Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Bethyan Kelly

[Arquivado]Memória infectada! Análise de log

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

Bethyan Kelly    0

Bethyan Kelly
Postado

Olá

Meu micro está com um problema de memória infectada. Após determinado tempo de uso a memória virtual acaba, o antivírus avast! detecta as pragas mas não pode apagar pois "o arquivo está sendo usado em outros processos". Nem move para a quarentena.

Preciso que vocês analisem o log do Hijack do meu micro, por favor, e se puder me ajudar a resolver o problema!!! (É a 1ª vez que posto aqui)!

Obrigada desde já!!! :thumbsup:

 

Logfile of HijackThis v1.99.1

Scan saved at 01:19:12, on 19/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\PV92Tray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

C:\ARQUIV~1\Webshots\webshots.scr

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

c:\arquivos de programas\arquivos comuns\installshield\updateservice\isuspm.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\agent.exe

C:\Bethyan\Programas1\Antispyware e antivírus\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\ARQUIV~1\DAP\dapbho.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {c102d5aa-4b49-4675-954b-0bd54717364c} - C:\WINDOWS\system32\mcas029.dll

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp19.tmp.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\rqoopm.dll",forkonce

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O4 - Startup: Webshots.lnk = C:\Arquivos de programas\Webshots\Launcher.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização do Office.lnk = ?

O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\ARQUIV~1\DAP\dapextie2.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARQUIV~1\DAP\DAP.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.gamehouse.com/realarcade-webgam.../DinerDash2.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://kzam.atra.ig.com.br/games/applets/p...mjolauncher.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/realarcade-webgam...erDashFloGo.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.tikgames.com/real/games/goldfever/goldfever.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{593EA05B-36E7-4B61-9433-93CD7BBC5AE3}: NameServer = 201.10.120.2 201.10.128.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\mllmlij.dll

O20 - Winlogon Notify: mcas029 - C:\WINDOWS\SYSTEM32\mcas029.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia Bethyan Kelly!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bethyan Kelly    0

Bethyan Kelly
Postado

Relatório: C:\ComboFix.txt + Log do HJT atualizado:

 

 

Relatório do ComboFix

 

ComboFix 07-08-14.4 - "Usu rio" 2007-08-19 17:44:14.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.116 [GMT -3:00]

* Created a new restore point

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\USURIO~1\DADOSD~1\tmp18.tmp.exe

C:\DOCUME~1\USURIO~1\DADOSD~1\tmp19.tmp.exe

C:\DOCUME~1\USURIO~1\DADOSD~1\tmp1A.tmp.exe

C:\DOCUME~1\USURIO~1\DADOSD~1\tmp44.tmp.exe

C:\DOCUME~1\USURIO~1\DADOSD~1\tmp45.tmp.exe

C:\DOCUME~1\USURIO~1\DADOSD~1\tmp46.tmp.exe

C:\DOCUME~1\USURIO~1\DADOSD~1\tmp5.tmp.exe

C:\WINDOWS\cbxxyw.dll

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\foodtray.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart1.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart2.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart3.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\menu_down.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\menu_up.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\ticket.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\popup.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\actionpoints.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\career.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\customer.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\endless.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\global.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\powerups.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cook\stove.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\arrow.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\click.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\click2.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\grab.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\open.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\idle.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\idle.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\lower.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\lower.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\upper.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\upper.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\bench.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\bench.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\chair.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\chair.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dishcart.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\radio.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\spill.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\spill.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\stereo.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\family.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help_dividerline.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_noise.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_score.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_servefood.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\playfirstlogo.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\entername.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\game.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\help1.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\help2.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\levelover.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\loading.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\ok.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\pause.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\style.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\upsell.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\yesno.lua

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\splash\aol_logo.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\strings.xml

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\angersmoke.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\chairflags.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\chairflags.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\check.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\checkmark.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\closed.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\coinflip.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\coinflip.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\decor_lines.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\dollar.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\expert.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\foodpoof.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\heartgrow.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\jar.anm

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\jar.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\lives_icon.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\noisering.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\traynumber.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_base.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_hand.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg

C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\dinerdash2.exe

C:\WINDOWS\mpooqr.ini

C:\WINDOWS\mpooqr.ini2

C:\WINDOWS\rqoopm.dll

C:\WINDOWS\system3268J3wbE.exe

C:\WINDOWS\system32\tmp19.tmp.dll

C:\WINDOWS\system32\tmp46.tmp.dll

C:\WINDOWS\Tasks.\At1.job

C:\WINDOWS\Tasks.\At10.job

C:\WINDOWS\Tasks.\At11.job

C:\WINDOWS\Tasks.\At12.job

C:\WINDOWS\Tasks.\At13.job

C:\WINDOWS\Tasks.\At14.job

C:\WINDOWS\Tasks.\At15.job

C:\WINDOWS\Tasks.\At16.job

C:\WINDOWS\Tasks.\At17.job

C:\WINDOWS\Tasks.\At18.job

C:\WINDOWS\Tasks.\At19.job

C:\WINDOWS\Tasks.\At2.job

C:\WINDOWS\Tasks.\At20.job

C:\WINDOWS\Tasks.\At21.job

C:\WINDOWS\Tasks.\At22.job

C:\WINDOWS\Tasks.\At23.job

C:\WINDOWS\Tasks.\At24.job

C:\WINDOWS\Tasks.\At3.job

C:\WINDOWS\Tasks.\At4.job

C:\WINDOWS\Tasks.\At5.job

C:\WINDOWS\Tasks.\At6.job

C:\WINDOWS\Tasks.\At7.job

C:\WINDOWS\Tasks.\At8.job

C:\WINDOWS\Tasks.\At9.job

C:\WINDOWS\WebAssist.dll

C:\WINDOWS\wyxxbc.ini

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_DOMAINSERVICE

-------\DomainService

 

 

((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))

 

 

2007-08-19 17:42 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-14 14:10 <DIR> d-------- C:\WINDOWS\Suplemen

2007-08-13 11:27 1,188 --a------ C:\WINDOWS\mozver.dat

2007-08-13 11:22 0 --a------ C:\WINDOWS\nsreg.dat

2007-08-12 16:55 <DIR> d-------- C:\Arquivos de programas\MediaCoder

2007-08-12 16:07 5,767,168 --a------ C:\DOCUME~1\USURIO~1\ntuser.dat

2007-08-12 15:27 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

2007-08-12 15:27 <DIR> d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\WholeSecurity

2007-08-12 15:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-08-07 02:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-08-07 00:12 92,730 --a------ C:\WINDOWS\system32\mcas029.dll

2007-08-07 00:12 0 --a------ C:\WINDOWS\system32\dn903b0bf5.dat

2007-08-04 15:44 15,950 --a------ C:\WINDOWS\system32\winmds.exe

2007-07-29 15:52 <DIR> d-------- C:\Arquivos de programas\DsNET Corp

2007-07-27 00:26 <DIR> d-------- C:\My Games

2007-07-24 19:59 2,828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2007-07-24 19:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield

2007-07-24 19:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2007-07-24 18:59 <DIR> d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\Corel

