[Resolvido!]Estou com problemas

[lavm 0]

Pessoal, ajudem-me por favor, pois já faz algumas semanas que eu peguei um backdoor através do eMule e na época do incidente meu antivirus( Kaspersky) estava dando problema e eu tive que retira-lo pra instalar outra versão mais atual só que desde então eu não consigo instalar mais nenhum antivirus, porque toda vez que o programa de instalação está copiando os novos arquivos dá um erro. Então se alguém poder me ajudar.

 

 

P.S.: Abaixo está o log do hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 18:07:37, on 29/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\SYSTEM32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBGuard.EXE

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\WINDOWS\system32\oodag.exe

D:\WINDOWS\system32\slserv.exe

D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

D:\Arquivos de programas\D-Tools\daemon.exe

D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe

D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

E:\Picasa2\PicasaMediaDetector.exe

D:\WINDOWS\system32\ctfmon.exe

D:\ARQUIV~1\MUSICM~1\MUSICM~1\MMDiag.exe

D:\Arquivos de programas\MSN Messenger\msnmsgr.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

D:\Arquivos de programas\RALINK\Common\RaUI.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

D:\Arquivos de programas\SEC\MagicTune 2.5\GammaTray.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mim.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

D:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

E:\eMule\emule.exe

D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mmjb.exe

D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_director.exe

D:\ARQUIV~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\WINDOWS\system32\msiexec.exe

E:\Programas\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fast-and-easy-search.info

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.20.1:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - D:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - D:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [soundMAXPnP] D:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "D:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [MimBoot] D:\ARQUIV~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [MMTray] "D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] E:\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [explorer] D:\WINDOWS\system32\explori.exe

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [googletalk] "D:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: Adobe Gamma.lnk = D:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Arquivos de programas\RALINK\Common\RaUI.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Color Calibration.lnk = ?

O8 - Extra context menu item: &Download all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: CAi 2005 Plus! - Resumo da Conexão - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Arquivos de programas\CAi 2005 Plus!\CAi2005Plus.exe (file missing)

O9 - Extra 'Tools' menuitem: CAi 2005 Plus! - Resumo da Conexão - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Arquivos de programas\CAi 2005 Plus!\CAi2005Plus.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {33331111-1111-1111-1111-611111193423} -

O16 - DPF: {33331111-1111-1111-1111-611111193429} -

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {CT id=e codeBase=http://www.www2.p0rt2.com/files/epl29bf2.cab classid=clsid:33331111-1111-1111-1111-615111193427} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{D84911CB-6057-459E-9F38-A0FC97727FDA}: NameServer = 192.168.20.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - D:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InterbaseGuardian - Inprise Corporation - D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBGuard.EXE

O23 - Service: InterbaseServer - Inprise Corporation - D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe

O23 - Service: NBService - Nero AG - D:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[DigRam 144]

Bom Dia lavm!

 

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares.

>@< Dê um duplo clique no Bankerfix.exe,depois Enter. Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

>@< Poste o relatorio.txt do BankerFix que está em D:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

 

Abraços!

[lavm 0]

Antes de tudo, muito obrigado DigRam por se propor a me ajudar.É o sguinte, eu tentei instalar o Bankerfix só que toda vez que eu dô um duplo clique no arquivo aparece a seguinte mesagem:Não é possível encontrar o mecanismo de script "VBScript" para o script "D:\LinhaDefensiva\Iniciar-Bankerfix.vbs".e o botão "OK", e quando este botão é clicado, a tela com a mesagem desaparece. Dai, eu não sei o que fazer.Espero respostas!!!

[DigRam 144]

Boa Noite lavm!

 

>@< Reinstale o Windows Script.

>@< Execute-o!

>@< Clique em Sim!

>@< Reinicie o computador!

__________________

 

>@< Tente executar,agora,o BankerFix.

 

Abraços!

[lavm 0]

Meus Windows provavelmente não é original. Tem problema se instalar este windows script!?

[DigRam 144]

Meus Windows provavelmente não é original. Tem problema se instalar este windows script!?

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Opa!lavm.

Bom Dia!

 

>@< Crie,antes de instalar o componente,um Ponto de Restauração.

>@< Funcionando,rode o BankerFix!

 

Abraços!

[lavm 0]

DigRam, eu fiz o que você disse pra fazer e abaixo estão, o relatório do BankerFix e o arquivo de log do Hijackthis e gostaria de lhe pedir desculpas pela demora para postar a resposta. Abraços e fico no aguardo da sua avaliação e da sua resposta!!!

 

1º) Relatório do BankerFix:

 

BankerFix 2.4 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 07/10/2007 - 16:16

-------------------------------------------------------

Lista de Definição: 2007-10-07-1

=======================================================

 

Arquivo infectado detectado: D:\WINDOWS\libeay32.dll

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: D:\WINDOWS\ssleay32.dll

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: D:\WINDOWS\system32\explori.exe

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

 

2º) Log do Hijackthis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:18:37, on 07/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\SYSTEM32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBGuard.EXE

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\WINDOWS\system32\oodag.exe

D:\WINDOWS\system32\slserv.exe

D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

D:\Arquivos de programas\D-Tools\daemon.exe

D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe

D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

E:\Picasa2\PicasaMediaDetector.exe

D:\ARQUIV~1\MUSICM~1\MUSICM~1\MMDiag.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\MSN Messenger\msnmsgr.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

D:\Arquivos de programas\RALINK\Common\RaUI.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mim.exe

D:\Arquivos de programas\SEC\MagicTune 2.5\GammaTray.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

D:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

D:\WINDOWS\system32\NOTEPAD.EXE

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

E:\Programas\Hijackthis\HijackThis.exe

D:\Arquivos de programas\Internet Explorer\iexplore.exe

D:\Arquivos de programas\MSN Apps\Updater1.05.0000.1009\pt-br\msnappau.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fast-and-easy-search.info

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.20.1:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - D:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - D:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [soundMAXPnP] D:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "D:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [MimBoot] D:\ARQUIV~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [MMTray] "D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] E:\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [googletalk] "D:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: Adobe Gamma.lnk = D:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Arquivos de programas\RALINK\Common\RaUI.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Color Calibration.lnk = ?

O8 - Extra context menu item: &Download all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: CAi 2005 Plus! - Resumo da Conexão - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Arquivos de programas\CAi 2005 Plus!\CAi2005Plus.exe (file missing)

O9 - Extra 'Tools' menuitem: CAi 2005 Plus! - Resumo da Conexão - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Arquivos de programas\CAi 2005 Plus!\CAi2005Plus.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {33331111-1111-1111-1111-611111193423} -

O16 - DPF: {33331111-1111-1111-1111-611111193429} -

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {CT id=e codeBase=http://www.www2.p0rt2.com/files/epl29bf2.cab classid=clsid:33331111-1111-1111-1111-615111193427} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{D84911CB-6057-459E-9F38-A0FC97727FDA}: NameServer = 192.168.20.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - D:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InterbaseGuardian - Inprise Corporation - D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBGuard.EXE

O23 - Service: InterbaseServer - Inprise Corporation - D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe

O23 - Service: NBService - Nero AG - D:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[DigRam 144]

Bom Dia lavm!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: D:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[lavm 0]

Bom dia DigRam. Fiz o que disse pra fazer e logo abaixo estão os dois arquivos de log, o do ComboFix e o do Hijackthis. Mais uma vez, obrigado pela atenção e fico no aguardo de sua análise e de sua resposta.

 

 

1º) Log do ComboFix:

 

 

ComboFix 07-10-07.2 - Windows XP 2007-10-08 12:14:36.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.667 [GMT -3:00]

Executando de: D:\Documents and Settings\Windows XP\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\Arquivos de programas\MSN Messenger\msimg32.dll

