[Resolvido!]Possivel Infecção

[gibagiboia 0]

Não consigo mudar foto do msn, papel de parede do desktop, abrir arquivos, pois ao tentar fazê-lo os programas se fecham.

abaixo segue meu Logfile:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:58:10, on 17/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Glary Utilities\memdefrag.exe

C:\Arquivos de programas\WordWeb\wweb32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\beto\CONFIG~1\Temp\Diretório temporário 2 para hijackthis_3.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: SecureBrowsingBho Helper - {7632ABCA-B104-4fbc-9C70-419C4147061B} - C:\Arquivos de programas\Finjan

Secure Browsing\bho.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O3 - Toolbar: Finjan Secure Browsing - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Arquivos de programas\Finjan Secure Browsing\bho.dll

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [New Application] C:\Arquivos de programas\Alwil Software\Avast4\ashAvast.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [PowerDVD] "C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe" /autostart

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Arquivos de programas\Glary Utilities\memdefrag.exe" /autostart

O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

Obrigado desde ja´

[DigRam 144]

Bom Dia gibagiboia!

 

>@< Faça um escaneamento OnLine,pelo Panda.

>@< Em,Arquivar e analisar,preencha o campo: País/Distrito/Região/E-Mail válido.

>@< Digite o seu E-Mail.

>@< Marque o botão:Não desejo receber informações...

>@< Clique em: Pesquise agora,sem custos.Aguarde!

>@< Permita a instalação do Active X.

>@< Ps: Para quem possui o Avast,surgirá um alerta de malware,que deverá ser ignorado!

>@< Recomendo que seja desabilitada,a proteção residente do Avast,ao executar o Activescan.

>@< No aviso,clique em Instalar.Aguarde a finalização,da contagem regressiva!

>@< Terminando e,em: Selecione um dispositivo para analisar...

>@< Escolha: O Meu Computador.

>@< Aguarde!Pois vai demorar um pouco para concluir o scan.

>@< Terminando,copie o relatório e poste,na sua resposta + HJT,atualizado.

 

Abraços!

[gibagiboia 0]

Obrigado amigo, vou fazer o que tu aconselha. Logo postarei o resultado

 

 

Bom Dia gibagiboia!

 

>@< Faça um escaneamento OnLine,pelo Panda.

>@< Em,Arquivar e analisar,preencha o campo: País/Distrito/Região/E-Mail válido.

>@< Digite o seu E-Mail.

>@< Marque o botão:Não desejo receber informações...

>@< Clique em: Pesquise agora,sem custos.Aguarde!

>@< Permita a instalação do Active X.

>@< Ps: Para quem possui o Avast,surgirá um alerta de malware,que deverá ser ignorado!

>@< Recomendo que seja desabilitada,a proteção residente do Avast,ao executar o Activescan.

>@< No aviso,clique em Instalar.Aguarde a finalização,da contagem regressiva!

>@< Terminando e,em: Selecione um dispositivo para analisar...

>@< Escolha: O Meu Computador.

>@< Aguarde!Pois vai demorar um pouco para concluir o scan.

>@< Terminando,copie o relatório e poste,na sua resposta + HJT,atualizado.

 

Abraços!

[gibagiboia 0]

Tentei varias vezes fazer o scan oline do Panda, mas nao completa. Da erro possivelmente de Control ou ActiveX.

Baixei então, o programa Panda demo, mas mesmo assim nao instalou corretamente, refiz tres vezes e sempre dava mesmo erro de instalaçao incompleta.

Nao sei realmente mais o que fazer.

Este é meu ultimo Logfile.

 

Logfile of HijackThis v1.99.1

Scan saved at 20:10:16, on 25/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\WordWeb\wweb32.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\DOCUME~1\beto\CONFIG~1\Temp\Diretório temporário 1 para hijackthis_3.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: SecureBrowsingBho Helper - {7632ABCA-B104-4fbc-9C70-419C4147061B} - C:\Arquivos de programas\Finjan Secure Browsing\bho.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O3 - Toolbar: Finjan Secure Browsing - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Arquivos de programas\Finjan Secure Browsing\bho.dll

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [New Application] C:\Arquivos de programas\Alwil Software\Avast4\ashAvast.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

 

 

Bom Dia gibagiboia!

 

>@< Faça um escaneamento OnLine,pelo Panda.

>@< Em,Arquivar e analisar,preencha o campo: País/Distrito/Região/E-Mail válido.

>@< Digite o seu E-Mail.

>@< Marque o botão:Não desejo receber informações...

>@< Clique em: Pesquise agora,sem custos.Aguarde!

>@< Permita a instalação do Active X.

>@< Ps: Para quem possui o Avast,surgirá um alerta de malware,que deverá ser ignorado!

>@< Recomendo que seja desabilitada,a proteção residente do Avast,ao executar o Activescan.

>@< No aviso,clique em Instalar.Aguarde a finalização,da contagem regressiva!

>@< Terminando e,em: Selecione um dispositivo para analisar...

>@< Escolha: O Meu Computador.

>@< Aguarde!Pois vai demorar um pouco para concluir o scan.

>@< Terminando,copie o relatório e poste,na sua resposta + HJT,atualizado.

 

Abraços!

[DigRam 144]

Bom Dia gibagiboia!

 

>@< Pelo Adicionar e Remover Programas,desinstale:

 

SUPERAntiSpyware

 

Finjan Secure Browsing

 

WordWeb

 

Windows Desktop Search 3.0.1 << Para este programa,baixe e execute o:

 

< Desinstalador >

__________________________

 

>@< Desabilite a proteção residente do Spybot.

>@< Faça o download do a-squared Free 3.0

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,clique em: Analisar agora.

>@< Procure fazer,esta análise,em Modo de Segurança!

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena.

>@< Aonde,daí,serão excluídos ou restaurados.

>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado.

 

Abraços!

[gibagiboia 0]

Ola

Fiz o que você me aconselhou. Só não consegui arrancar em Modo de Segurança.

a-squared Free - Versão 3.0

Last update: 26/11/2007 20:00:21

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, C:\

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

 

Início da análise: 26/11/2007 20:08:52

 

c:\arquivos de programas\ares\ares.exe detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\blocked.txt.sample detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\blocked_keywords.txt.sample detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\chanlistfilter.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\gui\general\chat.bmp detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\gui\general\emotic.bmp detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\gui\general\libbig.bmp detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\gui\general\logo.bmp detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\gui\general\mimesmall.bmp detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\gui\general\mshareset.bmp detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\gui\general\prefs.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\gui\general\searchpnl.bmp detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\gui\general\searchstars.bmp detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\gui\general\tabssmall.bmp detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\gui\general\transfer.bmp detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\p2pfilter.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\lang\arabic.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\lang\czech.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\lang\dutch.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\lang\french.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\lang\german.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\lang\italian.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\lang\japanese.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\lang\polish.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\lang\slovak.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\lang\spanish.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\lang\swedish.txt detectado: Trace.File.Ares

c:\arquivos de programas\ares\lang\turkish.txt detectado: Trace.File.Ares

c:\documents and settings\beto\menu iniciar\programas\ares\ares.lnk detectado: Trace.File.Ares

Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares\bounds --> Main.Height detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares\bounds --> Main.Left detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares\bounds --> Main.Maximized detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares\bounds --> Main.Top detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares\bounds --> Main.Width detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares\Columns\Transfers --> Download detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares\Columns\Transfers --> Queue detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares\Columns\Transfers --> Upload detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares\Data --> AresNet1 detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares\Data --> JI.AresNet1 detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares\Positions\Transfers --> Download detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares\Positions\Transfers --> Queue detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares\Positions\Transfers --> Upload detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> General.AutoStartUp detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> General.LastLibraryMode detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> GUI.LastChatRoomBrowse detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> GUI.LastLibrary detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> GUI.LastPMBrowse detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> GUI.LastSearch detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Network.DHTID detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Personal.GUID detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> PrivateMessage.AwayMessage detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Stats.CAvgTime detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Stats.CDnSpeed detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Stats.CFRTime detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Stats.CTtUptime detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Stats.CUpSpeed detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Stats.HasLQCa detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Stats.LstCaQuery detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Stats.LstCaQueryInt detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Transfer.ServerPort detectado: Trace.Registry.Ares

c:\arquivos de programas\ares detectado: Trace.Directory.Ares

c:\arquivos de programas\ares\data detectado: Trace.Directory.Ares

c:\arquivos de programas\ares\data\gui detectado: Trace.Directory.Ares

c:\arquivos de programas\ares\data\gui\general detectado: Trace.Directory.Ares

c:\arquivos de programas\ares\data\gui\osthemes detectado: Trace.Directory.Ares

c:\arquivos de programas\ares\lang detectado: Trace.Directory.Ares

c:\documents and settings\beto\menu iniciar\programas\ares detectado: Trace.Directory.Ares

c:\arquivos de programas\ares\asyncex.ax detectado: Trace.File.Ares

c:\arquivos de programas\ares\chatserver.exe detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\chatlang.txt.sample detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\gui\general\buttonsbitmap.bmp detectado: Trace.File.Ares

c:\arquivos de programas\ares\data\homepage.url detectado: Trace.File.Ares

c:\arquivos de programas\ares\libfaad2.dll detectado: Trace.File.Ares

c:\arquivos de programas\ares\mp3source.ax detectado: Trace.File.Ares

c:\documents and settings\beto\menu iniciar\programas\ares\homepage.lnk detectado: Trace.File.Ares

Value: HKEY_CLASSES_ROOT\CLSID\{3E0FA044-926C-42D9-BA12-EF16E980913B}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> General.Language detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> General.MSNSongNotif detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Hashing.Priority detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Playlist.PreviousASXApp detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Playlist.PreviousM3UApp detectado: Trace.Registry.Ares

Value: HKEY_USERS\S-1-5-21-1708537768-220523388-839522115-1003\Software\Ares --> Playlist.PreviousWAXApp detectado: Trace.Registry.Ares

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E0FA044-926C-42D9-BA12-EF16E980913B}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Ares

C:\Documents and Settings\beto\Meus documentos\Meus Drivers\Nero 8\Toolbar.exe detectado: Adware.Win32.MyWebSearch

C:\Download\diversos\dual_dvd_copy_gold.exe detectado: Riskware.AdTool.Win32.WhenU.a

C:\Download\diversos\studio subtitulos.exe detectado: Adware.NewDotNet

 

Analisado

 

Arquivos: 153581

Objetos: 346276

Cookies: 11

Processos: 27

 

Encontrado

 

Arquivos: 3

Objetos: 84

Cookies: 0

Processos: 0

Chaves do registro: 0

 

Fim da análise: 26/11/2007 21:47:22

Duração da análise: 01:38:30

----------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 21:56:16, on 26/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil

 

Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil

 

Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\a-squared

 

Free\a2service.exe

C:\Arquivos de programas\Nero\Nero8\Nero

 

BackItUp\NBService.exe

C:\Arquivos de programas\CyberLink\Shared

 

Files\RichVideo.exe

C:\Arquivos de

 

programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil

 

Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil

 

Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\DOCUME~1\beto\CONFIG~1\Temp\Diretório

 

temporário 2 para hijackthis_3.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet

 

Explorer\Main,Search Page =

 

&http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet

 

Explorer\Main,Default_Page_URL =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet

 

Explorer\Main,Default_Search_URL =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet

 

Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet

 

Explorer\Main,Start Page =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 -

 

HKCU\Software\Microsoft\Windows\CurrentVersion\

 

Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) -

 

{53707962-6F74-2D53-2644-206D7942484F} -

 

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) -

 

{6EF05952-B48D-4944-AA91-57A6A1A48EF8} -

 

C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: Windows Live Sign-in Helper -

 

{9030D464-4C02-4ABF-8ECC-5164760863C6} -

 

C:\Arquivos de programas\Arquivos comuns\Microsoft

 

Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco -

 

{C41A1C0E-EA6C-11D4-B1B8-444553540008} -

 

C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O3 - Toolbar: (no name) -

 

{B99F805C-F0B1-48EA-8C8B-753BFCBED913} - (no

 

file)

O4 - HKCU\..\Run: [New Application] C:\Arquivos de

 

programas\Alwil Software\Avast4\ashAvast.exe

O4 - HKCU\..\Run: [ctfmon.exe]

 

C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: WordWeb.lnk = C:\Arquivos de

 

programas\WordWeb\wweb32.exe

O8 - Extra context menu item: E&xportar para o

 

Microsoft Excel -

 

res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE

 

/3000

O9 - Extra button: (no name) -

 

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

 

%windir%\Network Diagnostic\xpnetdiag.exe (file

 

missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

 

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

 

%windir%\Network Diagnostic\xpnetdiag.exe (file

 

missing)

O9 - Extra button: Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL]

 

International*

O14 - IERESET.INF:

 

SEARCH_PAGE_URL=&http://home.microsoft.com/intl/

 

br/access/allinone.asp

O16 - DPF:

 

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN

 

Photo Upload Tool) -

 

http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld

 

.cab

O16 - DPF:

 

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

 

(ActiveScan Installer Class) -

 

http://acs.pandasoftware.com/activescan/as5free/asin

 

st.cab

O16 - DPF:

 

{E37CB5F0-51F5-4395-A808-5FA49E399008}

 

(GbPluginObj Class) -

 

https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPl

 

uginUni.cab

O18 - Protocol: livecall -

 

{828030A1-22C1-4009-854F-8E305202313F} -

 

C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim -

 

{828030A1-22C1-4009-854F-8E305202313F} -

 

C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj -

 

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

 

C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi

 

Software GmbH - C:\Arquivos de programas\a-squared

 

Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems -

 

C:\Arquivos de programas\Arquivos comuns\Adobe

 

Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer)

 

- Unknown owner - C:\Arquivos de

 

programas\Ares\chatServer.exe (file missing)

O23 - Service: avast! iAVS4 Control Service

 

(aswUpdSv) - ALWIL Software - C:\Arquivos de

 

programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software -

 

C:\Arquivos de programas\Alwil

 

Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner -

 

C:\Arquivos de programas\Alwil

 

Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner -

 

C:\Arquivos de programas\Alwil

 

Software\Avast4\ashWebSv.exe" /service (file

 

missing)

O23 - Service: lmab_device - Unknown owner -

 

C:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG -

 

C:\Arquivos de programas\Nero\Nero8\Nero

 

BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG -

 

C:\Arquivos de programas\Arquivos

 

comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS)

 

(RichVideo) - Unknown owner - C:\Arquivos de

 

programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner -

 

C:\Arquivos de

 

programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de

 

programas\PC Connectivity Solution\ServiceLayer.exe

 

 

Espero que dê certo.

Obirgado

 

 

Bom Dia gibagiboia!

 

>@< Pelo Adicionar e Remover Programas,desinstale:

 

SUPERAntiSpyware

 

Finjan Secure Browsing

 

WordWeb

 

Windows Desktop Search 3.0.1 << Para este programa,baixe e execute o:

 

< Desinstalador >

__________________________

 

>@< Desabilite a proteção residente do Spybot.

>@< Faça o download do a-squared Free 3.0

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,clique em: Analisar agora.

>@< Procure fazer,esta análise,em Modo de Segurança!

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena.

>@< Aonde,daí,serão excluídos ou restaurados.

>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado.

 

Abraços!