2007-07-24 18:43 <DIR> d-------- C:\Arquivos de programas\Corel

2007-07-21 20:11 <DIR> d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\MegauploadToolbar

2007-07-21 20:11 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

2007-07-21 19:38 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-07-21 13:00 <DIR> d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\Free Download Manager

2007-07-21 13:00 <DIR> d-------- C:\Arquivos de programas\Free Download Manager

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-27 19:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-27 19:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-27 19:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-27 19:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 18:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 18:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 18:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-07-24 18:53 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-07-16 04:15 --------- d-------- C:\Arquivos de programas\FreeRIP3

2007-07-13 18:13 --------- d-------- C:\Arquivos de programas\Google

2007-07-07 02:57 --------- d-------- C:\Arquivos de programas\GPLGS

2007-07-07 02:35 --------- d-------- C:\Arquivos de programas\Acro Software

2007-07-01 04:04 --------- d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\Webshots

2007-07-01 04:04 --------- d-------- C:\Arquivos de programas\Webshots

2007-06-29 13:51 --------- d-------- C:\Arquivos de programas\7-Zip

2007-06-24 09:56 --------- d-------- C:\Arquivos de programas\Atrativa Games

2007-06-23 17:53 --------- d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\PlayFirst

2007-06-08 09:07 87808 --a------ C:\WINDOWS\system32\cpwmon2k.dll

2007-02-28 01:58 774144 --a------ C:\Arquivos de programas\RngInterstitial.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c102d5aa-4b49-4675-954b-0bd54717364c}]

2007-08-07 00:12 92730 --a------ C:\WINDOWS\system32\mcas029.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PRONoMgr.exe"="C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]

"SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 C:\WINDOWS\soundman.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"PCTVOICE"="pctspk.exe" [2005-01-24 15:02 C:\WINDOWS\system32\pctspk.exe]

"PV92TRAY"="PV92Tray.exe" [2005-01-24 15:02 C:\WINDOWS\system32\PV92Tray.exe]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-02-27 23:44]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-07 04:29]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 23:24]

"TrayHabil"="C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe" []

 

C:\Documents and Settings\Usu rio\Menu Iniciar\Programas\Inicializar\

Webshots.lnk - C:\Arquivos de programas\Webshots\Launcher.exe [2007-07-01 04:04:13]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-07 12:18:17]

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mcas029]

mcas029.dll 2007-08-07 00:12 92730 C:\WINDOWS\system32\mcas029.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=c:\windows\system32\mllmlij.dll

 

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS

S3 wampapache;wampapache;"c:\wamp\apache2\bin\Apache.exe" -k runservice

S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{088c5ce3-c740-11db-b774-0013a3521a50}]

1\Command- .\recycled\info.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-08-19 04:15:12 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 04:15:12 C:\WINDOWS\Tasks\At26.job

2007-08-19 12:47:14 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 12:47:14 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 12:47:14 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 12:47:14 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 12:47:14 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\winmds.exe

2007-08-14 16:04:24 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\winmds.exe

2007-08-04 18:44:08 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\winmds.exe

2007-08-04 18:44:08 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 16:58:29 C:\WINDOWS\Tasks\At35.job

2007-08-19 16:58:29 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 16:58:29 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 16:58:29 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 17:50:55 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 20:53:31 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 20:53:31 C:\WINDOWS\Tasks\At41.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 20:53:31 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 04:15:12 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 04:15:12 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 04:15:12 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 04:15:12 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 04:15:12 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 04:15:12 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\winmds.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-19 17:54:09

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-19 17:55:36 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-19 17:55

 

--- E O F ---

 

 

 

 

Log do Hiajck

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:58:09, on 19/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\PV92Tray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

C:\ARQUIV~1\Webshots\webshots.scr

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Bethyan\Programas1\Antispyware e antivírus\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\ARQUIV~1\DAP\dapbho.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {c102d5aa-4b49-4675-954b-0bd54717364c} - C:\WINDOWS\system32\mcas029.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O4 - Startup: Webshots.lnk = C:\Arquivos de programas\Webshots\Launcher.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização do Office.lnk = ?

O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\ARQUIV~1\DAP\dapextie2.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARQUIV~1\DAP\DAP.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.gamehouse.com/realarcade-webgam.../DinerDash2.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://kzam.atra.ig.com.br/games/applets/p...mjolauncher.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/realarcade-webgam...erDashFloGo.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.tikgames.com/real/games/goldfever/goldfever.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\mllmlij.dll

O20 - Winlogon Notify: mcas029 - C:\WINDOWS\SYSTEM32\mcas029.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia Bethyan Kelly!

 

>@< Copie o arquivo,que está na área do code,para o Bloco de Notas.

>@< Salve-o como:CFScript.txt.txt

>@< Em:Salvar como tipo,deixe....Documentos de texto (*.txt) >> Clique em Salvar.

File::C:\WINDOWS\System32\winmds.exeC:\WINDOWS\SYSTEM32\mcas029.dllC:\WINDOWS\System32\mllmlij.dllC:\WINDOWS\system32\dn903b0bf5.datC:\WINDOWS\Tasks\At25.jobC:\WINDOWS\Tasks\At26.job C:\WINDOWS\Tasks\At27.jobC:\WINDOWS\Tasks\At28.jobC:\WINDOWS\Tasks\At29.jobC:\WINDOWS\Tasks\At30.jobC:\WINDOWS\Tasks\At31.jobC:\WINDOWS\Tasks\At32.job C:\WINDOWS\Tasks\At33.jobC:\WINDOWS\Tasks\At34.job C:\WINDOWS\Tasks\At35.job C:\WINDOWS\Tasks\At36.job C:\WINDOWS\Tasks\At37.jobC:\WINDOWS\Tasks\At38.job C:\WINDOWS\Tasks\At39.job C:\WINDOWS\Tasks\At40.job C:\WINDOWS\Tasks\At41.job C:\WINDOWS\Tasks\At42.job C:\WINDOWS\Tasks\At43.job C:\WINDOWS\Tasks\At44.job C:\WINDOWS\Tasks\At45.job C:\WINDOWS\Tasks\At46.job C:\WINDOWS\Tasks\At47.job C:\WINDOWS\Tasks\At48.jobRegistry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=""[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mcas029] "mcas029.dll"=-[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c102d5aa-4b49-4675-954b-0bd54717364c}]"mcas029.dll"=-

>@< Crie uma pasta para o ComboFix,e coloque o arquivo CFScript,no seu interior.

>@< Execute,novamente,a ferramenta e poste o seu relatório ( ComboFix.txt ) + HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bethyan Kelly    0

Bethyan Kelly
Postado

Então DigRam, obrigada pela ajuda!

Segui seus passos, não sei se deu certo, se criei a pasta no local certo, mas aí vai!

Criei a pasta na área de trabalho!