D:\WINDOWS\exefld

D:\WINDOWS\exefld\100078.exe

D:\WINDOWS\exefld\100078.exe

D:\WINDOWS\exefld\100421.exe

D:\WINDOWS\exefld\100421.exe

D:\WINDOWS\exefld\102484.exe

D:\WINDOWS\exefld\102484.exe

D:\WINDOWS\exefld\103640.exe

D:\WINDOWS\exefld\103640.exe

D:\WINDOWS\exefld\104093.exe

D:\WINDOWS\exefld\104093.exe

D:\WINDOWS\exefld\104328.exe

D:\WINDOWS\exefld\104328.exe

D:\WINDOWS\exefld\104703.exe

D:\WINDOWS\exefld\104703.exe

D:\WINDOWS\exefld\105031.exe

D:\WINDOWS\exefld\105031.exe

D:\WINDOWS\exefld\1081125.exe

D:\WINDOWS\exefld\1081125.exe

D:\WINDOWS\exefld\108625.exe

D:\WINDOWS\exefld\108625.exe

D:\WINDOWS\exefld\109187.exe

D:\WINDOWS\exefld\109187.exe

D:\WINDOWS\exefld\110515.exe

D:\WINDOWS\exefld\110515.exe

D:\WINDOWS\exefld\111765.exe

D:\WINDOWS\exefld\111765.exe

D:\WINDOWS\exefld\113671.exe

D:\WINDOWS\exefld\113671.exe

D:\WINDOWS\exefld\115156.exe

D:\WINDOWS\exefld\115156.exe

D:\WINDOWS\exefld\116921.exe

D:\WINDOWS\exefld\116921.exe

D:\WINDOWS\exefld\117906.exe

D:\WINDOWS\exefld\117906.exe

D:\WINDOWS\exefld\124406.exe

D:\WINDOWS\exefld\124406.exe

D:\WINDOWS\exefld\124437.exe

D:\WINDOWS\exefld\124437.exe

D:\WINDOWS\exefld\129000.exe

D:\WINDOWS\exefld\129000.exe

D:\WINDOWS\exefld\129390.exe

D:\WINDOWS\exefld\129390.exe

D:\WINDOWS\exefld\130843.exe

D:\WINDOWS\exefld\130843.exe

D:\WINDOWS\exefld\131562.exe

D:\WINDOWS\exefld\131562.exe

D:\WINDOWS\exefld\131578.exe

D:\WINDOWS\exefld\131578.exe

D:\WINDOWS\exefld\133421.exe

D:\WINDOWS\exefld\133421.exe

D:\WINDOWS\exefld\133703.exe

D:\WINDOWS\exefld\133703.exe

D:\WINDOWS\exefld\135625.exe

D:\WINDOWS\exefld\135625.exe

D:\WINDOWS\exefld\136828.exe

D:\WINDOWS\exefld\136828.exe

D:\WINDOWS\exefld\138828.exe

D:\WINDOWS\exefld\138828.exe

D:\WINDOWS\exefld\142218.exe

D:\WINDOWS\exefld\142218.exe

D:\WINDOWS\exefld\144031.exe

D:\WINDOWS\exefld\144031.exe

D:\WINDOWS\exefld\144156.exe

D:\WINDOWS\exefld\144156.exe

D:\WINDOWS\exefld\14598031.exe

D:\WINDOWS\exefld\14598031.exe

D:\WINDOWS\exefld\14608203.exe

D:\WINDOWS\exefld\14608203.exe

D:\WINDOWS\exefld\14662046.exe

D:\WINDOWS\exefld\14662046.exe

D:\WINDOWS\exefld\150734.exe

D:\WINDOWS\exefld\150734.exe

D:\WINDOWS\exefld\16581406.exe

D:\WINDOWS\exefld\16581406.exe

D:\WINDOWS\exefld\167531.exe

D:\WINDOWS\exefld\167531.exe

D:\WINDOWS\exefld\170375.exe

D:\WINDOWS\exefld\170375.exe

D:\WINDOWS\exefld\18935734.exe

D:\WINDOWS\exefld\18935734.exe

D:\WINDOWS\exefld\205906.exe

D:\WINDOWS\exefld\205906.exe

D:\WINDOWS\exefld\206671.exe

D:\WINDOWS\exefld\206671.exe

D:\WINDOWS\exefld\214000.exe

D:\WINDOWS\exefld\214000.exe

D:\WINDOWS\exefld\261828.exe

D:\WINDOWS\exefld\261828.exe

D:\WINDOWS\exefld\29087562.exe

D:\WINDOWS\exefld\29087562.exe

D:\WINDOWS\exefld\328125.exe

D:\WINDOWS\exefld\328125.exe

D:\WINDOWS\exefld\394421.exe

D:\WINDOWS\exefld\394421.exe

D:\WINDOWS\exefld\431281.exe

D:\WINDOWS\exefld\431281.exe

D:\WINDOWS\exefld\518406.exe

D:\WINDOWS\exefld\518406.exe

D:\WINDOWS\exefld\829203.exe

D:\WINDOWS\exefld\829203.exe

D:\WINDOWS\exefld\85343.exe

D:\WINDOWS\exefld\85343.exe

D:\WINDOWS\exefld\96609.exe

D:\WINDOWS\exefld\96609.exe

D:\WINDOWS\exefld\96750.exe

D:\WINDOWS\exefld\96750.exe

D:\WINDOWS\exefld\97250.exe

D:\WINDOWS\exefld\97250.exe

D:\WINDOWS\exefld\99296.exe

D:\WINDOWS\exefld\99296.exe

D:\WINDOWS\exefld\99515.exe

D:\WINDOWS\exefld\99515.exe

D:\WINDOWS\system32\drivers\hidr.exe

D:\WINDOWS\system32\drivers\srosa.sys

D:\WINDOWS\system32\wintems.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\nm

 

 

((((((((((((((((((((((( Ficheiros criados de 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))))

.

