[Resolvido!]Anuncios de Internet abrindo sempre

antonio f · Outubro 8, 2007

Prezados,

Mais uma vez venho buscar ajuda.

Não sei se é virus, malware, etc.

Toda vez que abro o Iexplorer, conectando à Internet, sempre abrem-se janelas com anuncios por trás. Tem sempre o endereço CID: ....adviser5...alguma coisa.

Segue o LOG do Hijack

Logfile of HijackThis v1.99.1

Scan saved at 17:59:23, on 8/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Koogan-Houaiss Digital 2000\KH2000Tray.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HIjack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&amp...;os=5&src=1

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Owns Ping Ante Admin] C:\Documents and Settings\All Users\Dados de aplicativos\Ball mapi owns ping\Bold creative.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Dvdjugs] C:\DOCUME~1\FELIPE\DADOSD~1\ENCFAS~1\Option Camp.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Consulta KH2000.lnk = C:\Arquivos de programas\Koogan-Houaiss Digital 2000\KH2000Tray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Picture Package Menu.lnk = ?

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/lig...tiveInstall.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Conto com a ajuda de vocês.

Antonio

DigRam · Outubro 9, 2007

Bom Dia antonio f!

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

antonio f · Outubro 9, 2007

Bom Dia DIGRAM,

Segui suas instruções, segeu resultado

Combofix_________________

ComboFix 07-10-09.3 - FELIPE 2007-10-09 7:59:34.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.128 [GMT -3:00]

Executando de: C:\Documents and Settings\FELIPE\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((( Ficheiros criados de 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))))

.

2007-10-09 07:58 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-07 22:05 <DIR> d-------- C:\Arquivos de programas\Koogan-Houaiss Digital 2000

2007-10-07 22:05 75,776 --a------ C:\WINDOWS\system32\PICN1113.DLL

2007-10-07 22:05 30,208 --a------ C:\WINDOWS\system32\PICN13.DLL

2007-10-06 11:37 <DIR> d-------- C:\Documents and Settings\FELIPE\Dados de aplicativos\Enc Fast

2007-10-04 19:00 <DIR> d-------- C:\Arquivos de programas\eMule

2007-10-04 17:06 <DIR> d-------- C:\Arquivos de programas\Enc Fast

2007-10-03 18:32 <DIR> d-------- C:\Documents and Settings\LUIZ ANTONIO\Dados de aplicativos\Enc Fast

2007-09-29 15:46 <DIR> d-------- C:\Arquivos de programas\Ubisoft

2007-09-26 15:52 <DIR> d-------- C:\Documents and Settings\FLAVIO ANTONIO\Dados de aplicativos\Enc Fast

2007-09-25 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ball mapi owns ping

2007-09-25 20:17 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-09-25 19:12 <DIR> d-------- C:\Arquivos de programas\Windows Journal Viewer

2007-09-15 19:08 <DIR> d-------- C:\Documents and Settings\FELIPE\Dados de aplicativos\WinRAR

2007-09-10 22:08 <DIR> dr-h----- C:\Documents and Settings\FELIPE\Dados de aplicativos\SecuROM

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-06 01:12 --------- d-----w C:\Documents and Settings\LUIZ ANTONIO\Dados de aplicativos\iMesh

2007-09-27 23:08 --------- d-----w C:\Arquivos de programas\Lexmark X1100 Series

2007-09-27 20:25 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-09-06 02:37 --------- d-----w C:\Arquivos de programas\Sony Corporation

2007-09-06 02:36 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-09-06 02:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\muvee Technologies

2007-09-04 19:05 --------- d-----w C:\Arquivos de programas\TraduNet

2007-09-04 18:40 74,240 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-09-04 18:40 253,952 ------w C:\WINDOWS\Setup1.exe

2007-09-01 18:19 --------- d-----w C:\Documents and Settings\LUIZ ANTONIO\Dados de aplicativos\WinRAR

2007-08-27 22:36 --------- d-----w C:\Arquivos de programas\Free MP3 Converter

2007-08-24 01:49 --------- d-----w C:\Arquivos de programas\Google

2007-08-22 01:35 397,312 ----a-w C:\Documents and Settings\LUIZ ANTONIO\jogl.dll

2007-08-15 17:05 --------- d-----w C:\Arquivos de programas\Best Buy Rhapsody

2007-08-04 03:34 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 22:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll

2007-07-19 06:59 3,583,488 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-07-12 23:31 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll

2007-06-16 14:58 31,128 ----a-w C:\Documents and Settings\FELIPE\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-05-20 00:19 31,128 ----a-w C:\Documents and Settings\JAQUELINE\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-05-08 15:35 31,128 ----a-w C:\Documents and Settings\LUIZ ANTONIO\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-02-21 03:10 152 ----a-w C:\Documents and Settings\LUIZ ANTONIO\server_setup101.dat

2006-12-04 23:33 836 ----a-w C:\Documents and Settings\FELIPE\Dados de aplicativos\ViewerApp.dat

2006-08-21 23:45 25,384 ----a-w C:\Documents and Settings\FLAVIO ANTONIO\Dados de aplicativos\GDIPFONTCACHEV1.DAT

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 21:00]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-03-30 23:04]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-16 16:13]

"Owns Ping Ante Admin"="C:\Documents and Settings\All Users\Dados de aplicativos\Ball mapi owns ping\Bold creative.exe" [2007-10-09 07:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:45]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 17:04]

"Dvdjugs"="C:\DOCUME~1\FELIPE\DADOSD~1\ENCFAS~1\Option Camp.exe" [2007-10-04 17:06]

C:\Documents and Settings\FLAVIO ANTONIO\Menu Iniciar\Programas\Inicializar\

PowerReg Scheduler V3.exe [2005-09-07 09:51:21]

C:\Documents and Settings\FELIPE\Menu Iniciar\Programas\Inicializar\

Ferramenta de Verifica‡Æo de M¡dia do Cyber-shot Viewer.lnk - C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-12-04 20:16:04]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]

Adobe Reader Synchronizer.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]

Consulta KH2000.lnk - C:\Arquivos de programas\Koogan-Houaiss Digital 2000\KH2000Tray.exe [2007-10-07 22:05:29]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

Picture Package Menu.lnk - C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2007-09-05 23:37:50]

Picture Package VCD Maker.lnk - C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2007-09-05 23:37:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\WINDOWS\Downloaded Program Files\gbiehabn.dll [ ]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\WINDOWS\Downloaded Program Files\gbieh.dll [ ]

R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys

R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys

R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys

R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys

R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys

R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.SYS

R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS

R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS

S3 CE3;Serviço Xircom Ethernet Adapter 10/100;C:\WINDOWS\system32\DRIVERS\ce3n5.sys

S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys

S3 lgusbsmodem;LGE Mobile USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys

S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0115ee66-83ee-11db-8d40-000bcdec4a56}]

Auto\command - AdobeR.exe e

AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2007-10-09 10:52:00 C:\WINDOWS\Tasks\startt.job"

.

**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-09 08:03:01

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

**************************************************************************

.

Tempo para conclusão: 2007-10-09 8:04:31

.

--- E O F ---

HJT_________________________________________________

Logfile of HijackThis v1.99.1

Scan saved at 08:18:52, on 9/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Koogan-Houaiss Digital 2000\KH2000Tray.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Arquivos de programas\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe