[Arquivado]Provavel Vírus.

[demoniohf 0]

Seguinte, meu pc começou a ficar um pouco estranho, derrepente parece que na minha conta de administrador eu perdi os acessos de administração, varios programas que tento instalar mandam eu entrar como modo administrador(até a atualização do firefox da versão 2.0.0.6 para 2.0.0.7 encheu o saco).

Eu coloquei o AVG Anti-root kit e ele localizou o rosa.sys. Tirei ele, e ele voltou. Instalei o Nod32 e o AVG Anti virus e removi com os 2 de todo o meu computador, usei também o regedit procurando tudo sobre o rosa.sys para remover esse root kit.

Mas agora meu pc tá bem instavel, meu msn sobrecarrega toda vez que abro ele, usando todo o processamento do meu cpu, mas estando travado. Meu Nod32 e meu AVG já não localizam mais virus nenhum no HD/Memoria.

O que pode estar acontecendo? Ai segue o log do HijackThis. Espero que possam me ajudar.

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 23:52:30, on 23/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\ekrn.exe

C:\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Program Files\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe

C:\Arquivos de programas\Trillian\trillian.exe

C:\Program Files\Borland\InterBase\bin\ibserver.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\Rodrigo\Desktop\HiJackThis_v2.exe

C:\Arquivos de programas\MSN Messenger\livecall.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: (no name) - {3F583DD1-43B0-4AFE-8482-42B901D8A7DE} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {58A06FB7-2878-419B-B54C-77A2A731C539} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AC591F79-835E-4C1B-B2B8-5EDA8E98A79C} - (no file)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: 0 - {BF3A48E7-039F-4ABD-1BBE-DC8C3F51CAAA} - (no file)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [µTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Trillian.lnk = C:\Arquivos de programas\Trillian\trillian.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176160542703

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL

O20 - Winlogon Notify: sstqo - C:\WINDOWS\

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - Eset - C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IBExpertBackupRestore - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertBackupRestore\hkIBRS.exe

O23 - Service: IBExpertSQLMonitor - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertMonitor\hkProxy.exe

O23 - Service: IBExpertSQLMonitorDB - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertMonitor\StatToDB.exe

O23 - Service: IBExpertSQLMonitorHtmlMaker - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertMonitor\StatToHtml.exe

O23 - Service: IBExpertTransactionMonitor - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertTransactionMonitor\hkTRmon.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: MySQL - Unknown owner - C:\MySQL\MySQL.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NNServ - Unknown owner - C:\Arquivos de programas\NewDotNet\nnrun.exe (file missing)

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Arquivos de programas\No-IP\DUC20.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe (file missing)

O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O24 - Desktop Component 0: (no name) - C:\Arquivos de programas\ComPlus Applications\profsywuyprem.html

 

--

End of file - 16949 bytes

[demoniohf 0]

Se alguem puder olhar o log, falar se tá td certo ou n, eu agradeço.Estou esperando a resposta para fazer novas tentativas, e caso não funcionar, gravar td em dvd's e formatar essa krroça =/

[jgarcia 1]

Opa demoniohf,

 

Siga as instruções deste tutorial e retorne com o resultado.

 

Poste ainda um novo log do HijackThis.

 

Abraços.

[demoniohf 0]

Fri May 25 22:52:33 2007

EliBagle v10.39 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\DOCUMENTS AND SETTINGS\RODRIGO\DADOS DE APLICATIVOS\HIDIRES\HIDR.EXE --> Eliminado Bagle

C:\DOCUMENTS AND SETTINGS\RODRIGO\DADOS DE APLICATIVOS\HIDIRES\M_HOOK.SYS --> Eliminado Bagle (rootkit)

C:\WINDOWS\SYSTEM32\HLDRRR.EXE --> Bagle.dldr Renombrado a .VIR

Eliminada Carpeta "%WinDir%\exefld"

Restaurada Clave: "SafeBoot\Minimal y Network"

 

Fri May 25 22:53:19 2007

EliBagle v10.39 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\eMule\Incoming\BPMCHECKER 3(1).ZIP --> Eliminado Bagle.dldr

C:\Arquivos de programas\eMule\Incoming\BPMCHECKER 3.EXE --> Eliminado Bagle.dldr

C:\Arquivos de programas\eMule\Incoming\BPMCHECKER 3.ZIP --> Eliminado Bagle.dldr

 

Fri May 25 23:11:14 2007

EliBagle v10.39 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\HLDRRR.EXE.VIR --> Eliminado

Eliminada Carpeta "%AppData%\Hidires"

 

Fri May 25 23:11:59 2007

EliBagle v10.39 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Sat May 26 14:36:36 2007

EliBagle v10.39 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

Por favor, envienos una muestra del fichero

C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.39

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\HLDRRR.EXE --> Eliminado Bagle

Eliminada Carpeta "%WinDir%\exefld"

 

Sat May 26 14:36:40 2007

EliBagle v10.39 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Mon Sep 24 18:38:59 2007

EliBagle v10.57 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

Eliminada Carpeta "%WinDir%\exefld"

Restaurada Clave: "SafeBoot\Minimal y Network"

 

Mon Sep 24 18:39:08 2007

EliBagle v10.57 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Mon Sep 24 22:44:59 2007

EliBagle v10.57 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

 

Mon Sep 24 22:45:02 2007

EliBagle v10.57 ©2007 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

----------------------------------------------------------------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 23:52:12, on 24/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\ekrn.exe

C:\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Program Files\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\Borland\InterBase\bin\ibserver.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe

C:\Arquivos de programas\Trillian\trillian.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Rodrigo\Desktop\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: (no name) - {3F583DD1-43B0-4AFE-8482-42B901D8A7DE} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {58A06FB7-2878-419B-B54C-77A2A731C539} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AC591F79-835E-4C1B-B2B8-5EDA8E98A79C} - (no file)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: 0 - {BF3A48E7-039F-4ABD-1BBE-DC8C3F51CAAA} - (no file)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [µTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2052111302-329068152-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Casa')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-21-2052111302-329068152-725345543-1004 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (User 'Casa')

O4 - S-1-5-21-2052111302-329068152-725345543-1004 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (User 'Casa')

