Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Rafildes

[Resolvido!] Ano errado e pg não solicitadas!

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:30:19, on 19/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\KGB\Mpk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\config\svchost.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [anhao] C:\WINDOWS\system32\config\svchost.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Arquivos de programas\ActivationManager\ActivationManager.dll.upd" "C:\Arquivos de programas\ActivationManager\ActivationManager.dll"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Arquivos de programas\KGB\Mpk.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab

O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

O23 - Service: Distributed Files Services (DBiFsi) - Unknown owner - C:\Arquivos de programas\System\svchost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 9057 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia Rafildes!

 

>@< Desinstale:

 

< ADSTechnology >

 

< ActivationManager >

 

>@< Após desinstalar,reinicie o computador e poste um nôvo log do HijackThis.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:06:57, on 27/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\KGB\Mpk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\config\svchost.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [anhao] C:\WINDOWS\system32\config\svchost.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Arquivos de programas\ActivationManager\ActivationManager.dll.upd" "C:\Arquivos de programas\ActivationManager\ActivationManager.dll"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PackageAware] "C:\Documents and Settings\Administrador\Local Settings\Application Data\PackageAware\mpa.exe"

O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Arquivos de programas\KGB\Mpk.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab

O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

O23 - Service: Distributed Files Services (DBiFsi) - Unknown owner - C:\Arquivos de programas\System\svchost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8932 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde Rafildes!

 

>@< Vá em Iniciar >> Executar >> Digite: msconfig >> Ok.

>@< Abrir-se-á o: Utilitário de configuração do sistema.

>@< Clique na aba Serviços!

>@< Desmarque a caixa referente à êste Serviço: Distributed Files Services.

>@< Clique em Aplicar >> Ok.

_____________________

 

>@< Faça o download do Avenger.

>@< Descompacte-o e crie uma pasta para o programa!

>@< Coloque esta pasta no Disco Local-C ou Desktop!

>@< Rode o programa e marque Input script manually.

>@< Clique no ícone da lupa!

 

Files to delete:

C:\Arquivos de programas\System\svchost.exe

C:\WINDOWS\system32\config\svchost.exe

C:\Arquivos de programas\ActivationManager\ActivationManager.dll

 

Folders to delete:

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ADSTechnology

>@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima!

>@< Clique em Done.

>@< Clique no ícone do semáforo!

>@< Clique em Ok.

>@< O computador irá reiniciar!

>@< Aproveite este reboot,e entre em Modo de Segurança.

>@< Abra o HijackThis,e clique em Do a system scan only.

>@< Marque as entradas,logo abaixo,e clique em Fix checked!

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [anhao] C:\WINDOWS\system32\config\svchost.exe

O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Arquivos de programas\ActivationManager\ActivationManager.dll.upd" "C:\Arquivos de programas\ActivationManager\ActivationManager.dll"

>@< Ainda em Modo Seguro,e no HijackThis,clique em: Open the misc tools section.

>@< Clique em: Delete an NT Service.

>@< Coloque o nome do Serviço: DBiFsi,na caixa.

>@< Clique em Ok.

>@< Reinicie,normalmente,o computador!

____________________

 

>@< Poste,na sua resposta: Avenger.txt + Log do HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo,

 

Quando rodo o Avenger ele aparece o seguinte erro

 

errofj6.png

 

Log do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:51:08, on 3/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\KGB\Mpk.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PackageAware] "C:\Documents and Settings\Administrador\Local Settings\Application Data\PackageAware\mpa.exe"

O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Arquivos de programas\KGB\Mpk.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab

O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8533 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia Rafildes!

 

Quando rodo o Avenger ele aparece o seguinte erro

>@< Clique em Ok,para dar continuidade...e,terminando,poste o relatório. ( Avenger.txt )

______________________

 

Desinstale: < KGB > Após desinstalar,reinicie o computador!

______________________

 

>@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix nesta entrada:

 

O4 - HKCU\..\Run: [PackageAware] "C:\Documents and Settings\Administrador\Local Settings\Application Data\PackageAware\mpa.exe"

>@< Poste,na sua resposta: Avenger.txt + HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

O Avenger depois q marco a opçao indicada e clico na lupa, aparece uma janela em branco e logo a baixo um botão DONE.

 

LOG:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:59:51, on 4/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab

O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8498 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia Rafildes!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão!

_______________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-01-04.1 - Administrador 2008-01-07 9:00:34.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.176 [GMT -2:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\1.exe

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\ActivationManager.dll

C:\Arquivos de programas\ActivationManager\ActivationManager.dll.bak

C:\Autorun.inf

C:\WINDOWS\system32\config\svchost.exe

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_NPF

-------\NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))))

.

 

2008-01-07 09:03 . 2008-01-07 09:03 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-01-07 09:03 . 2008-01-07 09:03 <DIR> d----c--- C:\Arquivos de programas\microsoft frontpage

2008-01-07 09:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-03 16:12 . 2008-01-03 16:12 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\BitTorrent

2008-01-03 16:12 . 2008-01-03 16:12 <DIR> d----c--- C:\Arquivos de programas\BitTorrent

2008-01-03 13:09 . 2008-01-03 13:09 59,931 --a--c--- C:\lojr075.prt

2007-12-27 22:46 . 2007-12-27 22:46 280 --ah-c--- C:\sqmdata03.sqm

2007-12-27 22:46 . 2007-12-27 22:46 244 --ah-c--- C:\sqmnoopt03.sqm

2007-12-27 15:22 . 2007-12-27 15:24 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-12-27 15:22 . 2007-12-27 15:23 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2007-12-27 15:22 . 2007-12-27 15:23 1,406 --a------ C:\WINDOWS\system32\Help.ico

2007-12-27 13:45 . 2007-12-27 13:46 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\SecondLife

2007-12-27 13:43 . 2007-12-27 13:43 <DIR> d----c--- C:\Arquivos de programas\KAIZEN Games

2007-12-26 19:44 . 2007-12-26 19:44 0 --ah----- C:\WINDOWS\SwSys2.bmp

2007-12-26 19:44 . 2007-12-26 19:44 0 --ah----- C:\WINDOWS\SwSys1.bmp

2007-12-26 19:43 . 2007-12-26 19:43 <DIR> d--h----- C:\Documents and Settings\All Users\Dados de aplicativos\{A3A7BCCE-9005-4A6C-82AB-8D46F544F53B}

2007-12-26 19:43 . 2007-12-26 19:43 <DIR> d----c--- C:\Arquivos de programas\visiosonic

2007-12-20 13:55 . 2007-12-20 14:00 90,243,806 --a--c--- C:\lerda.##r

2007-12-20 13:43 . 2007-12-20 13:53 600,483 --a--c--- C:\matr600.prt

2007-12-20 12:57 . 2007-12-20 13:05 9,670 --a--c--- C:\mata030.prt

2007-12-19 13:41 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2007-12-19 13:41 . 1999-06-21 05:10 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2007-12-19 13:40 . 2007-12-19 13:40 <DIR> d----c--- C:\BDE

2007-12-19 13:34 . 2007-12-19 13:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Borland Shared

2007-12-19 11:11 . 2007-12-19 11:11 <DIR> d----c--- C:\php

2007-12-19 10:57 . 2007-12-19 13:41 <DIR> d----c--- C:\BDE5202

2007-12-19 10:37 . 2007-12-19 10:37 <DIR> d----c--- C:\Arquivos de programas\PHP

2007-12-19 10:27 . 2007-12-19 10:27 <DIR> d----c--- C:\Arquivos de programas\Apache Group

2007-12-19 10:09 . 2007-12-19 10:09 <DIR> d----c--- C:\Arquivos de programas\Apache Software Foundation

2007-12-19 09:30 . 2007-12-19 09:30 <DIR> d----c--- C:\Arquivos de programas\Trend Micro

2007-12-18 11:23 . 2008-01-05 19:27 <DIR> d----c--- C:\SysLoja

2007-12-18 10:58 . 2007-12-18 10:58 <DIR> d----c--- C:\mtg

2007-12-17 19:26 . 2007-12-21 12:08 5,562 --a--c--- C:\matr580.prt

2007-12-15 09:42 . 2007-12-15 09:48 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\BitComet Turbo

2007-12-15 09:39 . 2007-12-15 09:39 <DIR> d-------- C:\WINDOWS\Sun

2007-12-15 09:31 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-12-15 09:30 . 2007-12-15 09:31 <DIR> d----c--- C:\Arquivos de programas\Java

2007-12-15 09:29 . 2007-12-15 09:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2007-12-13 21:50 . 2007-12-13 21:50 <DIR> d----c--- C:\Arquivos de programas\Nuclear Coffee

2007-12-13 08:59 . 2007-12-13 08:59 <DIR> d----c--- C:\ProgramData

2007-12-13 08:59 . 2007-12-19 15:54 <DIR> d--hs---- C:\Documents and Settings\Administrador\Dados de aplicativos\.#