É isso. Té+

 

 

ComboFix 07-08-17.2 - "Usu rio" 2007-08-21 15:32:57.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.209 [GMT -3:00]

 

 

((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))

 

 

2007-08-21 15:21 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-21 15:06 <DIR> d-------- C:\ComboFix(2)

2007-08-21 14:58 <DIR> d-------- C:\Arquivos de programas\VS Revo Group

2007-08-21 13:56 <DIR> d-------- C:\Webshots Data

2007-08-14 14:10 <DIR> d-------- C:\WINDOWS\Suplemen

2007-08-13 11:27 1,188 --a------ C:\WINDOWS\mozver.dat

2007-08-13 11:22 0 --a------ C:\WINDOWS\nsreg.dat

2007-08-12 16:55 <DIR> d-------- C:\Arquivos de programas\MediaCoder

2007-08-12 15:27 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys

2007-08-12 15:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-08-07 02:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-08-07 00:12 92,730 --a------ C:\WINDOWS\system32\mcas029.dll

2007-08-07 00:12 0 --a------ C:\WINDOWS\system32\dn903b0bf5.dat

2007-08-04 15:44 15,950 --a------ C:\WINDOWS\system32\winmds.exe

2007-07-29 15:52 <DIR> d-------- C:\Arquivos de programas\DsNET Corp

2007-07-27 00:26 <DIR> d-------- C:\My Games

2007-07-24 19:59 2,828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2007-07-24 19:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2007-07-24 18:43 <DIR> d-------- C:\Arquivos de programas\Corel

2007-07-21 20:11 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

2007-07-21 19:38 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-07-21 13:00 <DIR> d-------- C:\Arquivos de programas\Free Download Manager

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-08-21 14:41 --------- d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\MegauploadToolbar

2007-08-21 05:50 --------- d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\Free Download Manager

2007-08-12 15:27 --------- d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\WholeSecurity

2007-07-27 19:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-27 19:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-27 19:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-27 19:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 18:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 18:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 18:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-07-24 18:59 --------- d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\Corel

2007-07-24 18:53 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-07-16 04:15 --------- d-------- C:\Arquivos de programas\FreeRIP3

2007-07-13 18:13 --------- d-------- C:\Arquivos de programas\Google

2007-07-07 02:57 --------- d-------- C:\Arquivos de programas\GPLGS

2007-07-07 02:35 --------- d-------- C:\Arquivos de programas\Acro Software

2007-07-01 04:04 --------- d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\Webshots

2007-07-01 04:04 --------- d-------- C:\Arquivos de programas\Webshots

2007-06-29 13:51 --------- d-------- C:\Arquivos de programas\7-Zip

2007-06-24 09:56 --------- d-------- C:\Arquivos de programas\Atrativa Games

2007-06-23 17:53 --------- d-------- C:\DOCUME~1\USURIO~1\DADOSD~1\PlayFirst

2007-06-08 09:07 87808 --a------ C:\WINDOWS\system32\cpwmon2k.dll

2007-02-28 01:58 774144 --a------ C:\Arquivos de programas\RngInterstitial.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c102d5aa-4b49-4675-954b-0bd54717364c}]

2007-08-07 00:12 92730 --a------ C:\WINDOWS\system32\mcas029.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PRONoMgr.exe"="C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]

"SoundMan"="SOUNDMAN.EXE" [2005-12-14 18:06 C:\WINDOWS\soundman.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"PCTVOICE"="pctspk.exe" [2005-01-24 15:02 C:\WINDOWS\system32\pctspk.exe]

"PV92TRAY"="PV92Tray.exe" [2005-01-24 15:02 C:\WINDOWS\system32\PV92Tray.exe]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-02-27 23:44]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-07 04:29]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 23:24]

"TrayHabil"="C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mcas029]

mcas029.dll 2007-08-07 00:12 92730 C:\WINDOWS\system32\mcas029.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=c:\windows\system32\mllmlij.dll

 

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS

S3 wampapache;wampapache;"c:\wamp\apache2\bin\Apache.exe" -k runservice

S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{088c5ce3-c740-11db-b774-0013a3521a50}]

1\Command- .\recycled\info.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe

 

*Newly Created Service* - CATCHME

 

Contents of the 'Scheduled Tasks' folder

2007-08-21 09:10:58 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 09:10:58 C:\WINDOWS\Tasks\At26.job

2007-08-21 09:10:58 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 09:10:58 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 09:10:58 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 09:10:58 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 12:47:14 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\winmds.exe

2007-08-14 16:04:24 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\winmds.exe

2007-08-04 18:44:08 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\winmds.exe

2007-08-04 18:44:08 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\winmds.exe

2007-08-19 16:58:29 C:\WINDOWS\Tasks\At35.job

2007-08-19 16:58:29 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 16:58:56 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 16:58:56 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 17:50:40 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 18:00:25 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\winmds.exe

2007-08-20 21:04:21 C:\WINDOWS\Tasks\At41.job - C:\WINDOWS\system32\winmds.exe

2007-08-20 21:04:21 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\winmds.exe

2007-08-20 21:04:21 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 09:10:59 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 09:10:59 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 09:10:59 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 09:10:59 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\winmds.exe

2007-08-21 09:10:59 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\winmds.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-21 15:35:00

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-08-21 15:36:21

C:\ComboFix-quarantined-files.txt ... 2007-08-21 15:35

C:\ComboFix2.txt ... 2007-08-21 15:27

C:\ComboFix3.txt ... 2007-08-21 15:10

 

--- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:38:27, on 21/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\PV92Tray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

C:\ARQUIV~1\Webshots\webshots.scr

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\explorer.exe

C:\Bethyan\Programas1\Antispyware e antivírus\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\ARQUIV~1\DAP\dapbho.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {c102d5aa-4b49-4675-954b-0bd54717364c} - C:\WINDOWS\system32\mcas029.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização do Office.lnk = ?

O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\ARQUIV~1\DAP\dapextie2.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARQUIV~1\DAP\DAP.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.gamehouse.com/realarcade-webgam.../DinerDash2.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://kzam.atra.ig.com.br/games/applets/p...mjolauncher.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/realarcade-webgam...erDashFloGo.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.tikgames.com/real/games/goldfever/goldfever.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{593EA05B-36E7-4B61-9433-93CD7BBC5AE3}: NameServer = 201.10.120.2 201.10.128.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\mllmlij.dll

O20 - Winlogon Notify: mcas029 - C:\WINDOWS\SYSTEM32\mcas029.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia Bethyan Kelly!

 

>@< Faça o download do Avenger.

>@< Descompacte-o e crie uma pasta para o programa!Coloque esta pasta no Disco Local-C ou Desktop!

>@< Rode o programa e marque Input script manually.

>@< Clique no ícone da lupa!

 

Files to delete:

C:\WINDOWS\System32\winmds.exe

C:\WINDOWS\SYSTEM32\mcas029.dll

C:\WINDOWS\System32\mllmlij.dll

C:\WINDOWS\system32\dn903b0bf5.dat

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

 

Registry values to delete:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mcas029]

"mcas029.dll"=-

 

Registry keys to delete:

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c102d5aa-4b49-4675-954b-0bd54717364c}

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mcas029.dll

>@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima!

>@< Clique em Done.

>@< Clique no ícone do semáforo!

>@< Clique em Ok.

>@< O computador irá reiniciar!

