[Resolvido!] Segue o logo do HijackThis v2.0.2

[Nigel 0]

Já tentei de tudo, norton, AVG, fixvundo! O que faço agora???Segue o logo do HijackThis v2.0.2Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:59:11, on 18/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exeC:\WINDOWS\vsnpstd.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exeC:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exeC:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exeC:\Arquivos de programas\Messenger\msmsgs.exeC:\WINDOWS\system32\LckFldService.exeC:\Arquivos de programas\Norton AntiVirus\navapsvc.exeC:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\RunDll32.exeC:\Arquivos de programas\MSN Messenger\usnsvc.exeC:\WINDOWS\explorer.exeC:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.aspR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dllR3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLLO2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLLO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {84778331-20b4-4e15-b574-ae30fdb93020} - C:\WINDOWS\system32\iastup.dllO2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll (file missing)O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp6.tmp.dll (file missing)O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLLO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLLO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgentO4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htmO8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htmO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO17 - HKLM\System\CCS\Services\Tcpip\..\{B67DFBE6-815A-412B-A0D9-076B68569D3B}: NameServer = 192.168.254.254O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: c:\windows\system32\vtutqom.dllO20 - Winlogon Notify: dxd8vb - dxd8vb.dll (file missing)O20 - Winlogon Notify: iastup - C:\WINDOWS\SYSTEM32\iastup.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exeO23 - Service: DomainService - Unknown owner - C:\Documents and Settings\uu\Dados de aplicativos\tmp3.tmp.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Serviço de proteção automática do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exeO23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe--End of file - 8721 bytesALGUÉM PODE ME AJUDAR??????????????????????????????????

[DigRam 144]

Bom Dia Nigel!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[Nigel 0]

Oi DigRam!

 

Obrigado pela atenção!!

 

Segue abaixo o log do combofix e o do HJT atualizado!!

 

 

ComboFix 07-08-14.4 - "uu" 2007-08-19 10:39:35.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.151 [GMT -3:00]

* Created a new restore point

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\uu\DADOSD~1.\macromedia\Flash Player\#SharedObjects\PT57NN39\www.broadcaster.com

C:\DOCUME~1\uu\DADOSD~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\DOCUME~1\uu\DADOSD~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\DOCUME~1\uu\DADOSD~1\tmp13.tmp.exe

C:\DOCUME~1\uu\DADOSD~1\tmp14.tmp.exe

C:\DOCUME~1\uu\DADOSD~1\tmp15.tmp.exe

C:\DOCUME~1\uu\DADOSD~1\tmp17.tmp.exe

C:\DOCUME~1\uu\DADOSD~1\tmp18.tmp.exe

C:\DOCUME~1\uu\DADOSD~1\tmp2.tmp.exe

C:\DOCUME~1\uu\DADOSD~1\tmp3A.tmp.exe

C:\DOCUME~1\uu\DADOSD~1\tmp3B.tmp.exe

C:\DOCUME~1\uu\DADOSD~1\tmp3E.tmp.exe

C:\DOCUME~1\uu\DADOSD~1\tmp6.tmp.exe

C:\DOCUME~1\uu\DADOSD~1\tmp8.tmp.exe

C:\DOCUME~1\uu\DADOSD~1\tmp8A.tmp.exe

C:\DOCUME~1\uu\DADOSD~1\tmp8B.tmp.exe

C:\WINDOWS\system32Gw8Gn8g.exe

C:\WINDOWS\system32\dn7cef0955.dat

C:\WINDOWS\system32\sstqr.exe

C:\WINDOWS\system32\tmp3.tmp.dll

C:\WINDOWS\system32\tmp3E.tmp.dll

C:\WINDOWS\system32\vtutqom.dll

C:\WINDOWS\Tasks.\At1.job

C:\WINDOWS\Tasks.\At10.job

C:\WINDOWS\Tasks.\At11.job

C:\WINDOWS\Tasks.\At12.job

C:\WINDOWS\Tasks.\At13.job

C:\WINDOWS\Tasks.\At14.job

C:\WINDOWS\Tasks.\At15.job

C:\WINDOWS\Tasks.\At16.job

C:\WINDOWS\Tasks.\At17.job

C:\WINDOWS\Tasks.\At18.job

C:\WINDOWS\Tasks.\At19.job

C:\WINDOWS\Tasks.\At2.job

C:\WINDOWS\Tasks.\At20.job

C:\WINDOWS\Tasks.\At21.job

C:\WINDOWS\Tasks.\At22.job

C:\WINDOWS\Tasks.\At23.job

C:\WINDOWS\Tasks.\At24.job

C:\WINDOWS\Tasks.\At3.job

C:\WINDOWS\Tasks.\At4.job

C:\WINDOWS\Tasks.\At5.job

C:\WINDOWS\Tasks.\At6.job

C:\WINDOWS\Tasks.\At7.job

C:\WINDOWS\Tasks.\At8.job

C:\WINDOWS\Tasks.\At9.job

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_DOMAINSERVICE

-------\DomainService

 

 

((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))

 

 

2007-08-19 10:45 18 --a------ C:\WINDOWS\system32\dn7cef0955.dat

2007-08-19 10:37 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-18 20:37 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2007-08-18 20:22 92,910 --a------ C:\WINDOWS\system32\iastup.dll

2007-08-18 01:24 <DIR> d-------- C:\Arquivos de programas\Total Video Converter

2007-08-13 18:34 58,798 --a------ C:\tmp3.tmp.exe

2007-07-27 15:51 <DIR> d-------- C:\Arquivos de Programa

2007-07-27 15:41 <DIR> d-------- C:\Arquivos de programas\Badongo

2007-07-24 20:43 <DIR> d-------- C:\Arquivos de programas\WinPcap

2007-07-24 20:37 <DIR> d-------- C:\Arquivos de programas\IMMonitor

2007-07-21 15:33 <DIR> d-------- C:\Temp

2007-07-20 13:36 <DIR> d-------- C:\Arquivos de programas\GustoSoft

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-19 10:36 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\Skype

2007-08-18 22:31 --------- d-------- C:\Arquivos de programas\eMule

2007-08-16 13:00 --------- d-------- C:\Arquivos de programas\Everest Poker

2007-08-15 07:39 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\MegauploadToolbar

2007-08-15 07:39 --------- d-------- C:\Arquivos de programas\MegauploadToolbar

2007-08-09 12:10 --------- d-------- C:\Arquivos de programas\Norton AntiVirus

2007-07-30 17:42 --------- d-------- C:\Arquivos de programas\Palm

2007-07-24 20:33 --------- d-------- C:\Arquivos de programas\SymNetDrv

2007-07-20 15:05 --------- d-------- C:\Arquivos de programas\Bejeweled 2

2007-07-13 17:18 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\Orbit

2007-07-11 01:12 --------- d-------- C:\Arquivos de programas\AskPBar

2007-07-10 14:40 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-07-09 21:56 4096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys

2007-07-09 21:32 --------- d-------- C:\Arquivos de programas\MessengerDiscovery

2007-07-06 12:04 --------- d-------- C:\Arquivos de programas\DIKO

2007-07-05 17:40 --------- d-------- C:\Arquivos de programas\Yahoo!

2007-07-05 14:44 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2007-07-05 14:42 --------- d-------- C:\Arquivos de programas\Symantec

2007-07-05 14:23 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\Symantec

2007-07-05 13:31 2426 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin

2007-07-05 13:29 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin

2007-07-05 12:52 --------- d-------- C:\Arquivos de programas\EPSON

2007-07-05 11:21 --------- d-------- C:\Arquivos de programas\microsoft frontpage

2007-07-05 11:18 --------- d--h----- C:\Arquivos de programas\WindowsUpdate

2007-07-05 11:16 --------- d-------- C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-07-05 11:15 --------- d-------- C:\Arquivos de programas\Movie Maker

2007-07-05 11:13 --------- d-------- C:\Arquivos de programas\Messenger

2007-07-05 11:12 --------- d-------- C:\Arquivos de programas\Windows NT

2007-07-05 11:12 --------- d-------- C:\Arquivos de programas\MSN Gaming Zone

2007-07-05 07:58 --------- d-------- C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-07-05 07:58 --------- d-------- C:\Arquivos de programas\Arquivos comuns\ODBC

2007-07-02 17:05 --------- d-------- C:\Arquivos de programas\PhotoFiltre Studio

2007-06-30 00:19 --------- d-------- C:\Arquivos de programas\ICQLite

2007-06-29 20:09 53248 --a------ C:\WINDOWS\PalmDevC.dll

2007-06-29 20:09 16694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys

2007-06-29 19:56 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\Help

2007-06-24 19:55 --------- d-------- C:\Arquivos de programas\MedicSync

2007-06-24 19:13 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\ICQLite

2007-06-23 13:40 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\Arcsoft

2007-06-22 18:45 --------- d-------- C:\Arquivos de programas\Documents To Go

2007-06-22 18:21 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\Leadertech

2007-06-22 18:16 --------- d-------- C:\Arquivos de programas\Arquivos comuns\DataViz

2007-06-22 18:08 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\HotSync

2007-06-22 18:07 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-06-10 17:40 0 -rahs---- C:\MSDOS.SYS

2007-06-10 17:40 0 -rahs---- C:\IO.SYS

2007-06-10 17:40 0 --a------ C:\CONFIG.SYS

2007-06-10 17:40 0 --a------ C:\AUTOEXEC.BAT

--------- C:\Arquivos de programas\Serviços on-line

--------- C:\Arquivos de programas\Arquivos comuns\Serviços

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84778331-20b4-4e15-b574-ae30fdb93020}]

2007-08-18 20:22 92910 --a------ C:\WINDOWS\system32\iastup.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]

C:\WINDOWS\WebAssist.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2006-01-11 10:18]

"Symantec NetDriver Monitor"="C:\ARQUIV~1\SYMNET~1\SNDMon.exe" [2007-07-05 14:42]

"SiSPower"="SiSPower.dll" [2005-05-26 00:01 C:\WINDOWS\system32\SiSPower.dll]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 01:39]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]

"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dxd8vb]

dxd8vb.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iastup]

iastup.dll 2007-08-18 20:22 92910 C:\WINDOWS\system32\iastup.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Flash.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Flash.exe

backup=C:\WINDOWS\pss\Flash.exeCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HOTSYNCSHORTCUTNAME.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HOTSYNCSHORTCUTNAME.lnk

backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^HotSync Manager.LNK]

path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\HotSync Manager.LNK

backup=C:\WINDOWS\pss\HotSync Manager.LNKStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C67 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flash]

C:\Arquivos de programas\Flash.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]

C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

 

S3 FXDRV;FXDRV;\??\D:\Fxdrv.sys

S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys

 

 

Contents of the 'Scheduled Tasks' folder

2007-03-21 22:45:20 C:\WINDOWS\Tasks\Symantec NetDetect.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-19 10:46:10

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-19 10:50:47 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-19 10:50

 

--- E O F ---

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:52:06, on 19/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\cmd.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {84778331-20b4-4e15-b574-ae30fdb93020} - C:\WINDOWS\system32\iastup.dll

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll (file missing)

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm

O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\iastup.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\iastup.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B67DFBE6-815A-412B-A0D9-076B68569D3B}: NameServer = 192.168.254.254

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: dxd8vb - dxd8vb.dll (file missing)

O20 - Winlogon Notify: iastup - C:\WINDOWS\SYSTEM32\iastup.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Serviço de proteção automática do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8317 bytes

 

 

 

Obrigado desde já!!

[DigRam 144]

Bom Dia Nigel!

 

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares!!

>@< Dê um duplo clique no Bankerfix.exe,depois Enter. Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

>@< Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

 

Abraços!

[Nigel 0]

Feito! Segue adiante o relatorio e o log!!

 

 

 

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 20/8/2007 - 17:2

-------------------------------------------------------

Lista de Definição: 2007-08-18-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

----- Fim -------------------------

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:04:00, on 20/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {84778331-20b4-4e15-b574-ae30fdb93020} - C:\WINDOWS\system32\iastup.dll

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll (file missing)

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp40.tmp.dll

O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\ARQUIV~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm

O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\iastup.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\iastup.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B67DFBE6-815A-412B-A0D9-076B68569D3B}: NameServer = 192.168.254.254

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: dxd8vb - dxd8vb.dll (file missing)

O20 - Winlogon Notify: iastup - C:\WINDOWS\SYSTEM32\iastup.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Serviço de proteção automática do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8404 bytes

 

 

Próximo passo?????

[DigRam 144]

Boa Noite Nigel!

 

>@< Abra o KillBox e marque Delete on reboot.

>@< Insira ou digite na caixa Full path of file to delete,o seguinte ficheiro:

 

C:\WINDOWS\system32\tmp40.tmp.dll

 

>@< Clique no botão X e,na pergunta sobre o reboot,diga Não!

>@< Coloque,agora,o ficheiro:

 

C:\WINDOWS\system32\iastup.dll

 

>@< Clique no botão X e,na pergunta,confirme!

>@< O computador,vai reiniciar!

>@< Aproveite êste reboot,e entre em Modo de Segurança.

>@< Abra o HijackThis e clique em Do a system scan only.

