[Arquivado]HijackThis :: Meu Log

Amanenti · Setembro 16, 2007

Logfile of HijackThis v1.99.1

Scan saved at 14:16:37, on 16/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\eMule\emule.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://farejador.ig.com.br/ie/

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {6A9048E1-BAE2-872F-7EE7-1E3D8A6F12E5} - C:\DOCUME~1\gigabyte\DADOSD~1\PUREBA~1\hide base.exe (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll (file missing)

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [borefragtrayace] C:\Documents and Settings\All Users\Dados de aplicativos\Drv Admin Bore Frag\each phone.exe

O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Arquivos de programas\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [eSnips] "C:\Arquivos de programas\eSnips\ClientGW.exe"

O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplorer.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - HKCU\..\Run: [OE] C:\Arquivos de programas\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 3.76\AMVConverter\grab.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 3.76\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\gigabyte\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.moove.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{03AC6D06-17E7-4B66-98BB-4B64930C809C}: NameServer = 201.10.128.2 201.10.120.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D9C20FA-F582-4DAB-9F07-D370760C6D08}: NameServer = 201.10.128.2 201.10.120.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{03AC6D06-17E7-4B66-98BB-4B64930C809C}: NameServer = 201.10.128.2 201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SfCtlCom - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\SfCtlCom.exe (file missing)

O23 - Service: Trend Micro Behavior Monitor Service (TMBMServer) - Unknown owner - C:\Arquivos de programas\Trend Micro\BM\TMBMSRV.exe (file missing)

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\ARQUIV~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)

O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Arquivos de programas\Trend Micro\Internet Security\TmProxy.exe (file missing)

O que aconteceu!? Alguém me ajuda. Obrigado.

Amanenti · Setembro 16, 2007

Eu usei o ComboFix e deu isso:

ComboFix 07-09-14.2 - "gigabyte" 2007-09-16 14:36:56.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.553 [GMT -4:00]

* Created a new restore point

.

((((((((((((((((((((((( Ficheiros criados de 2007-08-16 to 2007-09-16 ))))))))))))))))))))))))))))))))

.

2007-09-16 14:36 51,200 --a--c--- C:\WINDOWS\NirCmd.exe

2007-09-16 14:07 <DIR> d----c--- C:\HijackThis

2007-09-15 12:07 <DIR> d----c--- C:\WINDOWS\Profiles

2007-09-15 12:04 <DIR> d----c--- C:\Arquivos de programas\Motorola Phone Tools

2007-09-15 12:02 <DIR> d----c--- C:\Arquivos de programas\Avanquest update

2007-09-15 12:00 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

2007-09-15 11:59 24,192 --a--c--- C:\DOCUME~1\gigabyte\usbsermptxp.sys

2007-09-15 11:59 22,768 --a--c--- C:\DOCUME~1\gigabyte\usbsermpt.sys

2007-09-11 18:03 <DIR> d----c--- C:\Arquivos de programas\SimPE

2007-09-10 20:20 <DIR> d----c--- C:\Arquivos de programas\eMule

2007-09-09 15:05 974,848 -----c--- C:\WINDOWS\system32\mfc70.dll

2007-09-09 15:05 91,072 -----c--- C:\WINDOWS\system32\RoseCo2.dll

2007-09-09 15:05 82,896 -----c--- C:\WINDOWS\system32\KickCom2.dll

2007-09-09 15:05 344,064 -----c--- C:\WINDOWS\system32\msvcr70.dll

2007-09-09 15:05 237,568 --a--c--- C:\WINDOWS\system32\demoover.exe

2007-09-09 14:11 <DIR> d----c--- C:\Arquivos de programas\Windows Live Safety Center