>@< Poste,na sua resposta,um nôvo Log do HijackThis + Avenger.txt

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bethyan Kelly    0

Bethyan Kelly
Postado

Olá DigRam

Aí está o log do HijackThis e o relatório do Avenger!

Abraço!!!

 

Logfile of HijackThis v1.99.1

Scan saved at 23:14:32, on 22/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\PV92Tray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\Webshots\Webshots.scr

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Bethyan\Programas1\Antispyware e antivírus\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\ARQUIV~1\DAP\dapbho.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {c102d5aa-4b49-4675-954b-0bd54717364c} - C:\WINDOWS\system32\mcas029.dll (file missing)

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O4 - Startup: Webshots.lnk = C:\Arquivos de programas\Webshots\Launcher.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização do Office.lnk = ?

O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\ARQUIV~1\DAP\dapextie2.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARQUIV~1\DAP\DAP.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.gamehouse.com/realarcade-webgam.../DinerDash2.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://kzam.atra.ig.com.br/games/applets/p...mjolauncher.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/realarcade-webgam...erDashFloGo.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.tikgames.com/real/games/goldfever/goldfever.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: c:\windows\system32\mllmlij.dll

O20 - Winlogon Notify: mcas029 - mcas029.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

 

 

 

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Syntax error in line --- no registry value to delete found. Line will be ignored.

Error code: 0

Line: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

 

 

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.

Error code: 0

Line: appinit_dlls"="

 

 

Syntax error in line --- no registry value to delete found. Line will be ignored.

Error code: 0

Line: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mcas029]

 

 

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.

Error code: 0

Line: mcas029.dll"=-

 

 

//////////////////////////////////////////

 

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\qdixbyvv

 

*******************

 

Script file located at: \??\C:\WINDOWS\system32\dxnpyysj.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\System32\winmds.exe deleted successfully.

File C:\WINDOWS\SYSTEM32\mcas029.dll deleted successfully.

 

 

File C:\WINDOWS\System32\mllmlij.dll not found!

Deletion of file C:\WINDOWS\System32\mllmlij.dll failed!

 

Could not process line:

C:\WINDOWS\System32\mllmlij.dll

Status: 0xc0000034

 

File C:\WINDOWS\system32\dn903b0bf5.dat deleted successfully.

File C:\WINDOWS\Tasks\At25.job deleted successfully.

File C:\WINDOWS\Tasks\At26.job deleted successfully.

File C:\WINDOWS\Tasks\At27.job deleted successfully.

File C:\WINDOWS\Tasks\At28.job deleted successfully.

File C:\WINDOWS\Tasks\At29.job deleted successfully.

File C:\WINDOWS\Tasks\At30.job deleted successfully.

File C:\WINDOWS\Tasks\At31.job deleted successfully.

File C:\WINDOWS\Tasks\At32.job deleted successfully.

File C:\WINDOWS\Tasks\At33.job deleted successfully.

File C:\WINDOWS\Tasks\At34.job deleted successfully.

File C:\WINDOWS\Tasks\At35.job deleted successfully.

File C:\WINDOWS\Tasks\At36.job deleted successfully.

File C:\WINDOWS\Tasks\At37.job deleted successfully.

File C:\WINDOWS\Tasks\At38.job deleted successfully.

File C:\WINDOWS\Tasks\At39.job deleted successfully.

File C:\WINDOWS\Tasks\At40.job deleted successfully.

File C:\WINDOWS\Tasks\At41.job deleted successfully.

File C:\WINDOWS\Tasks\At42.job deleted successfully.

File C:\WINDOWS\Tasks\At43.job deleted successfully.

File C:\WINDOWS\Tasks\At44.job deleted successfully.

File C:\WINDOWS\Tasks\At45.job deleted successfully.

File C:\WINDOWS\Tasks\At46.job deleted successfully.

File C:\WINDOWS\Tasks\At47.job deleted successfully.

File C:\WINDOWS\Tasks\At48.job deleted successfully.

 

 

Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c102d5aa-4b49-4675-954b-0bd54717364c} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c102d5aa-4b49-4675-954b-0bd54717364c} failed!

Status: 0xc0000034

 

 

 

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mcas029.dll not found!

Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mcas029.dll failed!

Status: 0xc0000034

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia Bethyan Kelly!

 

>@< Faça o download do ELISHELL.EXE.

>@< Salve-o no Desktop ou Disco Local-C.

>@< Mas,não execute-o ainda!

>@< Faça o download do KillBox.

>@< Salve-o no Desktop!

>@< Abra o KillBox e marque Delete on reboot.

>@< Insira ou digite na caixa Full path of file to delete,o seguinte ficheiro:

 

C:\WINDOWS\System32\mllmlij.dll

 

>@< Clique no botão X e,na pergunta sobre o reboot,confirme!

>@< O computador vai reiniciar!

>@< Durante a reinicialização aperte,intermitentemente,a tecla F8 ou F5 e no Menu que surgir escolha: Modo Seguro ou de Segurança.

>@< Abra o HijackThis e clique em Do a system scan only.

>@< Marque as entradas (...as que encontrar),listadas,logo abaixo!

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {c102d5aa-4b49-4675-954b-0bd54717364c} - C:\WINDOWS\system32\mcas029.dll (file missing)

O20 - AppInit_DLLs: c:\windows\system32\mllmlij.dll

O20 - Winlogon Notify: mcas029 - mcas029.dll (file missing)

>@< Finalize-as,clicando em Fix checked.

>@< Ainda em Modo de Segurança,execute a ferramenta ELISHELL.EXE

>@< Se o valor "Shell",estiver correto,surgirá uma janela,informando: < El "Shell" Actual es: "EXPLORER.EXE" > Se for diferente,procure limpá-lo!

>@< Clique em Salir.

>@< O valor "Shell",anterior,será referido no relatório infoSat.txt. ( Caso seja gerado! )

>@< Reinicie,normalmente,o computador!

>@< Faça e poste um nôvo Log do HijackThis + infoSat.txt,na sua resposta.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bethyan Kelly    0

Bethyan Kelly
Postado

Olá DigRam

Demorei e achei que tinha feito errado pois não encontrava o relatório infoSat.txt mas pelo jeito não foi gerado!!!

Mas aí está o log do HijackThis!

Abraços e obrigada!!!

 

Logfile of HijackThis v1.99.1

Scan saved at 13:04:10, on 27/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\PV92Tray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

C:\ARQUIV~1\Webshots\Webshots.scr

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Bethyan\Programas1\Antispyware e antivírus\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\ARQUIV~1\DAP\dapbho.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O4 - Startup: Webshots.lnk = C:\Arquivos de programas\Webshots\Launcher.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização do Office.lnk = ?

O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\ARQUIV~1\DAP\dapextie2.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARQUIV~1\DAP\DAP.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.gamehouse.com/realarcade-webgam.../DinerDash2.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://kzam.atra.ig.com.br/games/applets/p...mjolauncher.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/realarcade-webgam...erDashFloGo.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.tikgames.com/real/games/goldfever/goldfever.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bethyan Kelly    0

Bethyan Kelly
Postado

Olá outra vez!Não sei ao certo como funciona o site além das regras postadas, mas tenho uma dúvida:se passei a ter mais problemas com o pc eu coloco nesse mesmo tópico, ou crio outro???É que possivelmente os problemas estão relacionados pois se tratando de pragas os problemas só aumentam!Ou devo esperar para ver se, corrigindo esses erros postados, os outros problemas sumam junto?É isso. Abraços, Bethyan.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Olá outra vez!

 

Não sei ao certo como funciona o site além das regras postadas, mas tenho uma dúvida:

se passei a ter mais problemas com o pc eu coloco nesse mesmo tópico, ou crio outro???

É que possivelmente os problemas estão relacionados pois se tratando de pragas os problemas só aumentam!

Ou devo esperar para ver se, corrigindo esses erros postados, os outros problemas sumam junto?

 

É isso. Abraços, Bethyan.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Boa Noite Bethyan Kelly!

 

Respondendo às dúvidas:

 

( 1 ) Se passou a ter mais problemas,relate-os,exponha-os nêste mesmo Tópico.

( 2 ) Muitos sintomas ( problemas ),relacionados à vírus,estão correlacionados...sugiro que continue,até esgotarmos todas as possibilidades.

___________________________

 

>@< Desinstale êste programa: < DAP >

___________________________

 

>@< Reinicie o computador,em Modo de Segurança.

>@< Abra o HijackThis e clique em Do a system scan only,e marque as entradas,logo abaixo:

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\ARQUIV~1\DAP\dapbho.dll

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIV~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\ARQUIV~1\DAP\dapextie2.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\ARQUIV~1\DAP\DAP.EXE

>@< Clique em Fix checked!

>@< Reinicie,normalmente,o computador!

___________________________

@@@@@@@@@@@@@@@@@@

>@< Faça um escaneamento OnLine em < BitDefender > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

>@< Poste,então: Relatório do scan OnLine + Log do HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bethyan Kelly    0

Bethyan Kelly
Postado

Olá

Não sei se um tempo longo para responder atrapanha, mas aqui está:

 

Desinstalei o DAP e quanto entrei em Modo de Segurança não achei essas entradas no HijackThis, só depois em modo normal, como está no relatório!

Não estava conseguindo terminar o scanner do BitDefender pois ultimamente, junto com os problemas que citei no início, o micro desconecta muito da internet e o scanner ficava muito lento! Quando desconecta, a aparência das janelas muda por um instante para padrão Windows 98, e mesmo que a conexão esteja sendo mostrada como ativa, nenhum browser (ie e firefox) abre as páginas da internet! Só reiniciando! Estou verificando configurações do modem!

 

É isso por hora. Obrigada.

 

 

--------

 

 

 

BitDefender Online Scanner -Scan ReportBitDefender Online Scanner

Scan report generated at: Tue, Sep 11, 2007 - 00:28:59

 

Scan path: A:\;C:\;D:\;E:\;

 

Statistics

Time06:10:34

Files3664252

Folders33678

Boot Sectors2

Archives21993

Packed Files245820

 

Results

Identified Viruses 14

Infected Files 25

Suspect Files 0

Warnings0

Disinfected0

Deleted Files24

 

Engines Info

Virus Definitions800449

Engine buildAVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Scan plugins14

Archive plugins38

Unpack plugins7

E-mail plugins6

System plugins1

 

Scan Settings

First ActionDisinfect

Second ActionDelete

HeuristicsYes

Enable WarningsYes

Scanned Extensions*;

Exclude Extensions

Scan EmailsYes

Scan ArchivesYes

Scan PackedYes

Scan FilesYes

Scan BootYes

 

Scanned File Status

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exeInfected with:

Win32.Cuter.A

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exeDisinfection

failed

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exeDelete failed

C:\Bethyan\Mensagens\Inutilitários\COCACOLA.EXEInfected with:

Joke.Geschenk

C:\Bethyan\Mensagens\Inutilitários\COCACOLA.EXEDisinfection failed

C:\Bethyan\Mensagens\Inutilitários\COCACOLA.EXEDeleted

C:\Bethyan\PROGRAMAS\BSINSTALL.exe=>wise0024=>(CAB Sfx

r)=>VVSN.exeInfected with: Generic.Adw.SaveNow.89FD2E0C

C:\Bethyan\PROGRAMAS\BSINSTALL.exe=>wise0024=>(CAB Sfx

r)=>VVSN.exeDisinfection failed

C:\Bethyan\PROGRAMAS\BSINSTALL.exe=>wise0024=>(CAB Sfx

r)=>VVSN.exeDeleted

C:\Bethyan\PROGRAMAS\BSINSTALL.exe=>wise0024=>(CAB Sfx r)Update

failed

C:\Bethyan\PROGRAMAS\BSINSTALL.exe=>wise0028=>(CAB Sfx

r)=>VVSN.exeInfected with: Generic.Adw.SaveNow.56AD4696

C:\Bethyan\PROGRAMAS\BSINSTALL.exe=>wise0028=>(CAB Sfx

r)=>VVSN.exeDisinfection failed

C:\Bethyan\PROGRAMAS\BSINSTALL.exe=>wise0028=>(CAB Sfx

r)=>VVSN.exeDeleted

C:\Bethyan\PROGRAMAS\BSINSTALL.exe=>wise0028=>(CAB Sfx r)Update

failed

C:\Bethyan\Programas1\Nova

pasta\mw1SetupWebSite.exe=>wise0012Infected with:

Dropped:Trojan.Starter.H

C:\Bethyan\Programas1\Nova

pasta\mw1SetupWebSite.exe=>wise0012Disinfection failed

C:\Bethyan\Programas1\Nova

pasta\mw1SetupWebSite.exe=>wise0012Deleted

C:\Bethyan\Programas1\Nova pasta\mw1SetupWebSite.exeUpdate failed

C:\Disco40\Restaurado\Java1\Mensagens\Inutilitários\COCACOLA.EXEInfected

with: Joke.Geschenk

C:\Disco40\Restaurado\Java1\Mensagens\Inutilitários\COCACOLA.EXEDisinfection

failed

C:\Disco40\Restaurado\Java1\Mensagens\Inutilitários\COCACOLA.EXEDeleted

C:\Disco40\WINDOWS\Configurações locais\Temporary Internet

Files\Content.IE5\2XCJI1U5\index[3].htmInfected with:

Trojan.Spy.Banker.HQ

C:\Disco40\WINDOWS\Configurações locais\Temporary Internet

Files\Content.IE5\2XCJI1U5\index[3].htmDisinfection failed

C:\Disco40\WINDOWS\Configurações locais\Temporary Internet

Files\Content.IE5\2XCJI1U5\index[3].htmDeleted

C:\Disco40\WINDOWS\Configurações locais\Temporary Internet

Files\Content.IE5\S5MRC96F\index[1].htmlInfected with:

Trojan.Spy.Banker.HQ

C:\Disco40\WINDOWS\Configurações locais\Temporary Internet

Files\Content.IE5\S5MRC96F\index[1].htmlDisinfection failed

C:\Disco40\WINDOWS\Configurações locais\Temporary Internet

Files\Content.IE5\S5MRC96F\index[1].htmlDeleted

C:\Documents and Settings\NetworkService\Configurações

locais\Temp\dm313maA.exe=>(Embedded EXE o)Infected with:

MemScan:Trojan.Dialer.VUB

C:\Documents and Settings\NetworkService\Configurações

locais\Temp\dm313maA.exe=>(Embedded EXE o)Disinfection failed

C:\Documents and Settings\NetworkService\Configurações

locais\Temp\dm313maA.exe=>(Embedded EXE o)Deleted

C:\Documents and Settings\NetworkService\Configurações

locais\Temp\dm313maA.exeUpdate failed

C:\Documents and Settings\Usuário\Configurações

locais\Temp\H85e0sV8.exe=>(Embedded EXE o)Infected with:

MemScan:Trojan.Dialer.VUB

C:\Documents and Settings\Usuário\Configurações

locais\Temp\H85e0sV8.exe=>(Embedded EXE o)Disinfection failed

C:\Documents and Settings\Usuário\Configurações

locais\Temp\H85e0sV8.exe=>(Embedded EXE o)Deleted

C:\Documents and Settings\Usuário\Configurações

locais\Temp\H85e0sV8.exeUpdate failed

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp18.tmp.exe.virInfected

with: Trojan.Fotomoto.A

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp18.tmp.exe.virDeleted

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp19.tmp.exe.virInfected

with: MemScan:Trojan.Juan.V

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp19.tmp.exe.virDisinfection

failed

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp19.tmp.exe.virDeleted

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp1A.tmp.exe.virInfected

with: Trojan.PWS.Ldpinch.TAS

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp1A.tmp.exe.virDisinfection

failed

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp1A.tmp.exe.virDeleted

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp44.tmp.exe.virInfected

with: MemScan:Trojan.Dropper.Agent.BON

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp44.tmp.exe.virDisinfection

failed

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp44.tmp.exe.virDeleted

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp45.tmp.exe.virInfected

with: Trojan.PWS.Ldpinch.TAS

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp45.tmp.exe.virDisinfection

failed

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp45.tmp.exe.virDeleted

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp46.tmp.exe.virInfected

with: MemScan:Trojan.Juan.V

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp46.tmp.exe.virDisinfection

failed

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp46.tmp.exe.virDeleted

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp5.tmp.exe.virInfected

with: Trojan.PWS.Ldpinch.TAS

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp5.tmp.exe.virDisinfection

failed

C:\QooBox\Quarantine\C\DOCUME~1\USURIO~1\DADOSD~1\tmp5.tmp.exe.virDeleted

C:\QooBox\Quarantine\C\WINDOWS\rqoopm.dll.virInfected with:

Trojan.Vundo.DMO

C:\QooBox\Quarantine\C\WINDOWS\rqoopm.dll.virDeleted

C:\QooBox\Quarantine\C\WINDOWS\system3268J3wbE.exe.virInfected

with: GenPack:Trojan.Patched.Constructor.A

C:\QooBox\Quarantine\C\WINDOWS\system3268J3wbE.exe.virDisinfection

failed

C:\QooBox\Quarantine\C\WINDOWS\system3268J3wbE.exe.virDeleted

C:\QooBox\Quarantine\C\WINDOWS\system32\tmp19.tmp.dll.virInfected

with: MemScan:Trojan.Juan.V

C:\QooBox\Quarantine\C\WINDOWS\system32\tmp19.tmp.dll.virDeleted

C:\QooBox\Quarantine\C\WINDOWS\system32\tmp46.tmp.dll.virInfected

with: MemScan:Trojan.Juan.V

C:\QooBox\Quarantine\C\WINDOWS\system32\tmp46.tmp.dll.virDisinfection

failed

C:\QooBox\Quarantine\C\WINDOWS\system32\tmp46.tmp.dll.virDeleted

C:\System Volume

Information\_restore{B6A80D81-F7B8-4FA9-8E41-5CDEEDFABABA}\RP248\A0071412.EXEInfected

with: Joke.Geschenk

C:\System Volume

Information\_restore{B6A80D81-F7B8-4FA9-8E41-5CDEEDFABABA}\RP248\A0071412.EXEDisinfection

failed

C:\System Volume

Information\_restore{B6A80D81-F7B8-4FA9-8E41-5CDEEDFABABA}\RP248\A0071412.EXEDeleted

C:\System Volume

Information\_restore{B6A80D81-F7B8-4FA9-8E41-5CDEEDFABABA}\RP248\A0071414.EXEInfected

with: Joke.Geschenk

C:\System Volume

Information\_restore{B6A80D81-F7B8-4FA9-8E41-5CDEEDFABABA}\RP248\A0071414.EXEDisinfection

failed

C:\System Volume

Information\_restore{B6A80D81-F7B8-4FA9-8E41-5CDEEDFABABA}\RP248\A0071414.EXEDeleted

C:\WINDOWS\system32\8q2cdR6a.exeInfected with:

GenPack:Trojan.Downloader.JIYC

C:\WINDOWS\system32\8q2cdR6a.exeDisinfection failed

C:\WINDOWS\system32\8q2cdR6a.exeDeleted

C:\WINDOWS\system32\NeroCheck.exeInfected with: Win32.Cuter.A

C:\WINDOWS\system32\NeroCheck.exeDisinfection failed

C:\WINDOWS\system32\NeroCheck.exeDeleted

 

 

 

--------

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:46:59, on 11/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\PV92Tray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

C:\ARQUIV~1\Webshots\Webshots.scr

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Bethyan\Programas1\Antispyware e antivírus\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Startup: Webshots.lnk = C:\Arquivos de programas\Webshots\Launcher.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização do Office.lnk = ?

O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.gamehouse.com/realarcade-webgam.../DinerDash2.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://kzam.atra.ig.com.br/games/applets/p...mjolauncher.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/realarcade-webgam...erDashFloGo.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.tikgames.com/real/games/goldfever/goldfever.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{593EA05B-36E7-4B61-9433-93CD7BBC5AE3}: NameServer = 201.10.120.2 201.10.128.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

 

 

 

--------

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde Bethyan Kelly!

 

>@< Faça o download do move-zonebac.vbs.

>@< Salve-o no Desktop.Mas,não execute-o ainda!

>@< Configure o Windows para que mostre: Ver todos os Arquivos,até os ocultos!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpywares!

>@< Faça o download da EliStarA.

>@< Baixe-a para o Desktop!

>@< Faça o download do EliTriIP.

>@< Baixe-o para o Desktop!

>@< Ps: Ambas,as ferramentas,estarão na página descargas ( Descargas > Utilidades SATINFO ).

>@< Selecione as ferramentas ( Uma por vez! ) e clique no pé da página,no botão Descargar xxx.Onde xxx é a denominação da ferramenta escolhida!

>@< Faça o download do Clean.

>@< Salve-o no Disco Local-C e descompacte-o aí mesmo,enviando o executável para o Desktop! ( Atalho. )

>@< O executável é um ícone denominado: clean.cmd

>@< Reinicie o computador e entre em Modo de Segurança.

>@< Execute,primeiro,a ferramenta: EliStartA.

>@< Vá ao seu ícone e execute-a!

>@< Aceite as condições propostas e aguarde o término do scan.Aguarde!Pois,pode demorar alguns minutos.

>@< Terminando,execute a ferramenta EliTriIP.

>@< O scan desta ferramenta é mais rápido!

>@< Terminando,execute o programa de limpeza profunda ( clean ) com um duplo clique no seu executável.

>@< Abrir-se-á um prompt com três opções: Escolha o dois ( 2 )!

>@< Aperte Enter! >> Aperte Enter,novamente! >> Aguarde!

>@< Aperte Enter,novamente!

>@< Surgirá um relatório ( rapport_clean ),que voçê colará,na sua resposta.

>@< Ainda em Modo Seguro,rode o move-zonebac.vbs <!>

>@< Surgirá um Prompt,com a mesagem: < Mover arquivos detectados genericamente? >

>@< Nas opções: Sim e Não,escolha o Não!

>@< Espere a conclusão da ferramenta. Aguarde!

>@< Terminando,surgirá um relatório,que irá para a sua resposta.

____________________________

 

>@< Poste o relatório infoSAT.txt que está na raíz C:\ ( Disco Local-C ) + move-zonebac + rapport_clean.

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

>@< Ps: A ferramenta EliStarA,deletará (Opcional! ) a sua página inicial!Posteriormente,voçê à configurará novamente.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bethyan Kelly    0

Bethyan Kelly
Postado

Aqui está. Obrigada!

 

 

InfoSat.txt

 

Thu Sep 13 01:56:34 2007

EliStartPage v14.62 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

 

Thu Sep 13 01:57:03 2007

EliStartPage v14.62 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\UPGRDHLP.EXE --> Eliminado, CyDoor

C:\Bethyan\PROGRAMAS\Office 2000 Premium\PFILES\MSOFFICE\OFFICE\1046\FPUTLSAT.DLL --> Eliminado, BlackStone(BHO)

C:\Disco40\Arquivos de programas\Borland\Delphi6\Bin\MTSINST.EXE --> Eliminado, Spy.Delf (BHO)

C:\Disco40\Arquivos de programas\Microsoft Office\Office\1046\FPUTLSAT.DLL --> Eliminado, BlackStone(BHO)

C:\Disco40\Restaurado\Lostfile\DIR256\Delphi6\Bin\MTSINST.EXE --> Eliminado, Spy.Delf (BHO)

C:\Disco40\Restaurado\Lostfile\DIR282\program files\Borland\Delphi6\Bin\MTSINST.EXE --> Eliminado, Spy.Delf (BHO)

C:\Disco40\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\SYSTEM.DRAWING.DESIGN.RESOURCES.DLL --> Eliminado, MalWare.Celular

C:\Disco40\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\SYSTEM.DRAWING.DESIGN.RESOURCES.DLL --> Eliminado, MalWare.Celular

C:\Documents and Settings\Usuário\Meus documentos\BETHYAN\PROGRAMAS\Office 2000 Premium\PFILES\MSOFFICE\OFFICE\1046\FPUTLSAT.DLL --> Eliminado, BlackStone(BHO)

C:\QooBox\Quarantine\C\WINDOWS\WEBASSIST.DLL.VIR --> Eliminado, Adware.XHelper(BHO)

C:\WINDOWS\NIRCMD.EXE --> Eliminado, Tool-NirCmd

C:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\SYSTEM.DRAWING.DESIGN.RESOURCES.DLL --> Eliminado, MalWare.Celular

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\SYSTEM.DRAWING.DESIGN.RESOURCES.DLL --> Eliminado, MalWare.Celular

 

Thu Sep 13 02:28:20 2007

EliTriIP v3.87 ©2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

 

Thu Sep 13 02:28:46 2007

EliTriIP v3.87 ©2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Bethyan\PROGRAMAS\Rational Rose\Rational Rose 2000\Impg01v1\autorun.inf --> Eliminado, BackDoor.CMQ (inf)

C:\Bethyan\Programas1\Solid Edge v12 Esp ZIP\Solid Edge 12 Programa\AUTORUN.INF --> Eliminado, BackDoor.CMQ (inf)

C:\Bethyan\Programas1\Solid Edge v12 Esp ZIP\Solid Edge 12 Programa\INSIGHT\InsightConnect\Autorun.inf --> Eliminado, BackDoor.CMQ (inf)

C:\Bethyan\Programas1\Solid Edge v12 Esp ZIP\Solid Edge 12 Programa\INSIGHT\InsightServer\Autorun.inf --> Eliminado, BackDoor.CMQ (inf)

C:\Disco40\Arquivos de programas\Rational Rose Enterprise Edition for Windows\autorun.inf --> Eliminado, BackDoor.CMQ (inf)

C:\Documents and Settings\Usuário\Meus documentos\BETHYAN\PROGRAMAS\Rational Rose\Rational Rose 2000\Impg01v1\autorun.inf --> Eliminado, BackDoor.CMQ (inf)

C:\Documents and Settings\Usuário\Meus documentos\BETHYAN\Solid Edge v12 Esp ZIP\Solid Edge 12 Programa\AUTORUN.INF --> Eliminado, BackDoor.CMQ (inf)

C:\Documents and Settings\Usuário\Meus documentos\BETHYAN\Solid Edge v12 Esp ZIP\Solid Edge 12 Programa\INSIGHT\InsightConnect\Autorun.inf --> Eliminado, BackDoor.CMQ (inf)

C:\Documents and Settings\Usuário\Meus documentos\BETHYAN\Solid Edge v12 Esp ZIP\Solid Edge 12 Programa\INSIGHT\InsightServer\Autorun.inf --> Eliminado, BackDoor.CMQ (inf)

 

 

----------------------

 

 

Move-zonebac.txt

 

RENOMEADOR DE BAKS

Restaura arquivos de backup do Trojan.Zonebac

©2007 Linha Defensiva | http://www.linhadefensiva.org

Backups: C:\bak-backups\13-9-2007 3-4

 

-----------------------------------------------------------------------

 

Chaves do Registro:

HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

HKLM\..\Run: [soundMan] SOUNDMAN.EXE

HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

HKLM\..\Run: [PCTVOICE] pctspk.exe

HKLM\..\Run: [PV92TRAY] PV92Tray.exe

HKLM\..\Run: [TkBellExe] C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe -osboot

HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

HKLM\..\Run: [HP Component Manager] C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

HKLM\..\Run: [iSUSPM Startup] C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe -startup

HKLM\..\Run: [iSUSScheduler] C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe -start

HKLM\..\Run: [!AVG Anti-Spyware] C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

 

Procurando: C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

--> Tamanho: 94208

--> Pasta BAK não encontrada

 

Procurando: C:\WINDOWS\SOUNDMAN.exe

--> Tamanho: 577536

--> Pasta BAK não encontrada

 

Procurando: C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

--> Tamanho: 79224

--> Pasta BAK não encontrada

 

Procurando: C:\WINDOWS\system32\pctspk.exe

--> Tamanho: 180224

--> Pasta BAK não encontrada

 

Procurando: C:\WINDOWS\system32\PV92Tray.exe

--> Tamanho: 323584

--> Pasta BAK não encontrada

 

Procurando: C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

--> Tamanho: 180269

--> Pasta BAK não encontrada

 

Procurando: C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

--> Tamanho: 49152

--> Pasta BAK não encontrada

 

Procurando: C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

--> Tamanho: 241664

--> Pasta BAK não encontrada

 

Procurando: C:\Arquivos de programas\Google\Google Talk\googletalk.exe

--> Tamanho: 3735552

--> Pasta BAK não encontrada

 

Procurando: C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

--> Tamanho: 40048

--> Pasta BAK não encontrada

 

Procurando: C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

--> Tamanho: 249856

--> Pasta BAK não encontrada

 

Procurando: C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

--> Tamanho: 81920

--> Pasta BAK não encontrada

 

Procurando: C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

--> Tamanho: 6731312

--> Pasta BAK não encontrada

 

 

 

---------------------

 

Rapport_clean.txt

 

Script executed in Safe Mode

Rapport clean par Malekal_morte - http://www.malekal.com

Script executed in Safe Mode qui 13/09/2007 a 3:02:19,64

 

Microsoft Windows XP [versÆo 5.1.2600]

 

*** Suppression C:

 

*** Suppression C:\WINDOWS\

 

*** Suppression C:\WINDOWS\system32

 

*** Suppression C:\Arquivos de programas

 

*** Deletion of the registry keys successful..

*** End of the report !

 

 

 

------------------

 

HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 03:11:08, on 13/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\PV92Tray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

C:\ARQUIV~1\Webshots\Webshots.scr

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Bethyan\Programas1\Antispyware e antivírus\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Startup: Webshots.lnk = C:\Arquivos de programas\Webshots\Launcher.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização do Office.lnk = ?

O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.gamehouse.com/realarcade-webgam.../DinerDash2.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://kzam.atra.ig.com.br/games/applets/p...mjolauncher.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/realarcade-webgam...erDashFloGo.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.tikgames.com/real/games/goldfever/goldfever.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{593EA05B-36E7-4B61-9433-93CD7BBC5AE3}: NameServer = 201.10.120.2 201.10.128.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde Bethyan Kelly!

 

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

No detectado Parche MS06-070 de Microsoft instalado. (SServidor)

ALERTA. WindowsUpdate Incompleto.

>@< Estão lhe faltando êstes patches,procure atualizar o computador!

______________________

 

>@< Faça o download do RemDelf.

>@< Salve-o no Disco Local-C. < C:\Remdelf2b.exe > Êste,é o caminho correto!

>@< Procure imprimir estas instruções,pois os procedimentos serão realizados em Modo Seguro.Aonde o acesso,á Internet,é impossível.

>@< Reinicie o computador em Modo de Segurança.

>@< Abra o HijackThis e clique em Do a system scan only.

>@< Marque as entradas,logo abaixo,e clique em Fix checked!

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

 

>@< Restabeleça,a sua página inicial!

______________________

 

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.gamehouse.com/realarcade-webgam.../DinerDash2.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://kzam.atra.ig.com.br/games/applets/p...mjolauncher.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/realarcade-webgam...erDashFloGo.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.tikgames.com/real/games/goldfever/goldfever.cab

>@< Estas,em verde,fica à seu critério!Pois pertencem à jogos e,possíveis caminhos para a entrada de malwares.

>@< Ainda em Modo de Segurança,digite no Executar: C:\remdelf.exe

>@< Clique Ok!

>@< Caso existam outras unidades de Disco,digite: C:\remdelf C: D:

>@< Abrir-se-à um Prompt,mostrando o scan da ferramenta.Aguarde!

>@< Terminando,aperte Enter.

>@< O computador será reiniciado!

_____________________

 

>@< Poste um nôvo Log,do HijackThis,na sua resposta e,diga como está o computador.Pois,ainda,temos um último procedimento,à realizar.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Bethyan Kelly    0

Bethyan Kelly
Postado

Olá

Não pude responder antes. Espero que não afete muita coisa!

 

Sobre as tarefas:

1. No modo de segurança o HijackThis só mostrou o primeiro registro (R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =)

2. As entradas de jogos eu não marquei, pois joga-se com uma certa freqüência neste micro, então acho que o jeito é controlar mesmo.

3. O RemDelf não rodou. Esperei quase 20 minutos e nada. É assim mesmo ou tem alguma falha no programa ou no link para baixá-lo???

 

Aqui está o log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 15:27:38, on 8/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\PV92Tray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\Mouse Driver\MouseDrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\Webshots\Webshots.scr

C:\WINDOWS\system32\wuauclt.exe

C:\Bethyan\Programas1\Antispyware e antivírus\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [CreativeMouse ] C:\Arquivos de programas\Mouse Driver\MouseDrv.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Startup: Webshots.lnk = C:\Arquivos de programas\Webshots\Launcher.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização do Office.lnk = ?

O4 - Global Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O4 - Global Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.gamehouse.com/realarcade-webgam.../DinerDash2.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://kzam.atra.ig.com.br/games/applets/p...mjolauncher.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/realarcade-webgam...erDashFloGo.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.tikgames.com/real/games/goldfever/goldfever.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{593EA05B-36E7-4B61-9433-93CD7BBC5AE3}: NameServer = 201.10.120.2 201.10.128.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

 

 

 

Sobre o computador: está como antes de ocorrer os problemas: não há mais aviso de "pouca de memória", não desconecta sozinho da internet, nem nada. O avast! acusa uma ou outra tentativa de invasão, mas nada fora do normal. Ainda não passei essa semana o anti-spyware (!) mas farei isso. Mas o micro está estável sim!

 

 

É isso. Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite Bethyan Kelly!

 

>@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix,nestas entradas:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

>@< Estabeleça a sua página inicial!

 

Delete as pastas:

 

C:\QooBox << Pertence ao ComboFix.

C:\Clean

_____________________

 

3. O RemDelf não rodou. Esperei quase 20 minutos e nada. É assim mesmo ou tem alguma falha no programa ou no link para baixá-lo???

>@< Delete a ferramenta,e baixe outra!Mas,rode-a em Modo de Segurança.

_____________________

 

>@< Devido a longa ausência,faça êste escaneamento em: < Kaspersky > e,poste o relatório.

>@< Amiga!Cabe explicar-lhe,que este scan é de diagnóstico e não de desinfecção!

>@< Procure desabilitar a proteção residente do Avast,antes do procedimento.

>@< Se por qualquer motivo,não conseguir fazer o escaneamento em Kaspersky,tente pelo Panda.

>@< Vá em: < Panda >

>@< Na página,clique no botão Scan you PC.

>@< Clique em Next.

>@< Digite o seu E-Mail.

>@< Clique em Send.

>@< Finalize clicando em All PC. ( All My Computer )

>@< Aguarde!Pois vai demorar um pouco para concluir o scan.

>@< Terminando,copie o relatório e poste,na sua resposta + HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Sam Spade    2

Sam Spade
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito