[Resolvido!]Site abre para baixar antivirus WinAntivirus Pro 2006

[bribasam 0]

Colegas,

 

Acredito que muitos já tiveram esse problema, o fato é que o Windows explorer abre com para baixar o tal WinAntivirus Pro 2006, depois um tal de Erro, aparece também uma janela para instalar o tal Error, como imaginei ser um virus ou algo parecido, bloquei o Winexplorer no firewall do norton. Sim o norton também informa que um tal de downloader foi bloqueado, não sei se está relacionado ao WinAntivirus Pro, segue abaixo meu logo do hijackthis:

 

Favor informar novas ferramentas caso necessário

 

Obrigado

 

Logfile of HijackThis v1.99.1

Scan saved at 20:57:07, on 16/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\NetLimiter 2 Monitor\nlsvc.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe

C:\Arquivos de programas\Dell\MediaDirect\PCMService.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\NetLimiter 2 Monitor\NLClient.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\Arquivos de programas\BrOffice.org 2.2\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.2\program\soffice.BIN

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Arquivos de programas\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

O4 - HKLM\..\Run: [VMware hqtray] "C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\ywykoqmg.dll",forkonce

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.sisdera.com/stream/ampx2.6.1.11_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DA3D84EA-7C87-4FA7-9278-4859D379E119}: NameServer = 10.100.52.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Arquivos de programas\NetLimiter 2 Monitor\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Arquivos de programas\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[DigRam 144]

Boa Noite bribasam!

 

>@< Faça o download do VundoFix.

>@< Salve-o no Desktop!

>@< Execute o VundoFix.exe

>@< Quando o VundoFix abrir,novamente, clique em Scan for Vundo.

>@< Quando ele terminar, clique em Remove Vundo.

>@< Você receberá um prompt perguntando se quer remover os arquivos. Confirme!

>@< Sua área de trabalho vai desaparecer!

>@< Surgirá um aviso dizendo que seu computador deve ser desligado.

>@< Clique em OK e depois,ligue o computador novamente!

>@< É possível que o VundoFix encontre um arquivo, mas não consiga removê-lo. Se isso acontecer, a ferramenta rodará ao reiniciar.

>@< Quando o VundoFix aparecer, clique no botão Scan for Vundo para repetir o processo.

>@< Quando o VundoFix não encontrar mais nenhum arquivo,que não consiga remover,poste o seu relatório ( Log ) que se encontra em C:\Vundofix.txt

>@< Poste,também,um nôvo Log do HijackThis.

 

Abraços!

[bribasam 0]

Boa noite DigRam,

 

Fiz tudo conforme suas orientações o Windows Explorer continua tentando acessar a internet, sorte minha que o norton está bloqueando o WinEX e o tal downloader

 

veja os log abaixo:

 

LOG DO VUNDOFIX

 

VundoFix V6.5.8

 

Checking Java version...

 

Sun Java not detected

Scan started at 17:06:32 19/9/2007

 

Listing files found while scanning....

 

C:\windows\system32\gjrliqbj.ini

C:\windows\system32\jbqilrjg.dll

C:\windows\system32\jsrickfl.dll

C:\WINDOWS\system32\ktqtoumt.dll

C:\windows\system32\lfkcirsj.ini

C:\windows\system32\rmxnhbyx.dll

C:\windows\system32\tmuotqtk.ini

C:\windows\system32\xybhnxmr.ini

 

Beginning removal...

 

Attempting to delete C:\windows\system32\gjrliqbj.ini

C:\windows\system32\gjrliqbj.ini Has been deleted!

 

Attempting to delete C:\windows\system32\jbqilrjg.dll

C:\windows\system32\jbqilrjg.dll Has been deleted!

 

Attempting to delete C:\windows\system32\jsrickfl.dll

C:\windows\system32\jsrickfl.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ktqtoumt.dll

C:\WINDOWS\system32\ktqtoumt.dll Has been deleted!

 

Attempting to delete C:\windows\system32\lfkcirsj.ini

C:\windows\system32\lfkcirsj.ini Has been deleted!