 

2007-10-08 12:13 51,200 --a------ D:\WINDOWS\NirCmd.exe

2007-10-07 14:16 <DIR> d--hs---- D:\FOUND.039

2007-09-30 14:32 <DIR> d-------- D:\LinhaDefensiva

2007-09-29 18:04 <DIR> d-------- D:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2007-09-29 12:45 <DIR> d-------- D:\!KillBox

2007-09-28 19:41 107,888 --a------ D:\WINDOWS\system32\CmdLineExt.dll

2007-09-28 19:41 <DIR> dr-h----- D:\Documents and Settings\Windows XP\Dados de aplicativos\SecuROM

2007-09-23 17:53 196,608 --a------ D:\WINDOWS\system32\ssleay32.dll

2007-09-23 17:53 1,040,384 --a------ D:\WINDOWS\system32\libeay32.dll

2007-09-23 00:30 2,152,448 --a------ D:\WINDOWS\system32\ntoskrnl.exe

2007-09-23 00:30 2,152,448 --a------ D:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2007-09-15 14:36 8,192 --a------ D:\WINDOWS\system32\drivers\RT2661.bin

2007-09-15 14:36 8,192 --a------ D:\WINDOWS\system32\drivers\RT2561s.bin

2007-09-15 14:36 8,192 --a------ D:\WINDOWS\system32\drivers\RT2561.bin

2007-09-15 14:36 363,008 --a------ D:\WINDOWS\system32\drivers\rt61.sys

2007-09-15 14:36 311,296 --a------ D:\WINDOWS\system32\AegisI5.exe

2007-09-15 14:36 295,016 --a------ D:\WINDOWS\system32\Install6x.dll

2007-09-15 14:36 243,328 --a------ D:\WINDOWS\system32\drivers\RT2500.SYS

2007-09-15 14:36 20,747 --a------ D:\WINDOWS\system32\drivers\AegisP.sys

2007-09-15 14:36 <DIR> d-------- D:\Arquivos de programas\RALINK

2007-09-14 20:02 <DIR> d--h----- D:\Documents and Settings\Windows XP\Dados de aplicativos\m

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-08-25 17:55 --------- d-------- D:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2007-08-25 17:50 --------- d-------- D:\Arquivos de programas\Bonjour

2007-08-25 17:43 --------- d-------- D:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2007-08-12 14:46 --------- dr-h----- D:\Documents and Settings\Windows XP\Dados de aplicativos\CrystalSpace

2007-08-12 14:19 --------- d-------- D:\Arquivos de programas\GameVicio

2005-05-11 23:36 12288 --a------ D:\WINDOWS\Fonts\RandFont.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="D:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-06 09:07]

"SoundMAX"="D:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2004-03-26 14:40]

"DAEMON Tools-1033"="D:\Arquivos de programas\D-Tools\daemon.exe" [2004-08-22 17:05]

"HP Software Update"="D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2004-06-06 09:07]

"MimBoot"="D:\ARQUIV~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-03-09 19:10]

"MMTray"="D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-09 19:10]

"RemoteControl"="D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]

"TkBellExe"="D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-01-06 02:27]

"NeroFilterCheck"="D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]

"SunJavaUpdateSched"="D:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]

"Picasa Media Detector"="E:\Picasa2\PicasaMediaDetector.exe" [2006-04-19 20:17]

"Adobe Reader Speed Launcher"="D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:45]

"googletalk"="D:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 20:54]

"msnmsgr"="D:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"swg"=D:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

 

D:\Documents and Settings\Windows XP\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - D:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

 

D:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - D:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2006-12-13 19:13:38]

Ralink Wireless Utility.lnk - D:\Arquivos de programas\RALINK\Common\RaUI.exe [2007-09-15 14:36:56]

HP Digital Imaging Monitor.lnk - D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]

Inicializa‡Æo r pida do HP Image Zone.lnk - D:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

Color Calibration.lnk - D:\Arquivos de programas\SEC\MagicTune 2.5\GammaTray.exe [2006-07-06 21:37:59]

 

A chave SafeBoot necessita de ser reparada. Esta máquina não pode entrar em Modo de Segurança.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

@="Driver Group"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader 8.lnk]

path=D:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader 8.lnk

backup=D:\WINDOWS\pss\Adobe Reader 8.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wscsvc"=2 (0x2)

 

R0 viamraid;viamraid;D:\WINDOWS\system32\drivers\viamraid.sys

R1 ShldDrv;Panda File Shield Driver;\??\D:\WINDOWS\system32\DRIVERS\ShlDrv51.sys

R1 VIAPFD;VIAPFD;D:\WINDOWS\system32\Drivers\VIAPFD.SYS

R2 cvintdrv;cvintdrv;D:\WINDOWS\system32\drivers\cvintdrv.sys

R2 InterbaseGuardian;InterbaseGuardian;D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBGuard.EXE -s

R2 ithsgt;ithsgt;D:\WINDOWS\system32\DRIVERS\ithsgt.sys

R2 lilsgt;lilsgt;D:\WINDOWS\system32\DRIVERS\lilsgt.sys

R3 InterbaseServer;InterbaseServer;D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe -s -g

R3 Tetris;Tetris driver;D:\WINDOWS\system32\Drivers\Tetris.sys

S1 srosa;Megadrv3;\??\D:\WINDOWS\system32\drivers\srosa.sys

S3 HPx9G+;HPx9G+ Device USB Driver;D:\WINDOWS\system32\DRIVERS\HPx9G2k.sys

S3 ids00026;ids00026;\??\D:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys

S3 ids00118;ids00118;\??\D:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys

S3 ids0014f;ids0014f;\??\D:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys

S3 ids0015d;ids0015d;\??\D:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys

S3 ids00180;ids00180;\??\D:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys

S3 ids0018a;ids0018a;\??\D:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys

S3 ids00196;ids00196;\??\D:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys

S3 ids001b8;ids001b8;\??\D:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Anti-Virus Personal\5.0\bases\ids001b8.sys

S3 klstm;klstm;\??\D:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys

S3 TDWXP;WavePlus 802.11b Wireless PCI/PCMCIA Card Driver;D:\WINDOWS\system32\DRIVERS\wpndis51.sys

S4 PavProc;Panda Process Protection Driver;\??\D:\WINDOWS\system32\DRIVERS\PavProc.sys

 

.

**************************************************************************

 

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-08 12:18:38

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-10-08 12:19:44 - machine was rebooted

D:\ComboFix-quarantined-files.txt ... 2007-10-08 12:19

.

--- E O F ---

 

 

2º) Log do Hijackthis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:23:22, on 08/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBGuard.EXE

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\WINDOWS\system32\oodag.exe

D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

D:\Arquivos de programas\D-Tools\daemon.exe

D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe

D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

D:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

D:\ARQUIV~1\MUSICM~1\MUSICM~1\MMDiag.exe

E:\Picasa2\PicasaMediaDetector.exe

D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\MSN Messenger\msnmsgr.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

D:\Arquivos de programas\RALINK\Common\RaUI.exe

D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mim.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

D:\Arquivos de programas\SEC\MagicTune 2.5\GammaTray.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

E:\Programas\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fast-and-easy-search.info

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.20.1:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)

O4 - HKLM\..\Run: [soundMAXPnP] D:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "D:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [MimBoot] D:\ARQUIV~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [MMTray] "D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] E:\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [googletalk] "D:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: Adobe Gamma.lnk = D:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Arquivos de programas\RALINK\Common\RaUI.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Color Calibration.lnk = ?

O8 - Extra context menu item: &Download all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: CAi 2005 Plus! - Resumo da Conexão - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Arquivos de programas\CAi 2005 Plus!\CAi2005Plus.exe (file missing)

O9 - Extra 'Tools' menuitem: CAi 2005 Plus! - Resumo da Conexão - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Arquivos de programas\CAi 2005 Plus!\CAi2005Plus.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {33331111-1111-1111-1111-611111193423} -

O16 - DPF: {33331111-1111-1111-1111-611111193429} -

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {CT id=e codeBase=http://www.www2.p0rt2.com/files/epl29bf2.cab classid=clsid:33331111-1111-1111-1111-615111193427} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{D84911CB-6057-459E-9F38-A0FC97727FDA}: NameServer = 192.168.20.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - D:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InterbaseGuardian - Inprise Corporation - D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBGuard.EXE

O23 - Service: InterbaseServer - Inprise Corporation - D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe

O23 - Service: NBService - Nero AG - D:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[DigRam 144]

Bom Dia lavm!

 

>@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix,nestas entradas:

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)

O16 - DPF: {33331111-1111-1111-1111-611111193423} -

O16 - DPF: {33331111-1111-1111-1111-611111193429} -

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {CT id=e codeBase=http://www.www2.p0rt2.com/files/epl29bf2.cab classid=clsid:33331111-1111-1111-1111-615111193427} -

___________________

 

>@< Siga estas recomendações sobre a Remoção da versão Bagle,com Rootkit e,após isso,retorne com um nôvo Log do HijackThis.

 

< Removendo a versão Bagle com Rootkit - Versão 02. >

 

Abraços!

[lavm 0]

Bom dia DigRam! Fiz o que você mandou e abixo está o log do Hijckthis. Abraços e até mais!!!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:21:26, on 09/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBGuard.EXE

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\WINDOWS\system32\oodag.exe

D:\WINDOWS\system32\slserv.exe

D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

D:\Arquivos de programas\D-Tools\daemon.exe

D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe

D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

E:\Picasa2\PicasaMediaDetector.exe

D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

D:\WINDOWS\system32\ctfmon.exe

D:\ARQUIV~1\MUSICM~1\MUSICM~1\MMDiag.exe

D:\Arquivos de programas\MSN Messenger\msnmsgr.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

D:\Arquivos de programas\RALINK\Common\RaUI.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mim.exe

D:\Arquivos de programas\SEC\MagicTune 2.5\GammaTray.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

D:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

E:\Programas\Hijackthis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fast-and-easy-search.info

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.20.1:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [soundMAXPnP] D:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "D:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [MimBoot] D:\ARQUIV~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [MMTray] "D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] E:\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [googletalk] "D:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: Adobe Gamma.lnk = D:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Arquivos de programas\RALINK\Common\RaUI.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Color Calibration.lnk = ?

O8 - Extra context menu item: &Download all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: CAi 2005 Plus! - Resumo da Conexão - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Arquivos de programas\CAi 2005 Plus!\CAi2005Plus.exe (file missing)

O9 - Extra 'Tools' menuitem: CAi 2005 Plus! - Resumo da Conexão - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Arquivos de programas\CAi 2005 Plus!\CAi2005Plus.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{D84911CB-6057-459E-9F38-A0FC97727FDA}: NameServer = 192.168.20.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - D:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InterbaseGuardian - Inprise Corporation - D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBGuard.EXE

O23 - Service: InterbaseServer - Inprise Corporation - D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe

O23 - Service: NBService - Nero AG - D:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[DigRam 144]

Bom Dia lavm!

 

>@< Apague a pasta: D:\QooBox\Quarantine << Pertence ao ComboFix.

________________

 

>@< Faça o download do a-squared Free 3.0

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,clique em: Analisar agora.

>@< Procure fazer,esta análise,em Modo de Segurança!

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena. Aonde,daí,serão eliminados ou restaurados.

>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado.

 

Abraços!

[lavm 0]

Bom dia DigRam!O meu PC não consegue iniciar em Modo de Segurança, pois toda vez que eu tento, aparece a tela azul dando erro de memória. Tem problema se eu fizer a análise iniciando o PC em Modo Normal mesmo!?Fico no aguardo de respostas!Abraços!!!

[DigRam 144]

Bom dia DigRam!

 

O meu PC não consegue iniciar em Modo de Segurança, pois toda vez que eu tento, aparece a tela azul dando erro de memória. Tem problema se eu fizer a análise iniciando o PC em Modo Normal mesmo!?

 

Fico no aguardo de respostas!

 

Abraços!!!

@@@@@@@@@@@@@@@@@@

Opa,amigo lavm!

Boa Noite.

 

>@< Faça o download do EliBagla.

>@< Salve-o no Desktop!

>@< Agora,vá ao seu ícone,e execute a ferramenta!

>@< Poste o relatório infoSAT.txt que está na raíz D:\ ( Disco Local-D )

>@< Veja se já pode reiniciar,o computador,em Modo de Segurança.

 

Abraços!

[lavm 0]

Bom dia DigRam!Abaixo está o relatório do EliBaglia. Só falta agora verificar se o PC está reiniciando em Modo de Segurança. Mais tarde eu posto a resposta. Até mais!!! Thu Oct 11 12:35:13 2007EliBagle v10.60 ©2007 S.G.H. / Satinfo S.L.----------------------------------------------Lista de Acciones (por Acción Directa):Por favor, envienos una muestra del ficheroC:\Muestras\WINTEMS.EXE.Muestra EliBagle v10.60 a "virus@satinfo.es". Gracias.D:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIRD:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado BagleD:\WINDOWS\SYSTEM32\DRIVERS\HIDR.EXE --> Bagle Renombrado a .VIRPor favor, envienos una muestra del ficheroC:\Muestras\SROSA.SYS.Muestra EliBagle v10.60 a "virus@satinfo.es". Gracias.D:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado BagleD:\DOCUMENTS AND SETTINGS\WINDOWS XP\DADOS DE APLICATIVOS\M\FLEC006.EXE --> Eliminado Bagle.dldrD:\DOCUMENTS AND SETTINGS\WINDOWS XP\DADOS DE APLICATIVOS\M\LIST.OCT --> Eliminado BagleEliminada Carpeta "%WinDir%\exefld"Restaurada Clave: "SafeBoot\Minimal y Network" Thu Oct 11 12:35:48 2007EliBagle v10.60 ©2007 S.G.H. / Satinfo S.L.----------------------------------------------Lista de Acciones (por Exploración):Explorando Unidad C:\ Thu Oct 11 12:36:28 2007EliBagle v10.60 ©2007 S.G.H. / Satinfo S.L.----------------------------------------------Lista de Acciones (por Exploración):Explorando Unidad D:\D:\Arquivos de programas\Analog Devices\SoundMAX\SMAX4PNP.EXE --> Eliminado BagleD:\Arquivos de programas\HP\HP Software Update\HPWUSCHD2.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0005998.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0005999.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006000.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006001.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006002.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006003.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006004.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006005.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006006.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006007.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006008.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006009.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006010.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006011.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006012.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006013.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006014.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006015.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006016.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006017.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006018.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006020.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006021.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006022.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006023.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006024.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006025.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006026.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006027.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006028.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006029.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006030.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006031.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006032.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006033.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006034.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006035.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006036.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006037.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006038.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006039.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006040.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006046.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006047.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006048.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006049.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006050.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006051.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006052.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006053.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006054.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006084.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006108.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006114.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006120.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006147.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006162.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006174.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006188.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006194.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006205.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006219.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006293.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006294.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006305.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006316.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP12\A0006377.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP12\A0006383.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP12\A0006403.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP12\A0006416.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP12\A0006423.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP12\A0006443.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP12\A0006457.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP12\A0006472.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP12\A0006484.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP12\A0006485.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP12\A0006486.EXE --> Eliminado Bagle.dldrD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP12\A0006487.EXE --> Eliminado BagleD:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP12\A0006488.EXE --> Eliminado Bagle Thu Oct 11 12:38:45 2007EliBagle v10.60 ©2007 S.G.H. / Satinfo S.L.----------------------------------------------Lista de Acciones (por Exploración):Explorando Unidad E:\ Thu Oct 11 12:39:53 2007EliBagle v10.60 ©2007 S.G.H. / Satinfo S.L.----------------------------------------------Lista de Acciones (por Exploración):Explorando Unidad F:\ Thu Oct 11 12:41:08 2007EliBagle v10.60 ©2007 S.G.H. / Satinfo S.L.----------------------------------------------Lista de Acciones (por Acción Directa):D:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle Thu Oct 11 12:44:19 2007EliBagle v10.60 ©2007 S.G.H. / Satinfo S.L.----------------------------------------------Lista de Acciones (por Acción Directa):D:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> EliminadoD:\WINDOWS\SYSTEM32\Drivers\HIDR.EXE.VIR --> EliminadoEliminada Carpeta "%AppData%\M"

[lavm 0]

Boa noite DigRam!

 

Graças a Deus!!!

 

Muito obrigado, até que enfim o PC iniciou em Modo de Segurança. Daí eu executei o a-squared e fiz a análise como você disse e abaixo estão, o relatório do a-squared e o arquivo de log do Hijackthis. Fico esperando o seu parecer. Até mais e abraços!!!

 

 

1º) Relatório do a-squared:

 

 

a-squared Free - Versão 3.0

Last update: 10/10/2007 12:45:30

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, C:\, D:\, E:\, F:\

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

 

Início da análise: 12/10/2007 17:12:40

 

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> DisplayName detectado: Trace.Registry.BSplayer

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> UninstallString detectado: Trace.Registry.BSplayer

d:\windows\ss3unstl.exe detectado: Trace.File.Ocean Screensaver

C:\WINDOWS\Temporary Internet Files\Content.IE5\K9A3W9IF\discador[1].exe detectado: Heuristic.Dialer.RAS

C:\WINDOWS\wt\wtvh.dll detectado: Adware.WildTangent.b

C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll detectado: Adware.WildTangent.b

C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll detectado: Adware.WildTangent.b

C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll detectado: Adware.WildTangent.b

C:\Arquivos de programas\Discador UOL 10.0 Light\Discador Light.exe detectado: Heuristic.Dialer.RAS

D:\Arquivos de programas\AskTBar\bar\1.bin\A5POPSWT.DLL detectado: Riskware.AdTool.Win32.MyWebSearch.az

D:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL detectado: Riskware.AdTool.Win32.MyWebSearch.az

D:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006041.exe detectado: Trojan-Downloader.Win32.Bagle.ef

D:\System Volume Information\_restore{32D4C05F-BB8A-40A3-82F5-EB5CDCA13C44}\RP9\A0006042.exe detectado: Trojan-Downloader.Win32.Bagle.ef

E:\eMule\Incoming\NOD32 v.2.70.16 Final WinXP 2000NT Vista+ Crack_DnGnMsTr.rar/nentenst.exe/advheur.nup detectado: Heuristic.ArchiveBomb

E:\eMule\Incoming\NOD32 v.2.70.16 Final WinXP 2000NT Vista+ Crack_DnGnMsTr\nentenst.exe/advheur.nup detectado: Heuristic.ArchiveBomb

E:\Programas\Nero7\Nero-7.5.9.0_ptb_no_atb\Nero-7.5.9.0_ptb_no_atb.exe/683C0904.cab detectado: Heuristic.ArchiveBomb

 

Analisado

 

Arquivos: 327332

Objetos: 144041

Cookies: 1

Processos: 10

 

Encontrado

 

Arquivos: 13

Objetos: 3

Cookies: 0

Processos: 0

Chaves do registro: 0

 

Fim da análise: 12/10/2007 18:09:11

Duração da análise: 00:56:31

 

 

2º) Log do Hijackthis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:19:14, on 12/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBGuard.EXE

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\WINDOWS\system32\oodag.exe

D:\WINDOWS\system32\HPZipm12.exe

D:\WINDOWS\system32\slserv.exe

D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe

D:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

D:\Arquivos de programas\D-Tools\daemon.exe

D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe

D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

D:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe

E:\Picasa2\PicasaMediaDetector.exe

D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

D:\ARQUIV~1\MUSICM~1\MUSICM~1\MMDiag.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\MSN Messenger\msnmsgr.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mim.exe

D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

D:\Arquivos de programas\RALINK\Common\RaUI.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

D:\Arquivos de programas\SEC\MagicTune 2.5\GammaTray.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\Arquivos de programas\Orbitdownloader\orbitnet.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe

D:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

D:\WINDOWS\system32\wuauclt.exe

E:\Programas\Hijackthis\HijackThis.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fast-and-easy-search.info

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.20.1:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [soundMAXPnP] D:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "D:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HP Software Update] D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [MimBoot] D:\ARQUIV~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [MMTray] "D:\Arquivos de programas\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [RemoteControl] "D:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "D:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Arquivos de programas\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [Picasa Media Detector] E:\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [googletalk] "D:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

O4 - HKCU\..\Run: [msnmsgr] "D:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: Adobe Gamma.lnk = D:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Orbit.lnk = D:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Arquivos de programas\RALINK\Common\RaUI.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Color Calibration.lnk = ?

O8 - Extra context menu item: &Download all by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: &Download by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Download selected by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: CAi 2005 Plus! - Resumo da Conexão - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Arquivos de programas\CAi 2005 Plus!\CAi2005Plus.exe (file missing)

O9 - Extra 'Tools' menuitem: CAi 2005 Plus! - Resumo da Conexão - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - D:\Arquivos de programas\CAi 2005 Plus!\CAi2005Plus.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{D84911CB-6057-459E-9F38-A0FC97727FDA}: NameServer = 192.168.20.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - D:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InterbaseGuardian - Inprise Corporation - D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBGuard.EXE

O23 - Service: InterbaseServer - Inprise Corporation - D:\Arquivos de programas\CAIXA\SEFIP\IB6\Bin\IBServer.exe

O23 - Service: NBService - Nero AG - D:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[DigRam 144]

Boa Noite lavm!

 

>@< Apague as pastas,em destaque:

 

D:\FOUND.039

D:\LinhaDefensiva

D:\!KillBox

C:\Muestras

 

>@< Vá a quarentena do a-squared,selecione todo o conteúdo e clique em Eliminar.

>@< Se,por algum erro,os objetos não forem quarantinados,faça um nôvo scan para eliminá-los ao término da verificação.

___________________

 

>@< Apague seus antigos pontos de restauração.

 

>@< Para a sua segurança,leia este artigo: < Cuidado ao navegar na Net >

___________________

 

>@< O Log está Limpo!

>@< Bom trabalho!

 

Abraços! :thumbsup:

[lavm 0]

Bom tarde DigRam!Muito, mais muito obrigado pela sua ajuda!Está funcionando tudo perfeito aqui e até que enfim consegui instalar o antivirus.Mais uma vez muito obrigado pela sua ajuda, você salvou uma alma, quer dizer, um computador da formatação!!!Você foi Dez!!!Abraços e até mais ver!!!

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é preciso enviar uma Mensagem Privada para um Moderador com um link para o tópico.