[DigRam 144]

Bom Dia gibagiboia!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[gibagiboia 0]

Ola mais uma vez, e obrigado pela atenção. Ai vão os resultados:

 

ComboFix 07-11-19.4 - beto 2007-11-27 16:11:14.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1610 [GMT -2:00]

Executando de: C:\Documents and Settings\beto\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))))

.

 

2007-11-26 22:31 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

2007-11-26 22:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-11-26 20:03 <DIR> d-------- C:\Arquivos de programas\Add Remove Pro

2007-11-26 19:48 <DIR> d-------- C:\Arquivos de programas\a-squared Free

2007-11-26 13:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\ODBC

2007-11-25 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2007-11-23 21:28 3,866,656 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2007-11-23 21:28 44,828 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2007-11-23 20:33 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs

2007-11-23 20:32 <DIR> d-------- C:\WINDOWS\Internet Logs

2007-11-23 17:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-11-23 17:14 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2007-11-23 17:14 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2007-11-23 17:14 1,406 --a------ C:\WINDOWS\system32\Help.ico

2007-11-23 13:32 53,248 --a------ C:\WINDOWS\system32\lfpcx13n.dll

2007-11-20 14:17 <DIR> d-------- C:\Arquivos de programas\Plugins

2007-11-19 23:19 <DIR> d-------- C:\Arquivos de programas\Free Audio Pack

2007-11-19 18:41 <DIR> d-------- C:\Documents and Settings\beto\Incomplete

2007-11-19 18:41 <DIR> d-------- C:\Documents and Settings\beto\Dados de aplicativos\LimeWire

2007-11-19 18:38 <DIR> d-------- C:\Arquivos de programas\Java

2007-11-19 18:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2007-11-19 18:31 <DIR> d-------- C:\Arquivos de programas\LimeWire

2007-11-19 13:21 <DIR> d-------- C:\Arquivos de programas\eMule2

2007-11-18 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2007-11-18 15:29 <DIR> d-------- C:\Arquivos de programas\Avira

2007-11-12 23:19 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-11-12 23:13 <DIR> d-------- C:\Arquivos de programas\StuffPlug3

2007-11-12 23:09 <DIR> d-------- C:\Arquivos de programas\MessengerPlus! 3(2)

2007-11-12 21:38 <DIR> d-------- C:\Arquivos de programas\AVOne

2007-11-12 21:38 95 --a------ C:\WINDOWS\system32\buyurl0502.dat

2007-11-12 20:37 <DIR> d-------- C:\Arquivos de programas\eMule

2007-11-11 21:43 <DIR> d-------- C:\Tbridge

2007-11-11 21:05 <DIR> d-------- C:\Arquivos de programas\Primax.i36

2007-11-06 19:53 1,693,696 --a------ C:\WINDOWS\system32\ltclr13n.dll

2007-11-06 19:53 155,648 --a------ C:\WINDOWS\system32\lftif13n.dll

2007-11-06 19:53 98,304 --a------ C:\WINDOWS\system32\lffax13n.dll

2007-11-05 10:26 680 --a------ C:\removebrazip.bat

2007-11-05 10:08 <DIR> d-------- C:\Arquivos de programas\BraZip

2007-11-04 15:33 <DIR> d-------- C:\Documents and Settings\beto\Dados de aplicativos\Netscape

2007-11-04 15:33 <DIR> d-------- C:\Arquivos de programas\Photodex Presenter

2007-11-04 15:32 <DIR> d-------- C:\Arquivos de programas\Photodex

2007-11-04 15:28 <DIR> d-------- C:\Documents and Settings\beto\Dados de aplicativos\Photodex

2007-11-02 19:55 <DIR> d-------- C:\Arquivos de programas\DVD slideshow GUI

2007-11-02 19:28 <DIR> d-------- C:\Arquivos de programas\Flash Slideshow Maker Professional

2007-11-01 02:18 <DIR> d-------- C:\Arquivos de programas\FreshDevices

2007-10-31 17:38 <DIR> d-------- C:\Arquivos de programas\Noël Danjou

2007-10-31 15:26 <DIR> d-------- C:\Arquivos de programas\Smart Projects

2007-10-30 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-10-29 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2007-10-29 20:49 <DIR> d-------- C:\Arquivos de programas\DVD Shrink

2007-10-29 20:25 <DIR> d-------- C:\Arquivos de programas\DP_CD_DVD_Burner

2007-10-29 17:44 <DIR> d-------- C:\PSB

2007-10-29 17:43 <DIR> d-------- C:\Arquivos de programas\DVD Decrypter

2007-10-29 13:21 55,808 --a------ C:\WINDOWS\system32\lfpsd13n.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-27 14:03 --------- d-----w C:\Arquivos de programas\SUPERAntiSpyware

2007-11-27 00:21 --------- d-----w C:\Arquivos de programas\Puxa Rápido

2007-11-27 00:11 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\SUPERAntiSpyware.com

2007-11-26 20:58 --------- d-----w C:\Arquivos de programas\Finjan Secure Browsing

2007-11-26 19:09 --------- d-----w C:\Arquivos de programas\TubeSucker

2007-11-26 01:03 --------- d-----w C:\Arquivos de programas\The KMPlayer beta

2007-11-26 01:03 --------- d-----w C:\Arquivos de programas\Minilyrics

2007-11-25 16:27 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-11-24 01:30 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\CyberLink

2007-11-24 01:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2007-11-24 01:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2007-11-24 01:28 --------- d-----w C:\Arquivos de programas\FLV VideoConstructor

2007-11-22 01:47 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-11-19 21:35 --------- d-----w C:\Arquivos de programas\Free Sound Recorder

2007-11-17 17:53 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\Nero

2007-11-14 17:57 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\GlarySoft

2007-11-05 11:15 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\AdobeUM

2007-11-02 21:56 --------- d-----w C:\Arquivos de programas\AviSynth 2.5

2007-10-31 23:18 286,720 ----a-w C:\WINDOWS\iun507.exe

2007-10-29 21:14 --------- d-----w C:\Arquivos de programas\Dual Software Gold

2007-10-27 02:33 --------- d-----w C:\Arquivos de programas\AIDA32 - Network System Information

2007-10-26 05:14 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\REAPER

2007-10-26 05:14 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\NCH Swift Sound

2007-10-26 00:03 --------- d-----w C:\Arquivos de programas\Windows Desktop Search

2007-10-25 18:48 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-10-25 16:43 8,489,984 ----a-w C:\WINDOWS\system32\shell32(2)(2).dll

2007-10-24 19:37 --------- d-----w C:\Arquivos de programas\IrfanView

2007-10-24 05:07 --------- d-----w C:\Arquivos de programas\Glary Utilities

2007-10-24 02:41 --------- d-----w C:\Arquivos de programas\Gadwin Systems

2007-10-23 02:03 --------- d-----w C:\Arquivos de programas\Arial Sound Recorder

2007-10-23 01:51 --------- d-----w C:\Arquivos de programas\REAPER

2007-10-22 05:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll

2007-10-22 05:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll

2007-10-17 22:39 --------- d-----w C:\Arquivos de programas\DVD-RB

2007-10-17 22:26 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe

2007-10-17 22:26 --------- d-----w C:\Arquivos de programas\AutoGK

2007-10-17 22:24 --------- d-----w C:\Arquivos de programas\Gabest

2007-10-17 21:43 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2007-10-17 14:44 --------- d-----w C:\Arquivos de programas\NCH Swift Sound

2007-10-17 14:43 --------- d-----w C:\Arquivos de programas\RTEQ

2007-10-17 14:42 --------- d-----w C:\Arquivos de programas\LeechVideoConvert

2007-10-17 14:41 --------- d-----w C:\Arquivos de programas\NCH Software

2007-10-17 14:40 --------- d-----w C:\Arquivos de programas\AIMP2

2007-10-15 03:54 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2007-10-15 03:54 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2007-10-15 02:02 --------- d-----w C:\Arquivos de programas\Video DVD Maker