O4 - Startup: Trillian.lnk = C:\Arquivos de programas\Trillian\trillian.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176160542703

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL

O20 - Winlogon Notify: sstqo - C:\WINDOWS\

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - Eset - C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IBExpertBackupRestore - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertBackupRestore\hkIBRS.exe

O23 - Service: IBExpertSQLMonitor - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertMonitor\hkProxy.exe

O23 - Service: IBExpertSQLMonitorDB - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertMonitor\StatToDB.exe

O23 - Service: IBExpertSQLMonitorHtmlMaker - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertMonitor\StatToHtml.exe

O23 - Service: IBExpertTransactionMonitor - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertTransactionMonitor\hkTRmon.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: MySQL - Unknown owner - C:\MySQL\MySQL.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NNServ - Unknown owner - C:\Arquivos de programas\NewDotNet\nnrun.exe (file missing)

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Arquivos de programas\No-IP\DUC20.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe (file missing)

O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O24 - Desktop Component 0: (no name) - C:\Arquivos de programas\ComPlus Applications\profsywuyprem.html

 

--

End of file - 17357 bytes

 

jgarcia, mto obrigado por responder, aguardo a analize do 2° log.

[jgarcia 1]

Opa demoniohf,

 

Baixe o ComboFix em:

ComboFix

 

1) Dê um duplo-clique no combofix.exe e tecle "Y" para prosseguir. O processo vai durar, em média, 10 minutos;

2) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

3) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

4) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

5) Para parar ou sair do ComboFix, tecle "N";

6) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[demoniohf 0]

ComboFix 07-09-21.2 - "Rodrigo" 2007-09-25 16:52:11.1 - NTFS x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.477 [GMT -3:00]

C:\WINDOWS\system32\chkdsk.exe está faltando

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\Arquivos comuns\{304AB~1

C:\Arquivos de programas\Arquivos comuns\{B04AB~1

C:\Arquivos de programas\ComPlus Applications\profsywuyprem.html

C:\DOCUME~1\Luiz\DADOSD~1\hidires

C:\DOCUME~1\Rodrigo\DADOSD~1\Dxccwrd.dll

C:\DOCUME~1\Rodrigo\DADOSD~1\Dxcdmns.dll

C:\DOCUME~1\Rodrigo\DADOSD~1\Dxcknwrd.dll

C:\DOCUME~1\Rodrigo\DADOSD~1\Dxcuknwrd.dll

C:\WINDOWS\system32\bund1

C:\WINDOWS\system32\bund1\temp.txt

C:\WINDOWS\system32\Cfx32.lic

C:\WINDOWS\system32\cfx32.ocx

C:\WINDOWS\system32\drivers\core.cache.dsk

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_CLIENT_IP-IPX

-------\LEGACY_CORE

-------\LEGACY_M_HOOK

-------\LEGACY_NNSERV

-------\LEGACY_ROSA

-------\LEGACY_SROSA

-------\Client IP-IPX

-------\core

-------\NNServ

 

 

((((((((((((((((((((((((( Files Created from 2007-08-25 to 2007-09-25 )))))))))))))))))))))))))))))))

.

 

2007-09-25 16:51 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-25 00:21 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2007-09-24 19:49 <DIR> d-------- C:\ruby

2007-09-23 11:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Eset

2007-09-22 19:32 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys

2007-09-22 18:50 <DIR> d-------- C:\Arquivos de programas\Greatis

2007-09-22 15:20 <DIR> d-------- C:\Inprise

2007-09-21 21:21 225,280 --a------ C:\WINDOWS\system32\rewire.dll

2007-09-21 21:21 <DIR> d-------- C:\Arquivos de programas\ASIO4ALL v2

2007-09-21 21:18 <DIR> d-------- C:\Arquivos de programas\Image-Line

2007-09-21 09:17 28,680 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys

2007-09-21 09:15 33,288 --a------ C:\WINDOWS\system32\drivers\eamon.sys

2007-09-21 09:15 25,096 --a------ C:\WINDOWS\system32\drivers\easdrv.sys

2007-09-20 23:27 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2007-09-20 23:20 335 --a------ C:\WINDOWS\mozregistry.dat

2007-09-20 20:14 <DIR> d-------- C:\Arquivos de programas\FreeRIP3

2007-09-19 22:27 47,104 --a------ C:\WINDOWS\system32\D2HTLS32.DLL

2007-09-19 22:27 299,008 --a------ C:\WINDOWS\system32\SKY32V3C.DLL

2007-09-19 22:27 28,976 --a------ C:\WINDOWS\system32\D2HTOOLS.DLL

2007-09-19 22:27 <DIR> d-------- C:\Arquivos de programas\Cosmi

2007-09-19 22:27 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Cosmi

2007-09-19 20:54 <DIR> d-------- C:\OtsLabs

2007-09-19 19:07 <DIR> d-------- C:\vcs4sample

2007-09-19 18:00 <DIR> d-------- C:\Arquivos de programas\AV Vcs 5.0 DIAMOND

2007-09-19 17:47 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL

2007-09-19 17:47 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2007-09-19 17:47 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE

2007-09-19 17:47 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2007-09-19 17:47 <DIR> d-------- C:\Arquivos de programas\Visiosonic

2007-09-19 17:26 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2007-09-19 17:26 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-09-19 17:26 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

2007-09-19 17:26 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2007-09-19 17:26 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

2007-09-19 17:26 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2007-09-17 19:37 <DIR> d-------- C:\Arquivos de programas\SourceTec

2007-09-17 19:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SourceTec

2007-09-12 20:28 <DIR> d-------- C:\Arquivos de programas\PKR

2007-09-11 17:49 <DIR> d-------- C:\Arquivos de programas\Bonjour

2007-09-10 23:49 <DIR> d-------- C:\Arquivos de programas\JMF2.1.1e

2007-09-07 23:22 <DIR> d-------- C:\Arquivos de programas\No-IP

2007-09-06 19:00 <DIR> d--h----- C:\WINDOWS\PIF

2007-09-05 20:55 <DIR> d-------- C:\Arquivos de programas\SHOUTcast

2007-09-02 02:48 11,231 -r-h----- C:\WINDOWS\system32\pqsystemp.dat

2007-09-02 00:18 44,032 --a------ C:\WINDOWS\system32\pqrtestpp.dll

2007-09-02 00:18 <DIR> d-------- C:\Arquivos de programas\Portinho Quicksys.Registry 2007

2007-08-31 12:11 <DIR> d-------- C:\Arquivos de programas\ProcInfo

2007-08-30 16:03 <DIR> d-------- C:\Arquivos de programas\HTV

2007-08-29 22:46 <DIR> d-------- C:\WINDOWS\vf_hip

2007-08-29 22:46 <DIR> d-------- C:\Arquivos de programas\Hide IP Platinum

2007-08-29 18:02 <DIR> d-------- C:\Arquivos de programas\Uplink

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-25 17:06 --------- d-------- C:\DOCUME~1\Rodrigo\DADOSD~1\uTorrent

2007-09-25 17:04 --------- d-------- C:\DOCUME~1\Rodrigo\DADOSD~1\VMware

2007-09-25 17:03 --------- d-------- C:\DOCUME~1\LOCALS~1\DADOSD~1\VMware

2007-09-25 17:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\VMware

2007-09-25 13:53 --------- d-------- C:\DOCUME~1\Casa\DADOSD~1\VMware

2007-09-25 00:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft Help

2007-09-24 20:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google Updater

2007-09-24 19:54 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-09-23 22:49 --------- d-------- C:\DOCUME~1\Casa\DADOSD~1\LimeWire

2007-09-23 21:09 --------- d-------- C:\Arquivos de programas\Vstplugins

2007-09-23 11:50 --------- d-------- C:\Arquivos de programas\ActivationManager

2007-09-22 22:16 512096 --a------ C:\WINDOWS\system32\drivers\_mon.s00

2007-09-22 22:16 15424 --a------ C:\WINDOWS\system32\drivers\_od32drv.s00

2007-09-22 19:35 --------- d--h----- C:\Arquivos de programas\Scpad

2007-09-22 19:31 7220 --a------ C:\WINDOWS\system32\drivers\services.xml

2007-09-22 18:50 --------- d-------- C:\Arquivos de programas\Spyware Doctor

2007-09-22 18:13 --------- d-------- C:\DOCUME~1\Luiz\DADOSD~1\VMware

2007-09-22 16:07 --------- d-------- C:\Arquivos de programas\eMule

2007-09-22 15:16 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Borland Shared

2007-09-22 02:38 --------- d-------- C:\Arquivos de programas\Trillian

2007-09-21 18:17 --------- d-------- C:\DOCUME~1\Rodrigo\DADOSD~1\LimeWire

2007-09-20 23:37 --------- d-------- C:\Arquivos de programas\FlashGet

2007-09-16 14:44 --------- d-------- C:\Arquivos de programas\mIRC

2007-09-14 20:01 --------- d-------- C:\Arquivos de programas\Winamp

2007-09-11 19:53 --------- d-------- C:\Arquivos de programas\Opera

2007-09-08 02:49 --------- d-------- C:\Arquivos de programas\Soulseek-Test

2007-09-08 01:25 --------- d-------- C:\Arquivos de programas\EA GAMES

2007-09-08 01:14 --------- d-------- C:\Arquivos de programas\LimeWire

2007-09-06 21:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\{AB3EC276-D261-4943-A921-1CC1C6799AED}

2007-09-06 15:01 --------- d-------- C:\DOCUME~1\Rodrigo\DADOSD~1\MySQL

2007-08-30 16:16 --------- d-------- C:\Arquivos de programas\Picasa2

2007-08-24 17:42 --------- d-------- C:\Arquivos de programas\PokerLoco

2007-08-17 14:18 --------- d-------- C:\Arquivos de programas\SeePassword

2007-08-16 22:35 --------- d-------- C:\Arquivos de programas\Online TV Player 3

2007-08-15 18:10 --------- d-------- C:\Arquivos de programas\Alyuda Research

2007-08-07 00:07 --------- d-------- C:\Arquivos de programas\PartyGaming

2007-08-04 17:08 --------- d-------- C:\Arquivos de programas\bot - duelos

2007-08-02 15:25 --------- d-------- C:\Arquivos de programas\Cerberus

2007-07-30 21:39 --------- d-------- C:\DOCUME~1\Rodrigo\DADOSD~1\Google

2007-07-30 21:38 --------- d-------- C:\Arquivos de programas\Google

2007-07-30 21:24 --------- d-------- C:\DOCUME~1\Rodrigo\DADOSD~1\PC Tools

2007-07-27 20:38 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2007-07-25 21:46 --------- d-------- C:\Arquivos de programas\Motorola

2007-07-23 00:04 1711140 --a------ C:\Arquivos de programas\bot - duelos.zip

2007-06-07 11:43 126996 --a------ C:\Arquivos de programas\gamepic2[1].jpg

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F583DD1-43B0-4AFE-8482-42B901D8A7DE}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC591F79-835E-4C1B-B2B8-5EDA8E98A79C}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF3A48E7-039F-4ABD-1BBE-DC8C3F51CAAA}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-02-13 10:05]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-02-13 15:29]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54]

"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"vmware-tray"="C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe" [2007-05-01 22:52]

"egui"="C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\egui.exe" [2007-09-21 09:16]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"µTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2007-09-19 17:41]

"EVEREST AutoStart"="C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe" [2007-04-05 00:00]

"uTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2007-09-19 17:41]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"PcSync"=C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

 

C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1\INICIA~1\

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-07-27 20:38:06]

Adobe Acrobat Synchronizer.lnk - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50]

 

C:\DOCUME~1\Casa\MENUIN~1\PROGRA~1\INICIA~1\

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

 

C:\DOCUME~1\Luiz\MENUIN~1\PROGRA~1\INICIA~1\

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

 

C:\DOCUME~1\Rodrigo\MENUIN~1\PROGRA~1\INICIA~1\

Trillian.lnk - C:\Arquivos de programas\Trillian\trillian.exe [2007-07-19]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeStartMenu"=0 (0x0)

"NoLogOff"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqo]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Google Updater.lnk]

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rodrigo^Menu Iniciar^Programas^Inicializar^MagicDisc.lnk]

backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rodrigo^Menu Iniciar^Programas^Inicializar^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@RegRunOnSecure]

C:\ARQUIV~1\Greatis\REGRUN~1\OnSecure.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

"C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bantool]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

"C:\Arquivos de programas\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firebird]

C:\Firebird\Firebird_1_5\bin\fbguard.exe -a

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\german.exe]

C:\WINDOWS\system32\wintems.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

"C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

"C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

HDAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hldrrr]

C:\WINDOWS\system32\hldrrr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

C:\Arquivos de programas\Download Manager\DLM.exe /windowsstart /startifwork

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\issch.exe" -start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Arquivos de programas\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MOD]

C:\Arquivos de programas\Microangelo\muamgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegRun WinBait]

C:\WINDOWS\winbait.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]

C:\ARQUIV~1\Greatis\REGRUN~1\WatchDog.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

"C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeePassword]

C:\Arquivos de programas\SeePassword\SeePassword.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

"C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]

"C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Advanced Keylogger]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Messenger"=2 (0x2)

"WinVNC4"=2 (0x2)

"Bonjour Service"=2 (0x2)

 

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys

R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys

R2 ekrn;Eset Service;"C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\ekrn.exe"

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Firebird\Firebird_1_5\bin\fbguard.exe -s

R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Firebird\Firebird_1_5\bin\fbserver.exe -s

R2 InterBaseGuardian;InterBase Guardian;C:\Program Files\Borland\InterBase\bin\ibguard.exe

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe

R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;\??\C:\Arquivos de programas\VMware\VMware Workstation\vstor2-ws60.sys

R2 WIBUKEY;WIBU-KEY Kernel Driver;C:\WINDOWS\system32\DRIVERS\Wibukey.sys

R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys

R3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt

R3 InterBaseServer;InterBase Server;C:\Program Files\Borland\InterBase\bin\ibserver.exe

R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys

R3 vmkbd2;VMware kbd2;\??\C:\WINDOWS\system32\drivers\VMkbd.sys

S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys

S3 EhttpSrv;Eset HTTP Server;"C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\EHttpSrv.exe"

S3 IBExpertBackupRestore;IBExpertBackupRestore;C:\Arquivos de programas\HK-Software\IBExpertBackupRestore\hkIBRS.exe

S3 IBExpertSQLMonitor;IBExpertSQLMonitor;C:\Arquivos de programas\HK-Software\IBExpertMonitor\hkProxy.exe

S3 IBExpertSQLMonitorDB;IBExpertSQLMonitorDB;C:\Arquivos de programas\HK-Software\IBExpertMonitor\StatToDB.exe

S3 IBExpertSQLMonitorHtmlMaker;IBExpertSQLMonitorHtmlMaker;C:\Arquivos de programas\HK-Software\IBExpertMonitor\StatToHtml.exe

S3 IBExpertTransactionMonitor;IBExpertTransactionMonitor;C:\Arquivos de programas\HK-Software\IBExpertTransactionMonitor\hkTRmon.exe

S3 IssRawPkt;IssRawPkt;\??\C:\WINDOWS\system32\drivers\IssRawPkt.sys

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys

S3 RegGuard;RegGuard;\??\C:\WINDOWS\system32\Drivers\regguard.sys

S3 ufad-ws60;VMware Agent Service;"C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Arquivos de programas\VMware\VMware Workstation\\" -s ufad-p2v.xml

 

.

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-25 17:05:34

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-09-25 17:09:17 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-09-25 17:08

.

--- E O F ---

 

-----------------------------------------------------------------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 17:11:34, on 25/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\ekrn.exe

C:\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Program Files\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\Borland\InterBase\bin\ibserver.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\Trillian\trillian.exe

C:\Arquivos de programas\MSN Messenger\livecall.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Rodrigo\Desktop\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: (no name) - {3F583DD1-43B0-4AFE-8482-42B901D8A7DE} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AC591F79-835E-4C1B-B2B8-5EDA8E98A79C} - (no file)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: 0 - {BF3A48E7-039F-4ABD-1BBE-DC8C3F51CAAA} - (no file)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [µTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Trillian.lnk = C:\Arquivos de programas\Trillian\trillian.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176160542703

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL

O20 - Winlogon Notify: sstqo - C:\WINDOWS\

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - Eset - C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IBExpertBackupRestore - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertBackupRestore\hkIBRS.exe

O23 - Service: IBExpertSQLMonitor - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertMonitor\hkProxy.exe

O23 - Service: IBExpertSQLMonitorDB - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertMonitor\StatToDB.exe

O23 - Service: IBExpertSQLMonitorHtmlMaker - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertMonitor\StatToHtml.exe

O23 - Service: IBExpertTransactionMonitor - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertTransactionMonitor\hkTRmon.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: MySQL - Unknown owner - C:\MySQL\MySQL.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Arquivos de programas\No-IP\DUC20.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe (file missing)

O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

--

End of file - 16381 bytes

 

depois de meses sem aparecer avisos de segurança do windows, hoje apareceu \o/

acho q já foi um progresso... + meu msn continua travando e consumindo memoria... mesmo depois de re-instalado.. e ainda to "sem" acesso de administrador para instalar programas.

[jgarcia 1]

Opa demoniohf,

 

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

 

Salve-o em sua área de trabalho (desktop) e o execute. Aceite o acordo. Clique em Scan e aguarde.

 

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

 

Ao final do scan será gerado o arquivo fsbl-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

 

Abraços.

[demoniohf 0]

09/25/07 23:31:10 [info]: BlackLight Engine 1.0.64 initialized09/25/07 23:31:10 [info]: OS: 5.1 build 2600 (Service Pack 2)09/25/07 23:31:10 [Note]: 7019 409/25/07 23:31:10 [Note]: 7005 009/25/07 23:31:12 [Note]: 7006 009/25/07 23:31:12 [Note]: 7011 188809/25/07 23:31:12 [Note]: 7026 009/25/07 23:31:13 [Note]: 7026 009/25/07 23:31:14 [Note]: FSRAW library version 1.7.102209/25/07 23:53:00 [Note]: 7007 0não localizou nada.

[demoniohf 0]

Continuo sem conseguir acessar o MSN... aparece quem está online e trava a parte de visualizar os contatos. De resto tudo funciona... alguem ai sabe oq pode ser?ahhh outra coisa, pelo log meu pc tá limpo do bagle?

[jgarcia 1]

Opa demoniohf,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

Desinstale:

SeePassword

 

Utilize Adicionar / Remover programas.

 

Caso não encontre o programa cima citado na lista, apenas passe para a próxima etapa.

 

1ª Etapa

 

Baixe o Killbox em:

Killbox

 

Baixe, mas não execute ainda.

 

Baixe a ferramenta de correção da Symantec.

 

Baixe -> vá em Arquivo -> Salvar como em seu desktop, mas não a execute ainda.

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

2ª Etapa

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\WINDOWS\system32\wintems.exe

C:\WINDOWS\system32\hldrrr.exe

C:\Arquivos de programas\SeePassword\SeePassword.exe

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

3ª Etapa

 

Reinicie o computador em Modo Normal.

 

Execute a ferramenta de correção. Para isto dê um clique-direito sobre UnHookExec.inf contido em seu desktop e depois clique em instalar.

 

Vá em Iniciar -> Executar -> digite regedit -> dê Ok.

 

Navegue e delete as seguintes subchaves, se houver:

 

HKEY_CURRENT_USER\Software\FirstRRRun

HKEY_CURRENT_USER\Software\FIRSTRUXZX

 

Navegue até a seguinte subchave:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

 

No painel à direita, delete os seguintes valores, se houver:

 

"drvsyskit" = "%Userprofiles%\Application Data\hidires\hidr.exe"

"drvsyskit" = "%Userprofiles%\Application Data\hidires\m_hook.sys"

"drvsyskit" = "%Userprofiles%\Application Data\hidires\srosa.sys"

"drvsyskit" = "%Userprofiles%\Application Data\hidn\hidn2.exe"

"german.exe" = "%System%\wintems.exe"

"hldrrr" = "%System%\hldrrr.exe"

 

Navegue até a seguinte subchave:

 

HKEY_CURRENT_USER\Software\DateTime4

 

No painel à direita, restaure os seguintes valores originais, se necessário:

 

"port" = "0x5B7E"

"uid" = "[RANDOM]"

"wdrn" = "0x00000001"

 

Navegue até a seguinte subchave:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control

 

Selecione a pasta (Control) -> dê um clique-direito -> Novo -> Chave -> coloque o nome de Safeboot.

 

Criada a pasta Safeboot, a selecione -> dê um clique-direito -> Novo -> Valor da sequência -> dê o nome de AlternateShell.

 

No painel à direita selecione AlternateShell -> dê um clique-direito -> Modificar -> no local destinado ao valor coloque cmd.exe.

 

Navegue até a seguinte subchave:

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify

 

Localize e delete a seguinte pasta:

 

sstqo

 

Navegue até a seguinte subchave:

 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg

 

Localize e delete as seguintes pastas:

 

bantool

german.exe

hldrrr

IpWins

SeePassword

WebBuying

webHancer Agent

XP Advanced Keylogger

 

Saia do Editor do Registro.

 

Localize e delete:

 

C:\Arquivos de programas\SeePassword <- a pasta

 

Vá até a pasta C:\!Killbox e delete o conteúdo.

 

4ª Etapa

 

Reinicie em Modo Normal novamente.

 

Execute o CCleaner e clique em Executar Cleaner.

 

Retorne com um novo log do HijackThis, verifique se a máquina já está reiniciando em Modo Seguro e tente reinstalar os sistemas de segurança.

 

Aguardo retorno.

 

Um abraço.

[demoniohf 0]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12:51:02, on 29/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\ekrn.exe

C:\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Program Files\Borland\InterBase\bin\ibguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Trillian\trillian.exe

C:\Program Files\Borland\InterBase\bin\ibserver.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Rodrigo\Desktop\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: (no name) - {3F583DD1-43B0-4AFE-8482-42B901D8A7DE} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AC591F79-835E-4C1B-B2B8-5EDA8E98A79C} - (no file)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: (no name) - {BF3A48E7-039F-4ABD-1BBE-DC8C3F51CAAA} - (no file)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [µTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Trillian.lnk = C:\Arquivos de programas\Trillian\trillian.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176160542703

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - Eset - C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IBExpertBackupRestore - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertBackupRestore\hkIBRS.exe

O23 - Service: IBExpertSQLMonitor - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertMonitor\hkProxy.exe

O23 - Service: IBExpertSQLMonitorDB - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertMonitor\StatToDB.exe

O23 - Service: IBExpertSQLMonitorHtmlMaker - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertMonitor\StatToHtml.exe

O23 - Service: IBExpertTransactionMonitor - HK-Software - C:\Arquivos de programas\HK-Software\IBExpertTransactionMonitor\hkTRmon.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: MySQL - Unknown owner - C:\MySQL\MySQL.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Arquivos de programas\No-IP\DUC20.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe (file missing)

O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

 

--

End of file - 16964 bytes

[jgarcia 1]

Opa demoniohf,

 

Poste um novo log do ComboFix.

 

Abraços.

[demoniohf 0]

Desculpe a demora, estava curtindo minha formatura em Porto Seguro. Fiquei uma semana fora.

 

ComboFix 07-10-07.2 - Rodrigo 2007-10-07 16:22:54.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.507 [GMT -3:00]

Executando de: C:\Documents and Settings\Rodrigo\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-09-07 to 2007-10-07 ))))))))))))))))))))))))))))))))

.

 

2007-09-29 13:36 5,104,128 --a------ C:\WINDOWS\system\ieframe.dll

2007-09-29 12:16 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2007-09-29 12:15 <DIR> d-------- C:\Arquivos de programas\CCleaner

2007-09-29 11:47 92,672 --a------ C:\WINDOWS\system32\KillBox.exe

2007-09-25 16:51 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-25 00:21 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2007-09-24 19:49 <DIR> d-------- C:\ruby

2007-09-23 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Eset

2007-09-22 19:32 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys

2007-09-22 18:50 <DIR> d-------- C:\Arquivos de programas\Greatis

2007-09-22 15:20 <DIR> d-------- C:\Inprise

2007-09-21 21:21 225,280 --a------ C:\WINDOWS\system32\rewire.dll

2007-09-21 21:21 <DIR> d-------- C:\Arquivos de programas\ASIO4ALL v2

2007-09-21 21:18 <DIR> d-------- C:\Arquivos de programas\Image-Line

2007-09-21 09:17 28,680 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys

2007-09-21 09:15 33,288 --a------ C:\WINDOWS\system32\drivers\eamon.sys

2007-09-21 09:15 25,096 --a------ C:\WINDOWS\system32\drivers\easdrv.sys

2007-09-20 23:27 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2007-09-20 23:20 335 --a------ C:\WINDOWS\mozregistry.dat

2007-09-20 20:14 <DIR> d-------- C:\Arquivos de programas\FreeRIP3

2007-09-19 22:27 47,104 --a------ C:\WINDOWS\system32\D2HTLS32.DLL

2007-09-19 22:27 299,008 --a------ C:\WINDOWS\system32\SKY32V3C.DLL

2007-09-19 22:27 28,976 --a------ C:\WINDOWS\system32\D2HTOOLS.DLL

2007-09-19 22:27 <DIR> d-------- C:\Arquivos de programas\Cosmi

2007-09-19 22:27 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Cosmi

2007-09-19 20:54 <DIR> d-------- C:\OtsLabs

2007-09-19 19:07 <DIR> d-------- C:\vcs4sample

2007-09-19 18:00 <DIR> d-------- C:\Arquivos de programas\AV Vcs 5.0 DIAMOND

2007-09-19 17:47 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL

2007-09-19 17:47 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2007-09-19 17:47 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE

2007-09-19 17:47 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2007-09-19 17:47 <DIR> d-------- C:\Arquivos de programas\Visiosonic

2007-09-19 17:26 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2007-09-19 17:26 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-09-19 17:26 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

2007-09-19 17:26 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2007-09-19 17:26 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

2007-09-19 17:26 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2007-09-17 19:37 <DIR> d-------- C:\Arquivos de programas\SourceTec

2007-09-17 19:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SourceTec

2007-09-12 20:28 <DIR> d-------- C:\Arquivos de programas\PKR

2007-09-11 17:49 <DIR> d-------- C:\Arquivos de programas\Bonjour

2007-09-10 23:49 <DIR> d-------- C:\Arquivos de programas\JMF2.1.1e

2007-09-07 23:22 <DIR> d-------- C:\Arquivos de programas\No-IP

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-07 16:15 --------- d-------- C:\Documents and Settings\Rodrigo\Dados de aplicativos\uTorrent

2007-10-07 16:13 --------- d-------- C:\Arquivos de programas\eMule

2007-10-07 16:12 --------- d-------- C:\Documents and Settings\Rodrigo\Dados de aplicativos\VMware

2007-10-07 16:12 --------- d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\VMware

2007-10-07 16:12 --------- d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\VMware

2007-10-07 16:12 --------- d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\VMware

2007-10-07 16:12 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\VMware

2007-10-06 21:27 --------- d-------- C:\Documents and Settings\Casa\Dados de aplicativos\LimeWire

2007-10-06 21:11 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2007-10-06 21:05 --------- d-------- C:\Documents and Settings\Casa\Dados de aplicativos\VMware

2007-10-05 20:58 --------- d-------- C:\Documents and Settings\Luiz\Dados de aplicativos\VMware

2007-10-02 10:57 --------- d-------- C:\Arquivos de programas\Trillian

2007-09-30 18:26 --------- d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2007-09-29 22:05 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\{AB3EC276-D261-4943-A921-1CC1C6799AED}

2007-09-29 15:36 --------- d-------- C:\Arquivos de programas\Opera

2007-09-29 13:20 --------- d-------- C:\Arquivos de programas\MSN Messenger

2007-09-29 12:29 --------- d-------- C:\Arquivos de programas\Uplink

2007-09-28 23:15 --------- d-------- C:\Documents and Settings\Rodrigo\Dados de aplicativos\LimeWire

2007-09-25 20:41 --------- d-------- C:\Arquivos de programas\Vstplugins

2007-09-25 00:19 --------- d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2007-09-23 12:38 --------- d-------- C:\Arquivos de programas\HTV

2007-09-23 11:50 --------- d-------- C:\Arquivos de programas\ActivationManager

2007-09-22 22:16 512096 --a------ C:\WINDOWS\system32\drivers\_mon.s00

2007-09-22 22:16 15424 --a------ C:\WINDOWS\system32\drivers\_od32drv.s00

2007-09-22 19:35 --------- d--h----- C:\Arquivos de programas\Scpad

2007-09-22 19:31 7220 --a------ C:\WINDOWS\system32\drivers\services.xml

2007-09-22 18:50 --------- d-------- C:\Arquivos de programas\Spyware Doctor

2007-09-22 15:16 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Borland Shared

2007-09-20 23:37 --------- d-------- C:\Arquivos de programas\FlashGet

2007-09-16 14:44 --------- d-------- C:\Arquivos de programas\mIRC

2007-09-14 20:01 --------- d-------- C:\Arquivos de programas\Winamp

2007-09-08 02:49 --------- d-------- C:\Arquivos de programas\Soulseek-Test

2007-09-08 01:25 --------- d-------- C:\Arquivos de programas\EA GAMES

2007-09-08 01:14 --------- d-------- C:\Arquivos de programas\LimeWire

2007-09-06 15:01 --------- d-------- C:\Documents and Settings\Rodrigo\Dados de aplicativos\MySQL

2007-09-05 21:22 --------- d-------- C:\Arquivos de programas\SHOUTcast

2007-09-02 02:48 --------- d-------- C:\Arquivos de programas\Portinho Quicksys.Registry 2007

2007-08-31 20:09 --------- d-------- C:\Arquivos de programas\Hide IP Platinum

2007-08-31 12:11 --------- d-------- C:\Arquivos de programas\ProcInfo

2007-08-30 16:16 --------- d-------- C:\Arquivos de programas\Picasa2

2007-08-24 17:42 --------- d-------- C:\Arquivos de programas\PokerLoco

2007-08-16 22:35 --------- d-------- C:\Arquivos de programas\Online TV Player 3

2007-08-15 18:10 --------- d-------- C:\Arquivos de programas\Alyuda Research

2007-08-11 19:18 --------- d-------- C:\Arquivos de programas\TibiaBR Cam Lite

2007-08-11 19:15 --------- d-------- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Tibia

2007-08-11 18:40 --------- d-------- C:\Arquivos de programas\TibiaBR Interaction

2007-08-07 00:07 --------- d-------- C:\Arquivos de programas\PartyGaming

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-23 00:04 1711140 --a------ C:\Arquivos de programas\bot - duelos.zip

2007-07-19 13:53 44032 --a------ C:\WINDOWS\system32\pqrtestpp.dll

2007-07-07 17:40 1386496 --a------ C:\WINDOWS\system32\msvbvm60.dll

2007-06-07 11:43 126996 --a------ C:\Arquivos de programas\gamepic2[1].jpg

.

 

((((((((((((((((((((((((((((( snapshot_2007-09-25_170817.12 )))))))))))))))))))))))))))))))))))))))))

.

----a-w 135,168 2007-09-28 12:06:08 C:\WINDOWS\catchme.exe

----a-r 29,926 2007-09-29 16:20:57 C:\WINDOWS\Installer\{37FD253D-5064-4034-8CEC-CC3995F823A4}\MsblIco.Exe

----a-r 23,558 2007-10-04 14:41:23 C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe

----a-r 295,606 2007-10-04 14:41:23 C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe

----a-r 295,606 2007-10-04 14:41:25 C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe

----a-r 295,606 2007-10-04 14:41:24 C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe

----a-r 25,214 2007-10-04 14:41:25 C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe

----a-r 7,278 2007-10-04 14:41:24 C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe

----a-w 6,058,496 2007-06-27 13:22:50 C:\WINDOWS\system32\ieframe.dll

----a-w 279,552 2007-10-05 13:07:31 C:\WINDOWS\system32\swreg.exe

----a-w 232,425 2007-10-07 19:16:48 C:\WINDOWS\system32\inetsrv\MetaBase.bin

----a-w 2,115,816 2007-06-11 20:34:34 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

----a-w 190,696 2007-06-11 20:34:40 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

----a-w 45,218 2007-09-29 18:36:21 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

----atw 16,384 2007-10-07 19:13:52 C:\WINDOWS\Temp\Perflib_Perfdata_4bc.dat

.

----a-w 109,056 2007-07-20 03:47:22 C:\WINDOWS\catchme.exe

----a-r 29,926 2007-09-24 22:54:48 C:\WINDOWS\Installer\{37FD253D-5064-4034-8CEC-CC3995F823A4}\MsblIco.Exe

----a-r 23,558 2007-09-02 15:25:44 C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe

----a-r 295,606 2007-09-02 15:25:44 C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe

----a-r 295,606 2007-09-02 15:25:45 C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe

----a-r 295,606 2007-09-02 15:25:45 C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe

----a-r 25,214 2007-09-02 15:25:45 C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe

----a-r 7,278 2007-09-02 15:25:45 C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe

----a-w 279,552 2007-07-22 21:39:27 C:\WINDOWS\system32\swreg.exe

----a-w 232,417 2007-09-25 20:07:36 C:\WINDOWS\system32\inetsrv\MetaBase.bin

----a-w 2,463,976 2007-02-20 19:04:02 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

----a-w 190,696 2007-02-20 19:04:04 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

----a-w 44,706 2007-07-04 18:13:12 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F583DD1-43B0-4AFE-8482-42B901D8A7DE}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC591F79-835E-4C1B-B2B8-5EDA8E98A79C}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF3A48E7-039F-4ABD-1BBE-DC8C3F51CAAA}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-02-13 10:05]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-02-13 15:29]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54]

"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"vmware-tray"="C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe" [2007-05-01 22:52]

"egui"="C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\egui.exe" [2007-09-21 09:16]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

"µTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2007-09-19 17:41]

"EVEREST AutoStart"="C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe" [2007-04-05 00:00]

"uTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2007-09-19 17:41]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45]

"eMuleAutoStart"="C:\Arquivos de programas\eMule\emule.exe" [2006-09-14 11:15]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"PcSync"=C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

 

C:\Documents and Settings\Casa\Menu Iniciar\Programas\Inicializar\

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

 

C:\Documents and Settings\Luiz\Menu Iniciar\Programas\Inicializar\

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

 

C:\Documents and Settings\Rodrigo\Menu Iniciar\Programas\Inicializar\

Trillian.lnk - C:\Arquivos de programas\Trillian\trillian.exe [2007-07-19]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeStartMenu"=0 (0x0)

"NoLogOff"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\ARQUIV~1\Google\GOOGLE~4\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Google Updater.lnk]

backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rodrigo^Menu Iniciar^Programas^Inicializar^MagicDisc.lnk]

backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rodrigo^Menu Iniciar^Programas^Inicializar^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@RegRunOnSecure]

C:\ARQUIV~1\Greatis\REGRUN~1\OnSecure.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

"C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

"C:\Arquivos de programas\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firebird]

C:\Firebird\Firebird_1_5\bin\fbguard.exe -a

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

"C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

"C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

HDAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

C:\Arquivos de programas\Download Manager\DLM.exe /windowsstart /startifwork

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

"C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\issch.exe" -start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Arquivos de programas\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MOD]

C:\Arquivos de programas\Microangelo\muamgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Arquivos de programas\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegRun WinBait]

C:\WINDOWS\winbait.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]

C:\ARQUIV~1\Greatis\REGRUN~1\WatchDog.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

"C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

"C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]

"C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]

C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Messenger"=2 (0x2)

"WinVNC4"=2 (0x2)

"Bonjour Service"=2 (0x2)

 

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys

R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys

R2 ekrn;Eset Service;"C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\ekrn.exe"

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Firebird\Firebird_1_5\bin\fbguard.exe -s