2007-09-09 14:08 5,248 --a--c--- C:\WINDOWS\system32\drivers\d347prt.sys

2007-09-09 14:08 155,136 --a--c--- C:\WINDOWS\system32\drivers\d347bus.sys

2007-09-08 10:08 5,248 --a--c--- C:\WINDOWS\system32\drivers\a347scsi.sys

2007-09-08 10:08 160,640 --a--c--- C:\WINDOWS\system32\drivers\a347bus.sys

2007-09-08 10:08 <DIR> d----c--- C:\Arquivos de programas\Alcohol Soft

2007-09-07 12:39 38,400 --a--c--- C:\WINDOWS\iexplore.exe

2007-09-07 02:33 <DIR> d----c--- C:\DOCUME~1\gigabyte\DADOSD~1\.BitZip

2007-09-06 22:28 <DIR> d----c--- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-09-04 16:53 2,887,680 --a--c--- C:\WINDOWS\system32\VagalumePluginWMP.dll

2007-09-02 16:12 68,608 --a--c--- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT

2007-09-01 22:11 <DIR> d----c--- C:\Arquivos de programas\D-Tools

2007-09-01 15:14 <DIR> d----c--- C:\Arquivos de programas\EA GAMES

2007-09-01 14:45 <DIR> d----c--- C:\WINDOWS\system32\pt-br

2007-08-29 17:03 <DIR> d----c--- C:\Arquivos de programas\Arquivos comuns\Skype

2007-08-22 20:48 95,608 --a--c--- C:\WINDOWS\system32\AvastSS.scr

2007-08-22 20:48 94,416 --a--c--- C:\WINDOWS\system32\drivers\aswmon2.sys

2007-08-22 20:48 92,848 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys

2007-08-22 20:48 783,224 --a--c--- C:\WINDOWS\system32\aswBoot.exe

2007-08-22 20:48 42,912 --a--c--- C:\WINDOWS\system32\drivers\aswTdi.sys

2007-08-22 20:48 26,624 --a--c--- C:\WINDOWS\system32\drivers\aavmker4.sys

2007-08-22 20:48 23,152 --a--c--- C:\WINDOWS\system32\drivers\aswRdr.sys

2007-08-22 20:48 <DIR> d----c--- C:\Arquivos de programas\Alwil Software

2007-08-22 19:53 93,184 --a--c--- C:\WINDOWS\system32\wvjava.dll

2007-08-22 17:44 50,824 --a--c--- C:\WINDOWS\system32\drivers\tmevtmgr.sys

2007-08-22 17:44 42,760 --a--c--- C:\WINDOWS\system32\drivers\tmactmon.sys

2007-08-22 17:44 132,872 --a--c--- C:\WINDOWS\system32\drivers\tmcomm.sys

2007-08-22 17:42 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Trend Micro

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-16 14:37 --------- d----c--- C:\DOCUME~1\gigabyte\DADOSD~1\Orbit

2007-09-16 12:39 --------- d----c--- C:\DOCUME~1\gigabyte\DADOSD~1\Skype

2007-09-15 12:04 --------- d--h-c--- C:\Arquivos de programas\InstallShield Installation Information

2007-09-14 11:01 --------- d----c--- C:\DOCUME~1\gigabyte\DADOSD~1\Atari

2007-09-14 11:00 43520 --a--c--- C:\WINDOWS\system32\CmdLineExt03.dll

2007-09-07 02:34 --------- d----c--- C:\DOCUME~1\gigabyte\DADOSD~1\.BitZip

2007-09-01 15:10 --------- d----c--- C:\Arquivos de programas\Orbitdownloader

2007-08-29 17:04 --------- d----c--- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

2007-08-29 17:04 --------- d----c--- C:\Arquivos de programas\Skype

2007-08-22 19:54 --------- d----c--- C:\Arquivos de programas\Programador de Modem

2007-08-22 19:39 --------- d----c--- C:\Arquivos de programas\TurboADSL

2007-08-04 02:49 --------- d----c--- C:\Arquivos de programas\DirectX Aug2007

2007-08-03 01:00 --------- d----c--- C:\Arquivos de programas\Windows Media Connect 2

2007-08-03 00:42 --------- d----c--- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-08-02 21:57 --------- d----c--- C:\Arquivos de programas\No-IP

2007-08-02 14:12 --------- d----c--- C:\DOCUME~1\gigabyte\DADOSD~1\Netscape

2007-08-02 14:11 --------- d----c--- C:\DOCUME~1\gigabyte\DADOSD~1\Lavasoft

2007-07-31 15:33 65936 --a--c--- C:\WINDOWS\system32\drivers\tmtdi.sys

2007-07-31 15:32 36112 --a--c--- C:\WINDOWS\system32\drivers\tmpreflt.sys

2007-07-31 15:32 333328 --a--c--- C:\WINDOWS\system32\drivers\TM_CFW.sys

2007-07-31 15:32 203024 --a--c--- C:\WINDOWS\system32\drivers\tmxpflt.sys

2007-07-31 15:32 1126328 --a--c--- C:\WINDOWS\system32\drivers\vsapint.sys

2007-07-30 19:19 92504 --a--c--- C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a--c--- C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a--c--- C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a--c--- C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a--c--- C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a--c--- C:\WINDOWS\system32\wups.dll

2007-07-25 22:57 --------- d----c--- C:\DOCUME~1\gigabyte\DADOSD~1\Neopets Toolbar

2007-07-20 00:57 267112 --a--c--- C:\WINDOWS\system32\xactengine2_9.dll

2007-07-20 00:54 18280 --a--c--- C:\WINDOWS\system32\x3daudio1_2.dll

2007-07-19 18:14 444776 --a--c--- C:\WINDOWS\system32\d3dx10_35.dll

2007-07-19 18:14 3727720 --a--c--- C:\WINDOWS\system32\d3dx9_35.dll

2007-07-19 18:14 1358192 --a--c--- C:\WINDOWS\system32\D3DCompiler_35.dll

2007-06-26 02:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-20 20:46 266088 --a--c--- C:\WINDOWS\system32\xactengine2_8.dll

2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-19 09:08 47892 --a--c--- C:\WINDOWS\system32\plugin.scr

2007-03-30 16:02 81920 --a--c--- C:\DOCUME~1\gigabyte\DADOSD~1\ezpinst.exe

2007-03-30 16:02 47360 --a--c--- C:\DOCUME~1\gigabyte\DADOSD~1\pcouffin.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A9048E1-BAE2-872F-7EE7-1E3D8A6F12E5}]

C:\DOCUME~1\gigabyte\DADOSD~1\PUREBA~1\hide base.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-02 22:29]

"nwiz"="nwiz.exe" [2004-03-02 22:29 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-03-02 22:29]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

"SpeedTouch USB Diagnostics"="C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 10:02]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2006-08-16 12:20]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-06-19 09:26]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]

"borefragtrayace"="C:\Documents and Settings\All Users\Dados de aplicativos\Drv Admin Bore Frag\each phone.exe" []

"Discador iG"="C:\Arquivos de programas\iGv6\Discador iG.exe" []

"UfSeAgnt.exe"="C:\Arquivos de programas\Trend Micro\Internet Security\UfSeAgnt.exe" []

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03]

"ClientGW"="" []

"eSnips"="C:\Arquivos de programas\eSnips\ClientGW.exe" []

"DAEMON Tools-1033"="C:\Arquivos de programas\D-Tools\daemon.exe" [2004-08-22 17:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-05-17 13:11]

"SysBrand"="C:\ARQUIV~1\iGv6\sysbrand.exe" []

"OE"="C:\Arquivos de programas\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" []

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2007-08-17 03:45]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"OE"=C:\Arquivos de programas\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1\INICIA~1\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2007-08-03 23:21:42]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^gigabyte^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.0.lnk]

path=C:\Documents and Settings\gigabyte\Menu Iniciar\Programas\Inicializar\BrOffice.org 2.0.lnk

backup=C:\WINDOWS\pss\BrOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^gigabyte^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

path=C:\Documents and Settings\gigabyte\Menu Iniciar\Programas\Inicializar\hamachi.lnk

backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\biastons]

C:\DOCUME~1\gigabyte\DADOSD~1\SLOWSE~1\Bind Boob Drive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccHelp]

C:\WINDOWS\SYSTEM32\help32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

C:\Arquivos de programas\ICQLite\ICQLite.exe -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\WINDOWS\server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My_Love]

C:\Arquivos de programas\My_Love.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

"C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spyprodetector]

C:\Arquivos de programas\Spyware Process Detector\spydetector.exe TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system32EIVF Agent]

C:\WINDOWS\system32EIVF.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zidkon 3.0]

C:\WINDOWS\system32\server.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ ]

C:\WINDOWS\sysuatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WLSetupSvc"=3 (0x3)

"usnjsvc"=3 (0x3)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"Macromedia Licensing Service"=3 (0x3)

"gusvc"=3 (0x3)

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

R2 tmactmon;tmactmon;\??\C:\WINDOWS\system32\drivers\tmactmon.sys

R2 tmevtmgr;tmevtmgr;\??\C:\WINDOWS\system32\drivers\tmevtmgr.sys

R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys

R3 alcan5ln;Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS

S2 SfCtlCom;SfCtlCom;"C:\Arquivos de programas\Trend Micro\Internet Security\SfCtlCom.exe"

S2 spydetector;spydetector;\??\C:\Arquivos de programas\Spyware Process Detector\spydetector.sys

S2 TMBMServer;Trend Micro Behavior Monitor Service;C:\Arquivos de programas\Trend Micro\BM\TMBMSRV.exe /service

S3 KIKIDRIVER;KIKIDRIVER;\??\C:\Documents and Settings\gigabyte\Meus documentos\Downloads\Kiki_Uce\Kiki Uce\kiki.sys

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]

C:\WINDOWS\system32\server.exe s

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-09-16 18:00:00 C:\WINDOWS\Tasks\A93D7D949196EDF8.job"

- c:\docume~1\gigabyte\dadosd~1\slowse~1\LOUD JUMP WARN.exe

"2007-09-16 16:39:21 C:\WINDOWS\Tasks\startt.job"

- c:\start.bat

.

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-16 14:38:55

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-09-16 14:39:42

.

--- E O F ---

ALGUÉM ME AJUDA AÊE?

Grato

Amanenti · Setembro 16, 2007

Boa Tarde;Toda vez que eu clico com o botão direito em alguma coisa, aparece Trend Micro Interter SecurityPlease wait while Windows configuresTrend Micro Internet Security CancelAlguém me ajuda!Grato

DigRam · Setembro 16, 2007

Boa Tarde Amanenti!

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares!!

>@< Dê um duplo clique no Bankerfix.exe,depois Enter. Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

>@< Poste o relatorio.txt do BankerFix que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

Abraços!

Amanenti · Setembro 16, 2007

Boa Tarde DigRam ;P

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 16/9/2007 - 15:14

-------------------------------------------------------

Lista de Definição: 2007-09-09-1

=======================================================

Arquivo infectado detectado: C:\WINDOWS\system32\fotos

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\WINDOWS\Tasks\startt.job

Arquivo infectado removido com sucesso!

Killando arquivos em Help

-----------------------------------

Killing '*'

Removendo Arquivos em Help

-----------------------------------

----- Fim -------------------------

Daí tipo. Há um tempo atrás, eu instalei o Trend Micro no meu pc.

Meu pc não aguentou o peso, tentei remover, o programa não deixava.

Ele ficava reeiniciando meu pc.

Daí, eu exclui a pasta Trend Micro do C:/Arquivos de Programas

Daí sempre que eu dou clique direito do mouse aparece que está instalando o Trend Micro Internet Security

Que deixa meu pc lerdo.

Grato.

__________________________________