2007-10-12 17:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll

2007-10-12 17:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll

2007-10-12 04:28 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\Nokia

2007-10-10 22:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2007-10-10 02:08 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\Nokia Multimedia Player

2007-10-08 23:30 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-10-08 20:59 --------- d-----w C:\Arquivos de programas\LyricsSeeker

2007-10-08 18:18 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2007-10-07 18:00 368,640 ----a-w C:\WINDOWS\system32\ReWire.dll

2007-10-06 15:34 --------- d-----w C:\Arquivos de programas\Assistente Tecnico Speedy

2007-10-06 15:34 --------- d-----w C:\Arquivos de programas\AMP Font Viewer

2007-10-04 05:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2007-10-04 05:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-10-04 03:12 --------- d-----w C:\Arquivos de programas\Corel

2007-10-04 03:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2007-10-02 23:44 33,656 ----a-w C:\Documents and Settings\beto\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-10-02 11:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll

2007-10-01 23:38 --------- d-----w C:\Arquivos de programas\Kate's Video Toolkit

2007-10-01 14:20 --------- d-----w C:\Arquivos de programas\GameTop.com

2007-09-28 19:41 --------- d-----w C:\Arquivos de programas\Mil Incorporated

2007-09-28 17:07 --------- d-----w C:\Arquivos de programas\Primax

2007-09-28 04:59 --------- d-----w C:\Arquivos de programas\CCleaner

2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"New Application"="C:\Arquivos de programas\Alwil Software\Avast4\ashAvast.exe" [2007-09-06 07:58]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45]

"SUPERAntiSpyware"="C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

 

C:\Documents and Settings\beto\Menu Iniciar\Programas\Inicializar\

WordWeb.lnk - C:\Arquivos de programas\WordWeb\wweb32.exe [2007-09-18 11:37:23]

 

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\WINDOWS\Downloaded Program Files\gbiehuni.dll [2007-09-03 11:50 207264]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk]

backup=C:\WINDOWS\pss\Assistente Tecnico Speedy.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Detector.lnk]

backup=C:\WINDOWS\pss\Detector.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Desktop Search.lnk]

backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^beto^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atualizador - Puxa Rápido]

2006-06-23 11:53 73216 --------- C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

2007-09-06 08:06 79224 --a------ C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadCamRun]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 01:45 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]

C:\Arquivos de programas\Glary Utilities\memdefrag.exe /autostart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-05 23:55 54832 --a------ C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe /restart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

2007-04-27 16:22 312848 --a------ C:\ARQUIV~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD]

C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe /autostart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 16:10 56928 --------- C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

SkyTel.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

VTtrayp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

 

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys

S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

S3 SPCA508A;11043;C:\WINDOWS\system32\DRIVERS\SP508PIX.SYS

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-27 16:13:33

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2007-11-27 16:14:32

.

--- E O F ---

 

 

 

e o

Logfile of HijackThis v1.99.1

Scan saved at 16:24:08, on 27/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\WordWeb\wweb32.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\DOCUME~1\beto\CONFIG~1\Temp\Diretório temporário 1 para hijackthis.zip\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O3 - Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - (no file)

O4 - HKCU\..\Run: [New Application] C:\Arquivos de programas\Alwil Software\Avast4\ashAvast.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

 

 

Bom Dia gibagiboia!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[DigRam 144]

Boa Noite gibagiboia!

 

>@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix nestas entradas:

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O3 - Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - (no file)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Desktop Search.lnk

C:\WINDOWS\system32\Uninstall.ico

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\system32\pavas.ico

 

Folder::

C:\WINDOWS\system32\ActiveScan

 

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Desktop Search.lnk]

backup=""

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[gibagiboia 0]

Boa noite. Fiz o que você recomendou. Veja abaixo os resultados.

 

ComboFix 07-11-19.4 - beto 2007-11-27 19:40:32.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1560 [GMT -2:00]

Executando de: C:\Documents and Settings\beto\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\beto\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Desktop Search.lnk

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\system32\pavas.ico

C:\WINDOWS\system32\Uninstall.ico

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\ActiveScan

C:\WINDOWS\system32\ActiveScan\certdll.dll

C:\WINDOWS\system32\ActiveScan\getrootcert.cer

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\system32\pavas.ico

C:\WINDOWS\system32\Uninstall.ico

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))))

.

 

2007-11-26 22:31 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

2007-11-26 22:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2007-11-26 20:03 <DIR> d-------- C:\Arquivos de programas\Add Remove Pro

2007-11-26 19:48 <DIR> d-------- C:\Arquivos de programas\a-squared Free

2007-11-26 13:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\ODBC

2007-11-25 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2007-11-23 21:28 3,954,720 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2007-11-23 21:28 47,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2007-11-23 20:33 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs

2007-11-23 20:32 <DIR> d-------- C:\WINDOWS\Internet Logs

2007-11-23 13:32 53,248 --a------ C:\WINDOWS\system32\lfpcx13n.dll

2007-11-20 14:17 <DIR> d-------- C:\Arquivos de programas\Plugins

2007-11-19 23:19 <DIR> d-------- C:\Arquivos de programas\Free Audio Pack

2007-11-19 18:41 <DIR> d-------- C:\Documents and Settings\beto\Incomplete

2007-11-19 18:41 <DIR> d-------- C:\Documents and Settings\beto\Dados de aplicativos\LimeWire

2007-11-19 18:38 <DIR> d-------- C:\Arquivos de programas\Java

2007-11-19 18:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2007-11-19 18:31 <DIR> d-------- C:\Arquivos de programas\LimeWire

2007-11-19 13:21 <DIR> d-------- C:\Arquivos de programas\eMule2

2007-11-18 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2007-11-18 15:29 <DIR> d-------- C:\Arquivos de programas\Avira

2007-11-12 23:19 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-11-12 23:13 <DIR> d-------- C:\Arquivos de programas\StuffPlug3

2007-11-12 23:09 <DIR> d-------- C:\Arquivos de programas\MessengerPlus! 3(2)

2007-11-12 21:38 <DIR> d-------- C:\Arquivos de programas\AVOne

2007-11-12 21:38 95 --a------ C:\WINDOWS\system32\buyurl0502.dat

2007-11-12 20:37 <DIR> d-------- C:\Arquivos de programas\eMule

2007-11-11 21:43 <DIR> d-------- C:\Tbridge

2007-11-11 21:05 <DIR> d-------- C:\Arquivos de programas\Primax.i36

2007-11-06 19:53 1,693,696 --a------ C:\WINDOWS\system32\ltclr13n.dll

2007-11-06 19:53 155,648 --a------ C:\WINDOWS\system32\lftif13n.dll

2007-11-06 19:53 98,304 --a------ C:\WINDOWS\system32\lffax13n.dll

2007-11-05 10:26 680 --a------ C:\removebrazip.bat

2007-11-05 10:08 <DIR> d-------- C:\Arquivos de programas\BraZip

2007-11-04 15:33 <DIR> d-------- C:\Documents and Settings\beto\Dados de aplicativos\Netscape

2007-11-04 15:33 <DIR> d-------- C:\Arquivos de programas\Photodex Presenter

2007-11-04 15:32 <DIR> d-------- C:\Arquivos de programas\Photodex

2007-11-04 15:28 <DIR> d-------- C:\Documents and Settings\beto\Dados de aplicativos\Photodex

2007-11-02 19:55 <DIR> d-------- C:\Arquivos de programas\DVD slideshow GUI

2007-11-02 19:28 <DIR> d-------- C:\Arquivos de programas\Flash Slideshow Maker Professional

2007-11-01 02:18 <DIR> d-------- C:\Arquivos de programas\FreshDevices

2007-10-31 17:38 <DIR> d-------- C:\Arquivos de programas\No‰l Danjou

2007-10-31 15:26 <DIR> d-------- C:\Arquivos de programas\Smart Projects

2007-10-30 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-10-29 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2007-10-29 20:49 <DIR> d-------- C:\Arquivos de programas\DVD Shrink

2007-10-29 20:25 <DIR> d-------- C:\Arquivos de programas\DP_CD_DVD_Burner

2007-10-29 17:44 <DIR> d-------- C:\PSB

2007-10-29 17:43 <DIR> d-------- C:\Arquivos de programas\DVD Decrypter

2007-10-29 13:21 55,808 --a------ C:\WINDOWS\system32\lfpsd13n.dll

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-27 14:03 --------- d-----w C:\Arquivos de programas\SUPERAntiSpyware

2007-11-27 00:21 --------- d-----w C:\Arquivos de programas\Puxa Rápido

2007-11-27 00:11 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\SUPERAntiSpyware.com

2007-11-26 20:58 --------- d-----w C:\Arquivos de programas\Finjan Secure Browsing

2007-11-26 19:09 --------- d-----w C:\Arquivos de programas\TubeSucker

2007-11-26 01:03 --------- d-----w C:\Arquivos de programas\The KMPlayer beta

2007-11-26 01:03 --------- d-----w C:\Arquivos de programas\Minilyrics

2007-11-25 16:27 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-11-24 01:30 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\CyberLink

2007-11-24 01:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2007-11-24 01:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2007-11-24 01:28 --------- d-----w C:\Arquivos de programas\FLV VideoConstructor

2007-11-22 01:47 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-11-19 21:35 --------- d-----w C:\Arquivos de programas\Free Sound Recorder

2007-11-17 17:53 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\Nero

2007-11-14 17:57 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\GlarySoft

2007-11-05 11:15 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\AdobeUM

2007-11-02 21:56 --------- d-----w C:\Arquivos de programas\AviSynth 2.5

2007-10-31 23:18 286,720 ----a-w C:\WINDOWS\iun507.exe

2007-10-31 19:38 --------- d-----w C:\Arquivos de programas\Noël Danjou

2007-10-29 21:14 --------- d-----w C:\Arquivos de programas\Dual Software Gold

2007-10-27 02:33 --------- d-----w C:\Arquivos de programas\AIDA32 - Network System Information

2007-10-26 05:14 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\REAPER

2007-10-26 05:14 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\NCH Swift Sound

2007-10-26 00:03 --------- d-----w C:\Arquivos de programas\Windows Desktop Search

2007-10-25 18:48 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-10-25 16:43 8,489,984 ----a-w C:\WINDOWS\system32\shell32(2)(2).dll

2007-10-24 19:37 --------- d-----w C:\Arquivos de programas\IrfanView

2007-10-24 05:07 --------- d-----w C:\Arquivos de programas\Glary Utilities

2007-10-24 02:41 --------- d-----w C:\Arquivos de programas\Gadwin Systems

2007-10-23 02:03 --------- d-----w C:\Arquivos de programas\Arial Sound Recorder

2007-10-23 01:51 --------- d-----w C:\Arquivos de programas\REAPER

2007-10-22 05:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll

2007-10-22 05:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll

2007-10-17 22:39 --------- d-----w C:\Arquivos de programas\DVD-RB

2007-10-17 22:26 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe

2007-10-17 22:26 --------- d-----w C:\Arquivos de programas\AutoGK

2007-10-17 22:24 --------- d-----w C:\Arquivos de programas\Gabest

2007-10-17 21:43 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2007-10-17 14:44 --------- d-----w C:\Arquivos de programas\NCH Swift Sound

2007-10-17 14:43 --------- d-----w C:\Arquivos de programas\RTEQ

2007-10-17 14:42 --------- d-----w C:\Arquivos de programas\LeechVideoConvert

2007-10-17 14:41 --------- d-----w C:\Arquivos de programas\NCH Software

2007-10-17 14:40 --------- d-----w C:\Arquivos de programas\AIMP2

2007-10-15 03:54 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2007-10-15 03:54 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2007-10-15 02:02 --------- d-----w C:\Arquivos de programas\Video DVD Maker

2007-10-12 17:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll

2007-10-12 17:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll

2007-10-12 04:28 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\Nokia

2007-10-10 22:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2007-10-10 02:08 --------- d-----w C:\Documents and Settings\beto\Dados de aplicativos\Nokia Multimedia Player

2007-10-08 23:30 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-10-08 20:59 --------- d-----w C:\Arquivos de programas\LyricsSeeker

2007-10-08 18:18 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2007-10-07 18:00 368,640 ----a-w C:\WINDOWS\system32\ReWire.dll

2007-10-06 15:34 --------- d-----w C:\Arquivos de programas\Assistente Tecnico Speedy

2007-10-06 15:34 --------- d-----w C:\Arquivos de programas\AMP Font Viewer

2007-10-04 05:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2007-10-04 05:40 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-10-04 03:12 --------- d-----w C:\Arquivos de programas\Corel

2007-10-04 03:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2007-10-02 23:44 33,656 ----a-w C:\Documents and Settings\beto\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-10-02 11:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll

2007-10-01 23:38 --------- d-----w C:\Arquivos de programas\Kate's Video Toolkit

2007-10-01 14:20 --------- d-----w C:\Arquivos de programas\GameTop.com

2007-09-28 19:41 --------- d-----w C:\Arquivos de programas\Mil Incorporated

2007-09-28 17:07 --------- d-----w C:\Arquivos de programas\Primax

2007-09-28 04:59 --------- d-----w C:\Arquivos de programas\CCleaner

2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"New Application"="C:\Arquivos de programas\Alwil Software\Avast4\ashAvast.exe" [2007-09-06 07:58]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45]

"SUPERAntiSpyware"="C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

 

C:\Documents and Settings\beto\Menu Iniciar\Programas\Inicializar\

WordWeb.lnk - C:\Arquivos de programas\WordWeb\wweb32.exe [2007-09-18 11:37:23]

 

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\WINDOWS\Downloaded Program Files\gbiehuni.dll [2007-09-03 11:50 207264]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Assistente Tecnico Speedy.lnk]

backup=C:\WINDOWS\pss\Assistente Tecnico Speedy.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Detector.lnk]

backup=C:\WINDOWS\pss\Detector.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Desktop Search.lnk]

backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^beto^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atualizador - Puxa Rápido]

C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

2007-09-06 08:06 79224 --a------ C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadCamRun]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 01:45 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glary Memory Optimizer]

C:\Arquivos de programas\Glary Utilities\memdefrag.exe /autostart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-05 23:55 54832 --a------ C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe /restart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

2007-04-27 16:22 312848 --a------ C:\ARQUIV~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD]

C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe /autostart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 16:10 56928 --------- C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

SkyTel.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

VTtrayp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

 

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

S3 SPCA508A;11043;C:\WINDOWS\system32\DRIVERS\SP508PIX.SYS

 

.

**************************************************************************

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-27 19:44:13

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusÆo: 2007-11-27 19:45:35 - machine was rebooted

.

--- E O F ---

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:47:09, on 27/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\WordWeb\wweb32.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\DOCUME~1\beto\CONFIG~1\Temp\Diretório temporário 1 para hijackthis_3.zip\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O4 - HKCU\..\Run: [New Application] C:\Arquivos de programas\Alwil Software\Avast4\ashAvast.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

Vejamos o que dá pra fazer.

 

Obrigado

 

 

Boa Noite gibagiboia!

 

>@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix nestas entradas:

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O3 - Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - (no file)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Desktop Search.lnk

C:\WINDOWS\system32\Uninstall.ico

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\system32\pavas.ico

 

Folder::

C:\WINDOWS\system32\ActiveScan

 

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Desktop Search.lnk]

backup=""

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[DigRam 144]

Bom Dia gibagiboia!

 

>@< Faça um escaneamento,em Kaspersky.

>@< Poste o relatório desta verificação + HJT,atualizado.

 

Abraços!

[gibagiboia 0]

Boa tarde. Ai vão os ultimos relatos conforme pedido.

 

 

KASPERSKY ONLINE SCANNER REPORT

Wednesday, November 28, 2007 2:39:40 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 28/11/2007

Kaspersky Anti-Virus database records: 467732

 

 

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

A:\

C:\

D:\

 

Scan Statistics

Total number of scanned objects 89348

Number of viruses found 2

Number of infected objects 7

Number of suspicious objects 0

Duration of the scan process 01:44:04

 

Infected Object Name Virus Name Last Action

C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

 

C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

 

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped

 

C:\Arquivos de programas\Nero\PhotoShow 5\data\Xtras\nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

 

C:\Arquivos de programas\Nero\PhotoShow 5\data\Xtras\nero_photoshow_express_5_setup.exe NSIS: infected - 1 skipped

 

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Dados de aplicativos\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Dados de aplicativos\Microsoft\Messenger\marott170@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Dados de aplicativos\Microsoft\Messenger\marott170@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Dados de aplicativos\Microsoft\Messenger\marott170@hotmail.com\SharingMetadata\Working\database_1CEC_D431_ECD4_744\dfsr.db Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Dados de aplicativos\Microsoft\Messenger\marott170@hotmail.com\SharingMetadata\Working\database_1CEC_D431_ECD4_744\fsr.log Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Dados de aplicativos\Microsoft\Messenger\marott170@hotmail.com\SharingMetadata\Working\database_1CEC_D431_ECD4_744\fsrtmp.log Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Dados de aplicativos\Microsoft\Messenger\marott170@hotmail.com\SharingMetadata\Working\database_1CEC_D431_ECD4_744\tmp.edb Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\marott170@hotmail.com\real\members.stg Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\marott170@hotmail.com\shadow\members.stg Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Temp\~DF55AA.tmp Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Temp\~DF55C7.tmp Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Temp\~DF87CE.tmp Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Temp\~DF8833.tmp Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Temp\~DFDBA1.tmp Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Temp\~DFDBD0.tmp Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

 

C:\Documents and Settings\beto\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\beto\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\beto\Meus documentos\Meus Drivers\Nero 8\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

 

C:\Documents and Settings\beto\Meus documentos\Meus Drivers\Nero 8\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe NSIS: infected - 1 skipped

 

C:\Documents and Settings\beto\ntuser.dat Object is locked skipped

 

C:\Documents and Settings\beto\NTUSER.DAT.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

 

C:\Download\diversos\vdownloader\VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped

 

C:\Download\diversos\vdownloader.zip/VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped

 

C:\Download\diversos\vdownloader.zip ZIP: infected - 1 skipped

 

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

C:\System Volume Information\_restore{52AC1955-61F2-4B30-A9DD-459FBC10231C}\RP152\change.log Object is locked skipped

 

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

 

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

 

C:\WINDOWS\SoftwareDistribution\EventCache\{D2018788-AA32-4CA1-976B-958B76259891}.bin Object is locked skipped

 

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

 

C:\WINDOWS\Sti_Trace.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

 

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

 

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\default Object is locked skipped

 

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

 

C:\WINDOWS\system32\config\SAM Object is locked skipped

 

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\software Object is locked skipped

 

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\system Object is locked skipped

 

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

 

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

 

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

 

C:\WINDOWS\system32\h323log.txt Object is locked skipped

 

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

 

C:\WINDOWS\Temp\Perflib_Perfdata_6e0.dat Object is locked skipped

 

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

 

C:\WINDOWS\wiadebug.log Object is locked skipped

 

C:\WINDOWS\wiaservc.log Object is locked skipped

 

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

Scan process completed.

 

e

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:41:44, on 28/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\WordWeb\wweb32.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Puxa Rápido\PuxaRapido.exe

C:\DOCUME~1\beto\CONFIG~1\Temp\Diretório temporário 2 para hijackthis_3.zip\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O4 - HKCU\..\Run: [New Application] C:\Arquivos de programas\Alwil Software\Avast4\ashAvast.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

Fico no aguardo

 

Obrigado.

 

 

 

 

+++++++++++++++++++++++++++++

Bom Dia gibagiboia!

 

>@< Faça um escaneamento,em Kaspersky.

>@< Poste o relatório desta verificação + HJT,atualizado.

 

Abraços!

[DigRam 144]

Boa Tarde gibagiboia!

 

>@< Faça o download do Avenger.

>@< Descompacte-o e crie uma pasta para o programa!

>@< Coloque esta pasta no Disco Local-C ou Desktop!

>@< Rode o programa e marque Input script manually.

>@< Clique no ícone da lupa!

 

Files to delete:

C:\Arquivos de programas\Nero\PhotoShow 5\data\Xtras\nero_photoshow_express_5_setup.exe

C:\Documents and Settings\beto\Meus documentos\Meus Drivers\Nero 8\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe

C:\Download\diversos\vdownloader\VDownloader.exe

C:\Download\diversos\vdownloader.zip/VDownloader.exe

C:\Download\diversos\vdownloader.zip

>@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima!

>@< Clique em Done.

>@< Clique no ícone do semáforo!

>@< Clique em Ok.

>@< O computador irá reiniciar!

>@< Faça e poste um nôvo log do HijackThis + Avenger.txt,na sua resposta.

 

Abraços!

[gibagiboia 0]

Obrigado mais uma vez pela dedicação.

Ai vão os resultados.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:14:14, on 28/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\WordWeb\wweb32.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\DOCUME~1\beto\CONFIG~1\Temp\Diretório temporário 1 para hijackthis.zip\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O4 - HKCU\..\Run: [New Application] C:\Arquivos de programas\Alwil Software\Avast4\ashAvast.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

 

********

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\pvimohub

 

*******************

 

Script file located at: \??\C:\Documents and Settings\chvcqeve.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\Arquivos de programas\Nero\PhotoShow 5\data\Xtras\nero_photoshow_express_5_setup.exe deleted successfully.

File C:\Documents and Settings\beto\Meus documentos\Meus Drivers\Nero 8\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe deleted successfully.

File C:\Download\diversos\vdownloader\VDownloader.exe deleted successfully.

 

 

Could not open file C:\Download\diversos\vdownloader.zip/VDownloader.exe for deletion

Deletion of file C:\Download\diversos\vdownloader.zip/VDownloader.exe failed!

 

Could not process line:

C:\Download\diversos\vdownloader.zip/VDownloader.exe

Status: 0xc0000033

 

File C:\Download\diversos\vdownloader.zip deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

espero que ajude.

++++++++++++++++++++++++++++++

 

 

Boa Tarde gibagiboia!

 

>@< Faça o download do Avenger.

>@< Descompacte-o e crie uma pasta para o programa!

>@< Coloque esta pasta no Disco Local-C ou Desktop!

>@< Rode o programa e marque Input script manually.

>@< Clique no ícone da lupa!

 

Files to delete:

C:\Arquivos de programas\Nero\PhotoShow 5\data\Xtras\nero_photoshow_express_5_setup.exe

C:\Documents and Settings\beto\Meus documentos\Meus Drivers\Nero 8\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe

C:\Download\diversos\vdownloader\VDownloader.exe

C:\Download\diversos\vdownloader.zip/VDownloader.exe

C:\Download\diversos\vdownloader.zip

>@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima!

>@< Clique em Done.

>@< Clique no ícone do semáforo!

>@< Clique em Ok.

>@< O computador irá reiniciar!

>@< Faça e poste um nôvo log do HijackThis + Avenger.txt,na sua resposta.

 

Abraços!

[DigRam 144]

Bom Dia gibagiboia!

 

>@< Muitos ficheiros,detectados pelo a-squared e scan OnLine,são falsos positivos.

>@< Busque remover,apenas,os que estão em negrito!

 

C:\Download\diversos\VDownloader.exe

C:\Documents and Settings\beto\Meus documentos\Meus Drivers\Nero 8\Toolbar.exe

C:\Download\diversos\dual_dvd_copy_gold.exe

C:\Download\diversos\studio subtitulos.exe

BAIXE

 

< Advanced WindowsCare >

 

>@< Salve-o no Desktop ou Arquivos de Programa.

>@< Este programa elimina: Cookies,históricos e temporários.

>@< Procura,também,otimizar o SO e remover alguns Spywares.

>@< Recomendo o programa,a todos àqueles que têm problemas de lentidão,sem nenhuma causa aparente!

>@< Antes de executar o utilitário,crie um Ponto de Restauração do Sistema.

 

TUTORIAL

 

>1< Antes de rodar o programa,atualize o Banco de Dados: Clique em Estado.

>2< Clique em Atualizar Agora. >> Aguarde!

>3< Terminando,vá em Mais >> Clique em Limpador de Memória.

>@< Abrir-se-á a janela: Limpador de Memória.

>@< Clique em Limpar agora! Aguarde...

>@< Surgirá uma mensagem,após o término,informando a quantidade de memória liberada.

>@< Clique em Sair.

>4< Agora,o utilitário está pronto para limpar e otimizar o seu computador.

>5< Abra o programa e clique em Start >> Clique em Scan. ( Analisar )

>6< Terminando,aparecerão em vermelho,os ítens a serem removidos.

>7< Clique,agora,no botão Care. ( Reparar )

>8< Caso queira monitorar,o que será removido,clique para cada ítem,em: Show Details,antes de clicar em Reparar.

>9< Concluindo,reinicie o computador e execute,novamente,o Advanced WindowsCare.

____________________________

 

>@< Algum problema,ainda,com o computador?

>@< Pois o Log,do HijackThis,está Limpo!

 

Abraços!

[gibagiboia 0]

Ola amigo, muito obrigado pela dedicação.

 

Ainda continua sem resultado, ou seja não consigo anexar arquivos, mudar fotos do msn, orkut, papel de parede do desktop.

Ai vai o ultimo Logfile.

Passei o A.WindowsCare e achou muita coisa, eliminei todas e repassei.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:30:43, on 29/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\WordWeb\wweb32.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\DOCUME~1\beto\CONFIG~1\Temp\Diretório temporário 1 para hijackthis_3.zip\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O4 - HKCU\..\Run: [New Application] C:\Arquivos de programas\Alwil Software\Avast4\ashAvast.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

 

Aqueles arquivo de terminação Ares, será que podem ser eliminados? Já desinstalei este programa, que é um P2P.

Obrigado.

 

 

Bom Dia gibagiboia!

 

>@< Muitos ficheiros,detectados pelo a-squared e scan OnLine,são falsos positivos.

>@< Busque remover,apenas,os que estão em negrito!

 

C:\Download\diversos\VDownloader.exe

C:\Documents and Settings\beto\Meus documentos\Meus Drivers\Nero 8\Toolbar.exe

C:\Download\diversos\dual_dvd_copy_gold.exe

C:\Download\diversos\studio subtitulos.exe

BAIXE

 

< Advanced WindowsCare >

 

>@< Salve-o no Desktop ou Arquivos de Programa.

>@< Este programa elimina: Cookies,históricos e temporários.

>@< Procura,também,otimizar o SO e remover alguns Spywares.

>@< Recomendo o programa,a todos àqueles que têm problemas de lentidão,sem nenhuma causa aparente!

>@< Antes de executar o utilitário,crie um Ponto de Restauração do Sistema.

 

TUTORIAL

 

>1< Antes de rodar o programa,atualize o Banco de Dados: Clique em Estado.

>2< Clique em Atualizar Agora. >> Aguarde!

>3< Terminando,vá em Mais >> Clique em Limpador de Memória.

>@< Abrir-se-á a janela: Limpador de Memória.

>@< Clique em Limpar agora! Aguarde...

>@< Surgirá uma mensagem,após o término,informando a quantidade de memória liberada.

>@< Clique em Sair.

>4< Agora,o utilitário está pronto para limpar e otimizar o seu computador.

>5< Abra o programa e clique em Start >> Clique em Scan. ( Analisar )

>6< Terminando,aparecerão em vermelho,os ítens a serem removidos.

>7< Clique,agora,no botão Care. ( Reparar )

>8< Caso queira monitorar,o que será removido,clique para cada ítem,em: Show Details,antes de clicar em Reparar.

>9< Concluindo,reinicie o computador e execute,novamente,o Advanced WindowsCare.

____________________________

 

>@< Algum problema,ainda,com o computador?

>@< Pois o Log,do HijackThis,está Limpo!

 

Abraços!

[gibagiboia 0]

Se eu reinstalar o XP por cima eu elimino o virus? Ou terei que formatar e fazer do zero?

 

 

Ola amigo, muito obrigado pela dedicação.

 

Ainda continua sem resultado, ou seja não consigo anexar arquivos, mudar fotos do msn, orkut, papel de parede do desktop.

Ai vai o ultimo Logfile.

Passei o A.WindowsCare e achou muita coisa, eliminei todas e repassei.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:30:43, on 29/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\WordWeb\wweb32.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\DOCUME~1\beto\CONFIG~1\Temp\Diretório temporário 1 para hijackthis_3.zip\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O4 - HKCU\..\Run: [New Application] C:\Arquivos de programas\Alwil Software\Avast4\ashAvast.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

 

Aqueles arquivo de terminação Ares, será que podem ser eliminados? Já desinstalei este programa, que é um P2P.

Obrigado.

 

 

Bom Dia gibagiboia!

 

>@< Muitos ficheiros,detectados pelo a-squared e scan OnLine,são falsos positivos.

>@< Busque remover,apenas,os que estão em negrito!

 

C:\Download\diversos\VDownloader.exe

C:\Documents and Settings\beto\Meus documentos\Meus Drivers\Nero 8\Toolbar.exe

C:\Download\diversos\dual_dvd_copy_gold.exe

C:\Download\diversos\studio subtitulos.exe

BAIXE

 

< Advanced WindowsCare >

 

>@< Salve-o no Desktop ou Arquivos de Programa.

>@< Este programa elimina: Cookies,históricos e temporários.

>@< Procura,também,otimizar o SO e remover alguns Spywares.

>@< Recomendo o programa,a todos àqueles que têm problemas de lentidão,sem nenhuma causa aparente!

>@< Antes de executar o utilitário,crie um Ponto de Restauração do Sistema.

 

TUTORIAL

 

>1< Antes de rodar o programa,atualize o Banco de Dados: Clique em Estado.

>2< Clique em Atualizar Agora. >> Aguarde!

>3< Terminando,vá em Mais >> Clique em Limpador de Memória.

>@< Abrir-se-á a janela: Limpador de Memória.

>@< Clique em Limpar agora! Aguarde...

>@< Surgirá uma mensagem,após o término,informando a quantidade de memória liberada.

>@< Clique em Sair.

>4< Agora,o utilitário está pronto para limpar e otimizar o seu computador.

>5< Abra o programa e clique em Start >> Clique em Scan. ( Analisar )

>6< Terminando,aparecerão em vermelho,os ítens a serem removidos.

>7< Clique,agora,no botão Care. ( Reparar )

>8< Caso queira monitorar,o que será removido,clique para cada ítem,em: Show Details,antes de clicar em Reparar.

>9< Concluindo,reinicie o computador e execute,novamente,o Advanced WindowsCare.

____________________________

 

>@< Algum problema,ainda,com o computador?

>@< Pois o Log,do HijackThis,está Limpo!

 

Abraços!

[gibagiboia 0]

Meu ultimo logfile

 

Logfile of HijackThis v1.99.1

Scan saved at 23:47:47, on 29/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\WordWeb\wweb32.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Glary Utilities\memdefrag.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Photodex\ProShowGold\proshow.exe

C:\Arquivos de programas\Photodex\ProShowGold\pxplay.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\DOCUME~1\beto\CONFIG~1\Temp\Diretório temporário 1 para hijackthis.zip\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O4 - HKCU\..\Run: [New Application] C:\Arquivos de programas\Alwil Software\Avast4\ashAvast.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Arquivos de programas\Glary Utilities\memdefrag.exe" /autostart

O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

 

 

Se eu reinstalar o XP por cima eu elimino o virus? Ou terei que formatar e fazer do zero?

 

 

Ola amigo, muito obrigado pela dedicação.

 

Ainda continua sem resultado, ou seja não consigo anexar arquivos, mudar fotos do msn, orkut, papel de parede do desktop.

Ai vai o ultimo Logfile.

Passei o A.WindowsCare e achou muita coisa, eliminei todas e repassei.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:30:43, on 29/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\WordWeb\wweb32.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\DOCUME~1\beto\CONFIG~1\Temp\Diretório temporário 1 para hijackthis_3.zip\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O4 - HKCU\..\Run: [New Application] C:\Arquivos de programas\Alwil Software\Avast4\ashAvast.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: WordWeb.lnk = C:\Arquivos de programas\WordWeb\wweb32.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: lmab_device - Unknown owner - C:\WINDOWS\system32\LMabcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

 

 

Aqueles arquivo de terminação Ares, será que podem ser eliminados? Já desinstalei este programa, que é um P2P.

Obrigado.

 

 

Bom Dia gibagiboia!

 

>@< Muitos ficheiros,detectados pelo a-squared e scan OnLine,são falsos positivos.

>@< Busque remover,apenas,os que estão em negrito!

 

C:\Download\diversos\VDownloader.exe

C:\Documents and Settings\beto\Meus documentos\Meus Drivers\Nero 8\Toolbar.exe

C:\Download\diversos\dual_dvd_copy_gold.exe

C:\Download\diversos\studio subtitulos.exe

BAIXE

 

< Advanced WindowsCare >

 

>@< Salve-o no Desktop ou Arquivos de Programa.

>@< Este programa elimina: Cookies,históricos e temporários.

>@< Procura,também,otimizar o SO e remover alguns Spywares.

>@< Recomendo o programa,a todos àqueles que têm problemas de lentidão,sem nenhuma causa aparente!

>@< Antes de executar o utilitário,crie um Ponto de Restauração do Sistema.

 

TUTORIAL

 

>1< Antes de rodar o programa,atualize o Banco de Dados: Clique em Estado.

>2< Clique em Atualizar Agora. >> Aguarde!

>3< Terminando,vá em Mais >> Clique em Limpador de Memória.

>@< Abrir-se-á a janela: Limpador de Memória.

>@< Clique em Limpar agora! Aguarde...

>@< Surgirá uma mensagem,após o término,informando a quantidade de memória liberada.

>@< Clique em Sair.

>4< Agora,o utilitário está pronto para limpar e otimizar o seu computador.

>5< Abra o programa e clique em Start >> Clique em Scan. ( Analisar )

>6< Terminando,aparecerão em vermelho,os ítens a serem removidos.

>7< Clique,agora,no botão Care. ( Reparar )

>8< Caso queira monitorar,o que será removido,clique para cada ítem,em: Show Details,antes de clicar em Reparar.

>9< Concluindo,reinicie o computador e execute,novamente,o Advanced WindowsCare.

____________________________

 

>@< Algum problema,ainda,com o computador?

>@< Pois o Log,do HijackThis,está Limpo!

 

Abraços!

[DigRam 144]

Boa Tarde gibagiboia!

 

Aqueles arquivo de terminação Ares, será que podem ser eliminados? Já desinstalei este programa, que é um P2P.

>@< Sim! Vá à quarentena do a-squared,selecione todo o conteúdo e clique em Eliminar.

___________________________

 

Se eu reinstalar o XP por cima eu elimino o virus? Ou terei que formatar e fazer do zero?

>@< Tente,antes,um procedimento de Reparação,com o CD-ROM do Windows.

___________________________

 

>@< Se o seu computador estiver configurado,para iniciar através do Driver de CD-ROM,então insira o CD de instalação do Windows XP e reinicie o computador.

>@< Caso não esteja configurado,faça o seguinte: Entre no setup e coloque o CD-ROM,como primeira prioridade de boot.

>@< Não esqueça de salvar o procedimento!

>@< Quando surgir uma mensagem,aperte qualquer tecla para iniciar,através do CD.

>@< Aceite a solicitação: Pressione a tecla Enter para configurar o Windows XP agora.

>@< Não selecione a opção de pressionar a tecla R,para utilizar o console de recuperação.

>@< No acordo de licença do Windows XP,pressione a tecla F8 para concordar com os termos.

>@< Confira se sua instalação atual do Windows XP,está selecionada e,então aperte R para reparar o Windows XP.

>@< Siga as instruções,dadas na tela,para completar a restauração.

___________________________

 

>@< Ps: Para entrar no setup ou bios,basta somente,apertar a tecla Del durante a reinicialização.

>@< Vá a Bios e coloque o CD-ROM,como primeira prioridade de boot.

>@< Salve e siga as orientações dadas,logo àcima.

 

Abraços!

[gibagiboia 0]

Caro colega,

 

Não consigo "bootar" pelo cd. Já fiz de tudo e nada.Set up foi alterado, F8 e mesmo assim nao "boota".

Ele lê o cd e reinicia pelo HD.

O que fazer entâo?

 

 

Boa Tarde gibagiboia!

 

Aqueles arquivo de terminação Ares, será que podem ser eliminados? Já desinstalei este programa, que é um P2P.

>@< Sim! Vá à quarentena do a-squared,selecione todo o conteúdo e clique em Eliminar.

___________________________

 

Se eu reinstalar o XP por cima eu elimino o virus? Ou terei que formatar e fazer do zero?

>@< Tente,antes,um procedimento de Reparação,com o CD-ROM do Windows.

___________________________

 

>@< Se o seu computador estiver configurado,para iniciar através do Driver de CD-ROM,então insira o CD de instalação do Windows XP e reinicie o computador.

>@< Caso não esteja configurado,faça o seguinte: Entre no setup e coloque o CD-ROM,como primeira prioridade de boot.

>@< Não esqueça de salvar o procedimento!

>@< Quando surgir uma mensagem,aperte qualquer tecla para iniciar,através do CD.

>@< Aceite a solicitação: Pressione a tecla Enter para configurar o Windows XP agora.

>@< Não selecione a opção de pressionar a tecla R,para utilizar o console de recuperação.

>@< No acordo de licença do Windows XP,pressione a tecla F8 para concordar com os termos.

>@< Confira se sua instalação atual do Windows XP,está selecionada e,então aperte R para reparar o Windows XP.

>@< Siga as instruções,dadas na tela,para completar a restauração.

___________________________

 

>@< Ps: Para entrar no setup ou bios,basta somente,apertar a tecla Del durante a reinicialização.

>@< Vá a Bios e coloque o CD-ROM,como primeira prioridade de boot.

>@< Salve e siga as orientações dadas,logo àcima.

 

Abraços!