>@< Marque as entradas,logo abaixo, e clique em Fix checked!

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {84778331-20b4-4e15-b574-ae30fdb93020} - C:\WINDOWS\system32\iastup.dll

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll (file missing)

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp40.tmp.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\iastup.dll

O20 - Winlogon Notify: dxd8vb - dxd8vb.dll (file missing)

O20 - Winlogon Notify: iastup - C:\WINDOWS\SYSTEM32\iastup.dll

>@< Reinicie em Modo Normal.

>@< Faça o download do VundoFix.

>@< Salve-o no Desktop!

>@< Execute o VundoFix.exe

>@< Quando o VundoFix abrir,novamente, clique em Scan for Vundo.

>@< Quando ele terminar, clique em Remove Vundo.

>@< Você receberá um prompt perguntando se quer remover os arquivos. Confirme!

>@< Sua área de trabalho vai desaparecer!

>@< Surgirá um aviso dizendo que seu computador deve ser desligado.

>@< Clique em OK e depois,ligue o computador novamente!

>@< É possível que o VundoFix encontre um arquivo, mas não consiga removê-lo. Se isso acontecer, a ferramenta rodará ao reiniciar.

>@< Quando o VundoFix aparecer, clique no botão Scan for Vundo para repetir o processo.

>@< Quando o VundoFix não encontrar mais nenhum arquivo,que não consiga remover,poste o seu relatório ( Log ) que se encontra em C:\Vundofix.txt

>@< Poste,também,um nôvo Log do HijackThis.

 

Abraços!

[Nigel 0]

Opa, amigo!

 

Tentei fazer tudo o que você disse, mas eu não soube reiniciar em modo de segurança :assobiando:

Então não saiu exatamente como você disse!!

 

Marquei todas as entradas que você disse, ams quando passei o vundo fix ele não encontrou nada!! Abaixo os logs atualizados!

 

 

 

VundoFix V6.5.7

 

Checking Java version...

 

Sun Java not detected

Scan started at 21:31:49 20/8/2007

 

Listing files found while scanning....

 

No infected files were found.

 

 

Beginning removal...

 

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:35:36, on 20/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm

O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B67DFBE6-815A-412B-A0D9-076B68569D3B}: NameServer = 192.168.254.254

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 6437 bytes

 

 

 

 

 

Obrigado pela ajuda!! O que devo fazer ?

[DigRam 144]

Boa Noite Nigel!

 

>@< Execute,novamente,o ComboFix e poste o relatório ( ComboFix.txt ).

>@< Poste,também,um nôvo Log do HijackThis,atualizado.

 

Abraços!

[Nigel 0]

Feito! Aí vai o resultado:

 

 

 

ComboFix 07-08-17.2 - "uu" 2007-08-21 0:36:58.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.250 [GMT -3:00]

* Created a new restore point

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\uu\DADOSD~1\tmp3F.tmp.exe

C:\WINDOWS\system32\dn7cef0955.dat

 

 

((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))

 

 

2007-08-20 21:31 <DIR> d-------- C:\VundoFix Backups

2007-08-20 21:10 <DIR> d-------- C:\!KillBox

2007-08-20 17:01 <DIR> d-------- C:\LinhaDefensiva

2007-08-19 10:37 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-18 20:37 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2007-08-18 01:24 <DIR> d-------- C:\Arquivos de programas\Total Video Converter

2007-07-27 15:51 <DIR> d-------- C:\Arquivos de Programa

2007-07-27 15:41 <DIR> d-------- C:\Arquivos de programas\Badongo

2007-07-24 20:43 <DIR> d-------- C:\Arquivos de programas\WinPcap

2007-07-24 20:37 <DIR> d-------- C:\Arquivos de programas\IMMonitor

2007-07-21 15:33 <DIR> d-------- C:\Temp

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-20 22:56 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\Skype

2007-08-20 21:03 --------- d-------- C:\Arquivos de programas\eMule

2007-08-20 19:50 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2007-08-20 18:16 --------- d-------- C:\Arquivos de programas\SymNetDrv

2007-08-16 13:00 --------- d-------- C:\Arquivos de programas\Everest Poker

2007-08-15 07:39 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\MegauploadToolbar

2007-08-15 07:39 --------- d-------- C:\Arquivos de programas\MegauploadToolbar

2007-07-30 17:42 --------- d-------- C:\Arquivos de programas\Palm

2007-07-20 15:05 --------- d-------- C:\Arquivos de programas\Bejeweled 2

2007-07-20 14:44 --------- d-------- C:\Arquivos de programas\GustoSoft

2007-07-13 17:18 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\Orbit

2007-07-11 01:12 --------- d-------- C:\Arquivos de programas\AskPBar

2007-07-10 14:40 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-07-09 21:56 4096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys

2007-07-09 21:32 --------- d-------- C:\Arquivos de programas\MessengerDiscovery

2007-07-06 12:04 --------- d-------- C:\Arquivos de programas\DIKO

2007-07-05 17:40 --------- d-------- C:\Arquivos de programas\Yahoo!

2007-07-05 14:42 --------- d-------- C:\Arquivos de programas\Symantec

2007-07-05 14:23 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\Symantec

2007-07-05 13:31 2426 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin

2007-07-05 13:29 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin

2007-07-05 12:52 --------- d-------- C:\Arquivos de programas\EPSON

2007-07-05 11:21 --------- d-------- C:\Arquivos de programas\microsoft frontpage

2007-07-05 11:18 --------- d--h----- C:\Arquivos de programas\WindowsUpdate

2007-07-05 11:16 --------- d-------- C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-07-05 11:15 --------- d-------- C:\Arquivos de programas\Movie Maker

2007-07-05 11:13 --------- d-------- C:\Arquivos de programas\Messenger

2007-07-05 11:12 --------- d-------- C:\Arquivos de programas\Windows NT

2007-07-05 11:12 --------- d-------- C:\Arquivos de programas\MSN Gaming Zone

2007-07-05 07:58 --------- d-------- C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-07-05 07:58 --------- d-------- C:\Arquivos de programas\Arquivos comuns\ODBC

2007-07-02 17:05 --------- d-------- C:\Arquivos de programas\PhotoFiltre Studio

2007-06-30 00:19 --------- d-------- C:\Arquivos de programas\ICQLite

2007-06-29 20:09 53248 --a------ C:\WINDOWS\PalmDevC.dll

2007-06-29 20:09 16694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys

2007-06-29 19:56 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\Help

2007-06-24 19:55 --------- d-------- C:\Arquivos de programas\MedicSync

2007-06-24 19:13 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\ICQLite

2007-06-23 13:40 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\Arcsoft

2007-06-22 18:45 --------- d-------- C:\Arquivos de programas\Documents To Go

2007-06-22 18:21 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\Leadertech

2007-06-22 18:16 --------- d-------- C:\Arquivos de programas\Arquivos comuns\DataViz

2007-06-22 18:08 --------- d-------- C:\DOCUME~1\uu\DADOSD~1\HotSync

2007-06-22 18:07 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-06-10 17:40 0 -rahs---- C:\MSDOS.SYS

2007-06-10 17:40 0 -rahs---- C:\IO.SYS

2007-06-10 17:40 0 --a------ C:\CONFIG.SYS

2007-06-10 17:40 0 --a------ C:\AUTOEXEC.BAT

--------- C:\Arquivos de programas\Serviços on-line

--------- C:\Arquivos de programas\Arquivos comuns\Serviços

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2005-05-26 00:01 C:\WINDOWS\system32\SiSPower.dll]

"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-08-20 17:35]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Flash.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Flash.exe

backup=C:\WINDOWS\pss\Flash.exeCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HOTSYNCSHORTCUTNAME.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HOTSYNCSHORTCUTNAME.lnk

backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uu^Menu Iniciar^Programas^Inicializar^HotSync Manager.LNK]

path=C:\Documents and Settings\uu\Menu Iniciar\Programas\Inicializar\HotSync Manager.LNK

backup=C:\WINDOWS\pss\HotSync Manager.LNKStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C67 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flash]

C:\Arquivos de programas\Flash.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]

C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

 

S3 FXDRV;FXDRV;\??\D:\Fxdrv.sys

S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys

 

 

Contents of the 'Scheduled Tasks' folder

2007-03-21 22:45:20 C:\WINDOWS\Tasks\Symantec NetDetect.job

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-21 00:39:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-08-21 0:40:44

C:\ComboFix-quarantined-files.txt ... 2007-08-21 00:40

C:\ComboFix2.txt ... 2007-08-19 10:50

 

--- E O F ---

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:42:47, on 21/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm

O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B67DFBE6-815A-412B-A0D9-076B68569D3B}: NameServer = 192.168.254.254

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 6608 bytes

 

 

Obrigado!

[DigRam 144]

Bom Dia Nigel!