 

Attempting to delete C:\windows\system32\rmxnhbyx.dll

C:\windows\system32\rmxnhbyx.dll Has been deleted!

 

Attempting to delete C:\windows\system32\tmuotqtk.ini

C:\windows\system32\tmuotqtk.ini Has been deleted!

 

Attempting to delete C:\windows\system32\xybhnxmr.ini

C:\windows\system32\xybhnxmr.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.8

 

Checking Java version...

 

Sun Java not detected

Scan started at 17:16:19 19/9/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\oehfjydw.dll

C:\WINDOWS\system32\wdyjfheo.ini

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\oehfjydw.dll

C:\WINDOWS\system32\oehfjydw.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\wdyjfheo.ini

C:\WINDOWS\system32\wdyjfheo.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\oehfjydw.dll

C:\WINDOWS\system32\oehfjydw.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.8

 

Checking Java version...

 

Sun Java not detected

Scan started at 17:37:33 19/9/2007

 

Listing files found while scanning....

 

No infected files were found.

 

 

VundoFix V6.5.8

 

Checking Java version...

 

Sun Java not detected

Scan started at 18:38:48 19/9/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\cqccrmqx.dll

C:\WINDOWS\system32\xqmrccqc.ini

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\cqccrmqx.dll

C:\WINDOWS\system32\cqccrmqx.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\xqmrccqc.ini

C:\WINDOWS\system32\xqmrccqc.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\cqccrmqx.dll

C:\WINDOWS\system32\cqccrmqx.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.5.8

 

Checking Java version...

 

Sun Java not detected

Scan started at 18:51:34 19/9/2007

 

Listing files found while scanning....

 

No infected files were found.

 

 

LOG DO HIJACKTHIS

 

Logfile of HijackThis v1.99.1

Scan saved at 18:59:59, on 19/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Dell\MediaDirect\PCMService.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Paltalk Messenger\palstart.exe

C:\Arquivos de programas\BrOffice.org 2.2\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.2\program\soffice.BIN

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

C:\Arquivos de programas\NetLimiter 2 Monitor\nlsvc.exe

D:\Documentos Jean\Download\VundoFix.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\NetLimiter 2 Monitor\NLClient.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Arquivos de programas\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

O4 - HKLM\..\Run: [VMware hqtray] "C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [systemOptimizer] rundll32.exe "C:\WINDOWS\system32\qldsohcu.dll",forkonce

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe

O4 - Global Startup: PalStart.lnk = C:\Arquivos de programas\Paltalk Messenger\palstart.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.sisdera.com/stream/ampx2.6.1.11_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DA3D84EA-7C87-4FA7-9278-4859D379E119}: NameServer = 10.100.52.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Arquivos de programas\NetLimiter 2 Monitor\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Arquivos de programas\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[DigRam 144]

Bom Dia bribasam!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[bribasam 0]

Bom Dia DigRam

 

Segue log abaixo

 

LOG COMBOFIX

 

ComboFix 07-09-20.1 - "briba sam" 2007-09-20 6:44:47.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.562 [GMT -3:00]

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\check_LSA7.txt

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\hhhkj.bak2

C:\WINDOWS\system32\hhhkj.ini

C:\WINDOWS\system32\hhhkj.ini2

C:\WINDOWS\system32\hhhkj.tmp

C:\WINDOWS\system32\jkhhh.dll

C:\WINDOWS\system32\winbjt32.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\nm

 

 

((((((((((((((((((((((((( Files Created from 2007-08-20 to 2007-09-20 )))))))))))))))))))))))))))))))

.

 

2007-09-20 06:43 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-19 17:06 <DIR> d-------- C:\VundoFix Backups

2007-09-18 14:18 30,768 -ra------ C:\WINDOWS\system32\drivers\vmusb.sys

2007-09-16 20:51 <DIR> d-------- C:\hijackthis

2007-09-15 17:21 <DIR> d-------- C:\WINDOWS\pss

2007-09-15 15:33 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Dados de aplicativos

2007-09-15 15:33 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menu Iniciar

2007-09-15 15:33 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Modelos

2007-09-15 15:33 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Configura‡äes locais

2007-09-15 15:33 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de rede

2007-09-15 15:33 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Ambiente de impressÆo

2007-09-15 15:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Meus documentos

2007-09-15 15:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritos

2007-09-10 16:48 <DIR> d-------- C:\DOCUME~1\JEANRI~1\DADOSD~1\VMware

2007-09-10 16:35 25,264 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys

2007-09-10 16:35 16,816 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys

2007-09-10 16:35 150,320 --a------ C:\WINDOWS\system32\vmnat.exe

2007-09-10 16:35 13,104 -ra------ C:\WINDOWS\system32\vnetinst.dll

2007-09-10 16:35 121,648 --a------ C:\WINDOWS\system32\vmnetdhcp.exe

2007-09-10 16:35 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DADOSD~1\VMware

2007-09-10 16:34 50,992 -ra------ C:\WINDOWS\system32\vmnetbridge.dll

2007-09-10 16:34 437,040 --a------ C:\WINDOWS\system32\vnetlib.dll

2007-09-10 16:34 28,592 -ra------ C:\WINDOWS\system32\drivers\vmnetbridge.sys

2007-09-10 16:34 21,040 --a------ C:\WINDOWS\system32\drivers\VMkbd.sys

2007-09-10 16:34 17,712 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys

2007-09-10 16:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\VMware

2007-09-10 16:32 <DIR> d-------- C:\Arquivos de programas\VMware

2007-09-10 16:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\VMware

2007-09-06 06:46 <DIR> d-------- C:\DOCUME~1\TENRIC~1\Meus documentos

2007-08-23 15:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nullsoft

2007-08-23 15:28 <DIR> d-------- C:\DOCUME~1\JEANRI~1\DADOSD~1\Locktime

2007-08-23 15:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Locktime

2007-08-23 15:25 <DIR> d-------- C:\Arquivos de programas\NetLimiter 2 Monitor

2007-08-23 11:36 <DIR> d-------- C:\Arquivos de programas\Elaborate Bytes

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-20 06:52 --------- d-------- C:\DOCUME~1\JEANRI~1\DADOSD~1\BrOffice.org2

2007-09-20 06:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec

2007-09-18 14:50 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-09-18 14:50 60800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2007-09-18 14:50 123952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-09-18 14:50 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-09-18 14:50 --------- d-------- C:\Arquivos de programas\Symantec

2007-09-18 14:00 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2007-09-11 13:44 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

2007-08-29 21:50 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-13 21:19 --------- d-------- C:\DOCUME~1\JEANRI~1\DADOSD~1\U3

2007-08-02 14:33 --------- d-------- C:\Arquivos de programas\Boson Software

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-26 12:03 --------- d-------- C:\Arquivos de programas\Audacity

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-20 18:08 93128 --a------ C:\WINDOWS\system32\ElbyCDIO.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]

"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"SynTPEnh"="C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48]

"PCMService"="C:\Arquivos de programas\Dell\MediaDirect\PCMService.exe" [2007-05-02 18:16]

"Symantec PIF AlertEng"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]

"Dell QuickSet"="C:\Arquivos de programas\Dell\QuickSet\quickset.exe" [2006-08-03 18:51]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"VirtualCloneDrive"="C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 10:21]

"vmware-tray"="C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe" [2007-05-01 22:52]

"VMware hqtray"="C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe" [2007-05-01 22:52]

"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2007-01-09 18:59]

"osCheck"="C:\Arquivos de programas\Norton Internet Security\osCheck.exe" [2007-01-13 20:11]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 12:44]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 12:45]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 12:41]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 09:00]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

 

C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1\INICIA~1\

PalStart.lnk - C:\Arquivos de programas\Paltalk Messenger\palstart.exe [2007-05-25 14:55:33]

 

C:\DOCUME~1\JEANRI~1\MENUIN~1\PROGRA~1\INICIA~1\

BrOffice.org 2.2.lnk - C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe [2007-03-31 09:58:36]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSharedDocuments"=1 (0x1)

 

R1 nltdi;nltdi;\??\C:\WINDOWS\system32\drivers\nltdi.sys

R2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;"C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;\??\C:\Arquivos de programas\VMware\VMware Workstation\vstor2-ws60.sys

R3 vmkbd;VMware kbd;\??\C:\WINDOWS\system32\drivers\VMkbd.sys

S3 ufad-ws60;VMware Agent Service;"C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Arquivos de programas\VMware\VMware Workstation\\" -s ufad-p2v.xml

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

AutoRun\command- H:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa7fbddf-3974-11dc-95a1-0015c5706d0c}]

AutoRun\command- H:\LaunchU3.exe

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2007-08-20 23:27:26 C:\WINDOWS\Tasks\Norton Internet Security - Verificação completa no sistema - Briba Sam.job"

.

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-20 06:52:15

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-09-20 6:53:00 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-09-20 06:53

.

--- E O F ---

 

LOG HIJACKTHIS

 

Logfile of HijackThis v1.99.1

Scan saved at 07:02:21, on 20/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

C:\Arquivos de programas\NetLimiter 2 Monitor\nlsvc.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\Arquivos de programas\NetLimiter 2 Monitor\NLClient.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Dell\MediaDirect\PCMService.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Paltalk Messenger\palstart.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\BrOffice.org 2.2\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.2\program\soffice.BIN

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Arquivos de programas\Symantec\LiveUpdate\AUPDATE.EXE

C:\Arquivos de programas\Symantec\LiveUpdate\LuCallbackProxy.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Arquivos de programas\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

O4 - HKLM\..\Run: [VMware hqtray] "C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe

O4 - Global Startup: PalStart.lnk = C:\Arquivos de programas\Paltalk Messenger\palstart.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.sisdera.com/stream/ampx2.6.1.11_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DA3D84EA-7C87-4FA7-9278-4859D379E119}: NameServer = 10.100.52.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Arquivos de programas\NetLimiter 2 Monitor\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Arquivos de programas\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

[DigRam 144]

Bom Dia bribasam!

 

>@< Faça o download do SmitfraudFix.

>@< Salve-o no Disco Local-C e descompacte-o aí mesmo,enviando o executável ( SmitfraudFix.cmd ),para o Desktop.

>@< Reinicie o computador em Modo de Segurança!

>@< Execute o SmitfraudFix.cmd <!>

>@< Aperte a opção 2 >> Enter.

>@< Quando aparecer a mensagem: Do you want to clean the registry,aperte a opção Y >> Enter.

>@< Reinicie,normalmente,o computador!

>@< Caso tenha ocorrido mudanças,no desktop,corrija nas propriedades de vídeo.( Tema )

>@< Copie o Log ( rapport.txt ) e poste,na sua resposta + HijackThis,atualizado.

 

Abraços!

[bribasam 0]

Boa Tarde DigRam,

 

Após o combofix, aparentemente o tal Winantivirus Pro, não apareceu mais, realmente é uma praga.

 

Estou te enviando abaixo os logs solicitado, também estou te enviando um log chamado ComboFix-quarantined-files.txt, que o ComboFix criou, a proposito posso deletar esse arquivos:

 

LOG DO SMITFRAUDFIX

 

SmitFraudFix v2.226

 

Scan done at 15:24:26,60, --- 21/09/2007

Run from C:\SmitfraudFix

OS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{286771CD-DF78-4BAF-92AA-7B38D79C7C9E}: DhcpNameServer=192.168.3.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DA3D84EA-7C87-4FA7-9278-4859D379E119}: NameServer=10.100.52.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{286771CD-DF78-4BAF-92AA-7B38D79C7C9E}: DhcpNameServer=192.168.3.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{DA3D84EA-7C87-4FA7-9278-4859D379E119}: NameServer=10.100.52.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{286771CD-DF78-4BAF-92AA-7B38D79C7C9E}: DhcpNameServer=192.168.3.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{DA3D84EA-7C87-4FA7-9278-4859D379E119}: NameServer=10.100.52.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.3.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

LOG DO HIJACKTHIS ATUALIZADO

 

Logfile of HijackThis v1.99.1

Scan saved at 15:43:11, on 21/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\Arquivos de programas\Dell\MediaDirect\PCMService.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Dell Network Assistant\ezi_hnm2.exe

C:\Arquivos de programas\Paltalk Messenger\palstart.exe

C:\Arquivos de programas\BrOffice.org 2.2\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.2\program\soffice.BIN

C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Dell Network Assistant\hnm_svc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

C:\Arquivos de programas\NetLimiter 2 Monitor\nlsvc.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\Arquivos de programas\NetLimiter 2 Monitor\NLClient.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\hijackthis\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Arquivos de programas\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

O4 - HKLM\..\Run: [VMware hqtray] "C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Arquivos de programas\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: PalStart.lnk = C:\Arquivos de programas\Paltalk Messenger\palstart.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.sisdera.com/stream/ampx2.6.1.11_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DA3D84EA-7C87-4FA7-9278-4859D379E119}: NameServer = 10.100.52.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Arquivos de programas\Dell Network Assistant\hnm_svc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Arquivos de programas\NetLimiter 2 Monitor\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Arquivos de programas\VMware\VMware Workstation\\" -s ufad-p2v.xml (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

LOG DO ARQUIVO COMBOFIX-QUARANTINED-FILES.TXT

 

2007-07-08 21:23	  15399	--a------	C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir2007-09-10 16:46	  20992	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\winbjt32.dll.vir2007-09-10 16:56	  244832	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\jkhhh.dll.vir2007-09-18 15:51	  637916	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\hhhkj.ini.vir2007-09-19 16:58	  644807	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\hhhkj.tmp.vir2007-09-19 18:57	  77	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir2007-09-19 19:25	  648714	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\hhhkj.bak2.vir2007-09-20 06:35	  3710	--a------	C:\Qoobox\Quarantine\C\check_LSA7.txt.vir2007-09-20 06:47	  352	--a------	C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.dat2007-09-20 06:47	  418	--a------	C:\Qoobox\Quarantine\catchme.log2007-09-20 06:47	  449596	--a------	C:\Qoobox\Quarantine\catchme2007-09-20_ 65206.85.zip2007-09-20 06:47	  639573	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\hhhkj.ini2.virListagem de caminhos de pastaO n£mero de s‚rie do volume ‚ 0053-315EC:\QOOBOX\QUARANTINE|   catchme.log|   catchme2007-09-20_ 65206.85.zip|   +---C|   |   check_LSA7.txt.vir|   |   |   +---ComboFix|   |	   FProps.vbs.vir|   |	   |   \---WINDOWS|	   |   cookies.ini.vir|	   |   |	   \---system32|			   hhhkj.bak2.vir|			   hhhkj.ini.vir|			   hhhkj.ini2.vir|			   hhhkj.tmp.vir|			   jkhhh.dll.vir|			   winbjt32.dll.vir|			   \---Registry_backups		services_nm.reg.dat

 

 

Posso Deletar o diretório C:\QOOBOX\QUARANTINE ?

 

Lembro que após o ComboFix o micro passou a se comportar bem

 

 

Abraços

[DigRam 144]

Boa Noite bribasam!

 

Posso Deletar o diretório C:\QOOBOX\QUARANTINE ?

Lembro que após o ComboFix o micro passou a se comportar bem

>@< Sim,pode!

>@< Delete,também:

 

C:\VundoFix\backups

C:\SmitfraudFix\backups

______________________

 

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Executar cleaner.

>@< Terminando,clique em Erros >> Procurar erros >> Corrigir erros.

______________________

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< O Log está Limpo!

>@< Bom trabalho!

 

Abraços!

[bribasam 0]

Boa Tarde DigRam,Acredito que agora está 100%.Muito obrigado pela atenção e conhecimentosAbraçosBribaSam

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.