41 -------- d-----w C:\DOCUME~1\ADMINI~1\DADOSD~1\uTorrent

2007-07-21 17:06:56 -------- d-----w C:\Arquivos de programas\Sony Ericsson

2007-07-20 20:23:56 -------- d-----w C:\Arquivos de programas\uTorrent

2007-07-17 01:26:00 -------- d-----w C:\Arquivos de programas\Google

2007-07-05 18:13:36 59,216 ----a-w C:\WINDOWS\system32\perfc016.dat

2007-07-05 18:13:36 407,340 ----a-w C:\WINDOWS\system32\perfh016.dat

2007-07-04 20:47:27 -------- d-----w C:\Arquivos de programas\Winamp

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

2005-12-07 14:06 399424 --a------ C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-01-12 20:38 63128 --a------ C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2006-12-15 03:23 440056 --a------ C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 12:42]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 18:22]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareRemover]

C:\Arquivos de programas\SpywareRemover\SpywareRemover.exe -boot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

 

 

Contents of the 'Scheduled Tasks' folder

2007-07-25 22:26:08 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-07-27 09:00:00 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-07-27 06:00:00 C:\WINDOWS\tasks\SpywareRemover Scheduled Scan.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-27 21:04:07

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-27 21:04:47

C:\ComboFix-quarantined-files.txt ... 2007-07-26 12:54

 

--- E O F ---

[jgarcia 1]

Opa eassim,

 

Vamos tentar resolver o problema remanescente por meio do CCleaner -> baixe aqui.

 

1. Para efetivar a limpeza basta marcar a opção Limpador – no alto e à esquerda – e clicar em Executar Cleaner – abaixo e à direita. Neste caso você poderá optar pela limpeza do Windows, de Programas ou de ambos;

 

2. Para a correção de erros basta escolher a opção Erros – no alto e à esquerda – clicar em Localizar erros – abaixo e à esquerda – e depois em Corrigir Erros Selecionados – abaixo e à direita (por padrão todos serão selecionados);

 

3. Em Ferramentas – no alto e à esquerda – você poderá efetivar a desinstalação de programas (os mesmos contidos em Adicionar / Remover programas) ou ainda remover processos de programas contidos na inicialização (somente para usuários experientes);

 

4. Em Opções encontram-se os dispositivos de configuração do CCleaner, os quais sugiro que permaneçam inalterados.

 

Execute as ações acima (apenas 1. e 2.) e retorne com o resultado.

 

Abraços.

[eassim 0]

Oi amigo fiz o processo q você sugeriu, inclusive eu já utilizo o Ccleaner, a pasta windows continua não aparecendo só daquela forma que lhe falei. obrigado!!!

[jgarcia 1]

Opa eassim,

 

Utilize o RegCleaner e verifique se o problema é resolvido.

 

Abraços.

[eassim 0]

Amigo sinto, mas ainda naum resolveu!!! obrigado!

[jgarcia 1]

Opa eassim,

 

Baixe o SilentRunners.

 

Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

 

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta.

 

Abraços.

 

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

[eassim 0]

"Silent Runners.vbs", revision R51, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"googletalk" = ""C:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart" ["Google"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"avast!" = "C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"

"QuickTime Task" = ""C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]

"iTunesHelper" = ""C:\Arquivos de programas\iTunes\iTunesHelper.exe"" ["Apple Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

-> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Minhas Pastas de Compartilhamento"

\InProcServer32\(Default) = "C:\Arquivos de programas\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"

-> {HKLM...CLSID} = "Nokia Phone Browser"

\InProcServer32\(Default) = "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"

-> {HKLM...CLSID} = "Message View"

\InProcServer32\(Default) = "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]

"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Gestor de Ficheiros Sony Ericsson"

-> {HKLM...CLSID} = "Gestor de Ficheiros Sony Ericsson"

\InProcServer32\(Default) = "C:\Arquivos de programas\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Arquivos de programas\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Arquivos de programas\WinRAR\rarext.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

"NoInternetOpenWith" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

 

 

Enabled Scheduled Tasks:

------------------------

 

"AppleSoftwareUpdate" -> launches: "C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

"MP Scheduled Scan" -> launches: "C:\Arquivos de programas\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [file not found]

"SpywareRemover Scheduled Scan" -> launches: "C:\Arquivos de programas\SpywareRemover\SpywareRemover.exe scheduled" [file not found]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

 

Explorer Bars

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Pesquisar"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"

\InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"

\InProcServer32\(Default) = "C:\Arquivos de programas\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Pesquisar"

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: START_PAGE_URL=http://www.compartilhando.org/

[strings]: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"

[strings]: SAFESITE_VALUE="search.msn.com.br"

 

Missing lines (compared with English-language version):

[strings]: 3 lines

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Apple Mobile Device, Apple Mobile Device, ""C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]

avast! Antivirus, avast! Antivirus, ""C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

iPod Service, iPod Service, ""C:\Arquivos de programas\iPod\bin\iPodService.exe"" ["Apple Inc."]

Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader, usnjsvc, ""C:\Arquivos de programas\MSN Messenger\usnsvc.exe"" [MS]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

 

 

---------- (launch time: 2007-08-03 17:13:47)

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 74 seconds, including 8 seconds for message boxes)

[jgarcia 1]

Opa eassim,

 

Não há entradas anormais no log do SilentRunners. O problema persiste?