 

>@< Como o Vundo é uma infecção renitente,execute estas ferramentas Espanholas,otimizadas na detecção e eliminação do Vundo.

>@< Configure o Windows para que mostre: Ver todos os Arquivos,até os ocultos!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpywares!

>@< Faça o download da EliStarA.

>@< Baixe-a para o Disco Local-C e crie uma pasta para a ferramenta,estabelecendo um caminho para o Desktop! ( Atalho. )

>@< Faça o download do ELINOTIF.DLL.Salve-o no interior da pasta criada para EliStarA!

>@< Faça o download do EliTriIP.

>@< Baixe-a para o Desktop!

>@< Ps: Ambas,as ferramentas,estarão na página descargas ( Descargas > Utilidades SATINFO ).

>@< Selecione as ferramentas ( Uma por vez! ) e clique no pé da página,no botão Descargar xxx.Onde xxx é a denominação da ferramenta escolhida!

>@< Reinicie o computador e entre em Modo de Segurança.

>@< Execute,primeiro,a ferramenta: EliStartA.

>@< Vá ao seu ícone e execute-a!

>@< Aceite as condições propostas e aguarde o término do scan.Aguarde!Pois vai demorar um pouco para concluir a varredura do PC.

>@< Terminando,execute a ferramenta EliTriIP.

>@< O scan desta ferramenta é mais rápido!

>@< Poste o relatório infoSAT.txt que está na raíz C:\ ( Disco Local-C ) + HijackThis,atualizado.

 

Abraços!

[Nigel 0]

OK!! Dessa vez fiz tudo certinho!!

Lá vão os logs:

 

Tue Aug 21 11:54:31 2007

EliStartPage v14.50 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Eliminada Clave "HKLM\...\Image File Execution Options\Your Image File Name Here without a path"

No detectado Parche MS04-011 de Microsoft instalado. (LSASS)

No detectado Parche MS04-012 de Microsoft instalado. (RPC)

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

 

Tue Aug 21 11:55:56 2007

EliStartPage v14.50 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Palm\OCPTASKSHH.DLL --> Eliminado, NavHelper(BHO)

 

 

Tue Aug 21 12:07:07 2007

EliTriIP v3.78 ©2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS04-011 de Microsoft instalado. (LSASS)

No detectado Parche MS04-012 de Microsoft instalado. (RPC)

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

 

Tue Aug 21 12:07:25 2007

EliTriIP v3.78 ©2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:09:01, on 21/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm

O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B67DFBE6-815A-412B-A0D9-076B68569D3B}: NameServer = 192.168.254.254

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 5812 bytes

 

 

Funcionou?

ABraço!

[DigRam 144]

Boa Noite Nigel!

 

>@< Abra o HijackThis e dê Fix,nas entradas,logo abaixo:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

>@< Estabeleça a sua página inicial!

>@< Apague as pastas,em destaque:

 

C:\VundoFix Backups

C:\!KillBox << A pasta!

C:\LinhaDefensiva

C:\QooBox

 

No detectado Parche MS04-011 de Microsoft instalado. (LSASS)

No detectado Parche MS04-012 de Microsoft instalado. (RPC)

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

>@< Estão lhe faltando,alguns patches de segurança.Procure,se possível,atualizar o computador!

 

Crie um Ponto de Restauração do Sistema,Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Executar cleaner.

>@< Terminando,clique em Erros >> Procurar erros >> Corrigir erros.

>@< No mais,tudo Ok.

>@< Log Limpo!

 

Abraços!

[Nigel 0]

Olá, DigRam!

Parece que está tudo certo!!

Segui as últimas recomendações e aí vai´o (espero que último!) log:

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:59:02, on 21/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Skype\Plugin Manager\SkypePM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogi...mp;passive=true

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Arquivos de programas\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Arquivos de programas\AskPBar\bar\1.bin\ASKPBAR.DLL

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Download Links As... - file://C:\WINDOWS\system32\page.htm

O8 - Extra context menu item: Download Target(s) As... - file://C:\WINDOWS\system32\link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Arquivos de programas\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B67DFBE6-815A-412B-A0D9-076B68569D3B}: NameServer = 192.168.254.254

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 6900 bytes

 

 

 

 

Muito obrigado pela ajuda!!!!!!!!!!

[DigRam 144]

Bom Dia Nigel!

 

>@< O Log,não apresenta entradas ruins.

>@< Bom trabalho!

>@< Log Limpo!

 

Abraços! :thumbsup:

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é preciso enviar uma Mensagem Privada para um Moderador com um link para o tópico.