R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Firebird\Firebird_1_5\bin\fbserver.exe -s

R2 InterBaseGuardian;InterBase Guardian;C:\Program Files\Borland\InterBase\bin\ibguard.exe

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe

R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;\??\C:\Arquivos de programas\VMware\VMware Workstation\vstor2-ws60.sys

R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys

R3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\DOCUME~1\Rodrigo\CONFIG~1\Temp\EverestDriver.sys

R3 InterBaseServer;InterBase Server;C:\Program Files\Borland\InterBase\bin\ibserver.exe

R3 vmkbd2;VMware kbd2;\??\C:\WINDOWS\system32\drivers\VMkbd.sys

S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys

S3 EhttpSrv;Eset HTTP Server;"C:\Arquivos de programas\Eset\ESET NOD32 Antivirus\EHttpSrv.exe"

S3 IBExpertBackupRestore;IBExpertBackupRestore;C:\Arquivos de programas\HK-Software\IBExpertBackupRestore\hkIBRS.exe

S3 IBExpertSQLMonitor;IBExpertSQLMonitor;C:\Arquivos de programas\HK-Software\IBExpertMonitor\hkProxy.exe

S3 IBExpertSQLMonitorDB;IBExpertSQLMonitorDB;C:\Arquivos de programas\HK-Software\IBExpertMonitor\StatToDB.exe

S3 IBExpertSQLMonitorHtmlMaker;IBExpertSQLMonitorHtmlMaker;C:\Arquivos de programas\HK-Software\IBExpertMonitor\StatToHtml.exe

S3 IBExpertTransactionMonitor;IBExpertTransactionMonitor;C:\Arquivos de programas\HK-Software\IBExpertTransactionMonitor\hkTRmon.exe

S3 IssRawPkt;IssRawPkt;\??\C:\WINDOWS\system32\drivers\IssRawPkt.sys

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys

S3 RegGuard;RegGuard;\??\C:\WINDOWS\system32\Drivers\regguard.sys

S3 ufad-ws60;VMware Agent Service;"C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Arquivos de programas\VMware\VMware Workstation\\" -s ufad-p2v.xml

 

*Newly Created Service* - EVERESTDRIVER

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-07 16:29:59

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

**************************************************************************

.

Tempo para conclusão: 2007-10-07 16:31:10

C:\ComboFix-quarantined-files.txt ... 2007-10-07 16:30

C:\ComboFix2.txt ... 2007-09-25 17:14

.

--- E O F ---

[demoniohf 0]

td ok com o meu log?Obrigado.

[demoniohf 0]

Desculpa ser insistente, é que faz tempo que não recebo respostas aqui.Postei o log. Alguma ideia?quando escrevo meu email no meu msn ele demora um ou dois minutos para aparecer, o msn parece travado. E na hora de digitar a senha, aparece normal.Depois quando clico para conectar aparece o erro: 800401f3procurei sobre ele, e dizem que é dll's não registradas. Registrei todas que falava, e não funciona... tambem achei que podia ser o horario do relogio, tentei auto-atualizar meu relogio pela microsoft e dá erro, então fiz manualmente. Talvez seja erro do formato da hora, mas isso não explica a lentidão na hora de digitar o email.esse é o ultimo problema que eu tenho com o pc, de resto PARECE tudo normal.

[jgarcia 1]

Opa demoniohf,

 

Submeta o arquivo abaixo ao site da Jotti:

 

C:\WINDOWS\system32\swreg.exe

 

Retorne com o resultado.

 

Abraços.

[demoniohf 0]

File: swreg.exeStatus: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)MD5: 5dbee2a187ff4ba477c1c8b08682a585Packers detected: UPXBit9 reports: No threat detected (more info)A-Squared Found nothingAntiVir Found nothingArcaVir Found nothingAvast Found nothingAVG Antivirus Found nothingBitDefender Found nothingClamAV Found nothingCPsecure Found nothingDr.Web Found nothingF-Prot Antivirus Found nothingF-Secure Anti-Virus Found nothingFortinet Found nothingKaspersky Anti-Virus Found nothingNOD32 Found nothingNorman Virus Control Found nothingPanda Antivirus Found nothingRising Antivirus Found nothingSophos Antivirus Found nothingVirusBuster Found nothingVBA32 Found nothingnada... e o erro continua.

[jgarcia 1]

Opa demoniohf,

 

Diante de sua última postagem posso dizer que a máquina está LIMPA. :thumbsup:

 

Para finalizar:

 

1. Desabilite e Reabilite a função de Restauração Automática do XP. Clique aqui para ver como;

 

2. Desinstale e reinstale o MSN para que as falhas de execução sejam corrigidas;

 

3. Leia o artigo Cuidados ao navegar na net e saiba como evitar novas infecções.

 

Abraços.

[demoniohf 0]

não funcionou... mesmo problema, lentidão na hora de digitar o email, tudo certo na hora de digitar a senha e dá erro 800401f3 de serviço temporariamente fora do ar.Você poderia me falar as configurações padrões das Opções Regionais de data e hora? me falaram que poderia ser isso.

[jgarcia 1]

Opa demoniohf,

 

Vamos tentar resolver o problema remanescente por meio do CCleaner -> baixe aqui.

 

1. Para efetivar a limpeza basta marcar a opção Limpeza – no alto e à esquerda – e clicar em Executar Limpeza – abaixo e à direita. Neste caso você poderá optar pela limpeza do Windows, de Programas ou de ambos;

 

2. Para a correção de erros basta escolher a opção Registro – no alto e à esquerda – clicar em Procurar erros – abaixo e à esquerda – e depois em Corrigir Erros Selecionados – abaixo e à direita (por padrão todos serão selecionados);

 

3. Em Ferramentas – no alto e à esquerda – você poderá efetivar a desinstalação de programas (os mesmos contidos em Adicionar / Remover programas) ou ainda remover processos de programas contidos na inicialização (somente para usuários experientes);

 

4. Em Opções encontram-se os dispositivos de configuração do CCleaner, os quais sugiro que permaneçam inalterados.

 

Execute as ações acima (apenas 1. e 2.) e retorne com o resultado.

 

Abraços.