2007-12-10 13:24 . 2007-12-10 14:19 0 --a------ C:\WINDOWS\system32\pqtmp.fil

2007-12-10 12:55 . 2007-12-10 14:19 <DIR> d----c--- C:\Arquivos de programas\HDD Health

2007-12-10 09:16 . 2007-12-10 13:23 821 --a------ C:\WINDOWS\system32\PQ_BATCH.PQB

2007-12-10 09:14 . 2007-12-10 09:14 <DIR> d----c--- C:\Arquivos de programas\PowerQuest

2007-12-10 09:14 . 2001-08-10 07:00 1,262,956 --------- C:\WINDOWS\system32\XMNT2001.EXE

2007-12-10 09:14 . 2001-08-10 07:00 3,252 --------- C:\WINDOWS\system32\drivers\PQNTDRV.SYS

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-07 10:14 --------- d-----w C:\Arquivos de programas\LogMeIn

2008-01-03 13:12 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-19 17:54 --------- d-sh--w C:\Documents and Settings\Administrador\Dados de aplicativos\.#

2007-12-11 00:47 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

2007-12-10 11:14 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-10 11:02 --------- d-----w C:\Arquivos de programas\UltraVNC

2007-12-04 15:18 --------- d-----w C:\Arquivos de programas\Samsung

2007-12-04 15:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2007-12-03 20:10 --------- d-----w C:\Arquivos de programas\Fake Webcam

2007-11-24 17:00 --------- d-----w C:\Arquivos de programas\CamStudio

2007-11-24 12:43 --------- d-----w C:\Arquivos de programas\Arquivos comuns\snpstd3

2007-11-22 16:58 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2007-11-22 16:57 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2007-11-22 16:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Motorola Shared

2007-11-19 17:03 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2007-11-16 18:02 --------- d-----w C:\Arquivos de programas\TechnoLogismiki

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-10 09:59 --------- d-----w C:\Arquivos de programas\eMule

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 14:59 68856]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"BitTorrent"="C:\Arquivos de programas\BitTorrent\bittorrent.exe" [2007-06-20 01:28 43008]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 08:31 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 08:27 126976]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 15:03 63048]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 20:54 3735552]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]

"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-10 15:40 20480]

"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-03-10 14:43 270336]

"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-11-21 14:52 87352 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^EPSON Status Monitor 3 Environment Check(4).lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\EPSON Status Monitor 3 Environment Check(4).lnk

backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check(4).lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl]

C:\Arquivos de programas\AVPersonal\AVGNT.EXE /min

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2004-08-04 01:45 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

C:\Arquivos de programas\eMule\emule.exe -AutoStart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]

C:\Arquivos de programas\HDD Health\hddhealth.exe -wl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Arquivos de programas\Skype\Phone\Skype.exe /nosplash /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU]

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\UIUCU.EXE -CLEAN_UP

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"DBiFsi"=2 (0x2)

 

R2 AVWUpSrv;AntiVir Update;"C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE" [2005-10-13 17:32]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2007-04-17 15:00]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 12:55]

R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 14:22]

R3 avgntdw;avgntdw;C:\Arquivos de programas\AVPersonal\AVGNTDW.SYS [2005-04-29 09:07]

R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 14:22]

S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 14:31]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

\Shell\Auto\command - C:\ah.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\Auto\command - D:\ah.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{523ddfe1-6fbc-11dc-8cc5-000d9d8f1ce9}]

\Shell\Auto\command - G:\ah.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{804e5b0f-33b8-11da-8cc8-000d9d8f1ce9}]

\Shell\Auto\command - H:\ah.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ad4d7d8-7726-11dc-8ce0-000d9d8f1ce9}]

\Shell\Auto\command - G:\ah.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe

 

*Newly Created Service* - ASPI32

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-01-04 02:00:00 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-07 11:00:00 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-06 12:00:00 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-06 13:00:00 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-06 14:00:00 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-04 15:00:00 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-04 16:00:00 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-05 17:00:00 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-05 18:00:00 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-05 19:00:00 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-04 20:00:00 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-04 03:00:00 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-06 21:00:00 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-06 22:00:00 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-06 23:00:00 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-07 00:00:00 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-07 01:00:00 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-04 04:00:00 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-04 05:00:00 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-04 06:00:00 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-04 07:00:00 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-04 08:00:00 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-04 09:00:00 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

"2008-01-06 10:00:00 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\j8Iu0J28.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-07 09:04:09

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusÆo: 2008-01-07 9:05:53 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-07 11:05:49

.

2007-12-12 21:46:09 --- E O F ---

 

 

Log HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:07:56, on 7/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\BitTorrent\bittorrent.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab

O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8534 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia Rafildes!

 

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\system32\j8Iu0J28.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Aguarde a conclusão!

________________________

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

________________________

 

>@< Poste,então: Relatório do BitDefender + ComboFix.txt + HijackThis,atualizado.

 

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:36:16, on 8/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\BitTorrent\bittorrent.exe

C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab

O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8894 bytes

 

----------------------------------------------------------------------------------------------------------------------------------------------

BitDefender Online Scanner

 

 

 

Scan report generated at: Tue, Jan 08, 2008 - 11:25:47

 

 

 

 

 

Scan path: C:\;D:\;E:\;

 

 

 

 

 

 

 

Statistics

 

Time

00:46:39

 

Files

129609

 

Folders

3953

 

Boot Sectors

3

 

Archives

2051

 

Packed Files

6951

 

 

 

 

Results

 

Identified Viruses

8

 

Infected Files

108

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

108

 

 

 

 

Engines Info

 

Virus Definitions

886469

 

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

 

Scan plugins

14

 

Archive plugins

38

 

Unpack plugins

7

 

E-mail plugins

6

 

System plugins

1

 

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

C:\ah.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\ah.exe

Disinfection failed

 

C:\ah.exe

Deleted

 

C:\Arquivos de programas\System\svchost.exe

Infected with: Backdoor.Hupigon.YLJ

 

C:\Arquivos de programas\System\svchost.exe

Deleted

 

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\9T1BL8HF\gz[1].exe

Infected with: Backdoor.Hupigon.YLJ

 

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\9T1BL8HF\gz[1].exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP163\A0049851.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP163\A0049851.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP163\A0049851.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049880.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049880.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049880.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049883.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049883.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049883.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0049887.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0049887.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0049887.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050821.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050821.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050821.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050825.exe

Infected with: Backdoor.Hupigon.YLJ

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050825.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050841.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050841.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050841.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050855.exe

Infected with: Backdoor.Hupigon.YLJ

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050855.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050856.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050856.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050856.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050872.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050872.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050872.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050894.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050894.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050894.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050909.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050909.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050909.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050923.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050923.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050923.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050938.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050938.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050938.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050965.exe

Infected with: Backdoor.Hupigon.YLJ

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050965.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050966.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050966.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050966.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050980.exe

Infected with: Backdoor.Hupigon.YLJ

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050980.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050981.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050981.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050981.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP169\A0050991.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP169\A0050991.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP169\A0050991.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP170\A0050998.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP170\A0050998.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP170\A0050998.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP171\A0051031.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP171\A0051031.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP171\A0051031.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP172\A0051042.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP172\A0051042.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP172\A0051042.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051077.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051077.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051077.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051141.exe

Infected with: Backdoor.Hupigon.YLJ

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051141.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051142.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051142.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051142.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0052140.exe

Infected with: Backdoor.Hupigon.YLJ

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0052140.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP174\A0052144.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP174\A0052144.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP174\A0052144.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052148.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052148.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052148.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052167.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052167.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052167.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052179.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052179.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052179.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052211.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052211.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052211.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052231.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052231.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052231.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052273.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052273.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052273.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052284.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052284.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052284.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052306.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052306.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052306.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052312.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052312.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052312.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052342.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052342.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052342.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052368.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052368.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052368.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052401.exe

Infected with: Dropped:Adware.BHO.WQB

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052401.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052401.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052403.exe

Detected with: Adware.BHO.WQB

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052403.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052403.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052411.exe

Infected with: Backdoor.Hupigon.YLJ

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052411.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052412.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052412.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052412.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053414.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053414.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053414.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053435.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053435.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053435.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053464.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053464.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053464.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054464.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054464.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054464.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054501.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054501.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054501.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054513.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054513.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054513.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054523.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054523.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054523.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054534.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054534.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054534.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054561.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054561.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054561.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054581.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054581.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054581.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054594.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054594.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054594.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP183\A0058674.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP183\A0058674.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP183\A0058674.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP183\A0058688.exe

Infected with: Backdoor.Hupigon.YLJ

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP183\A0058688.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059756.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059756.exe

Disinfection failed

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059756.exe

Deleted

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059757.exe

Infected with: Backdoor.Hupigon.YLJ

 

C:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059757.exe

Deleted

 

D:\ah.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\ah.exe

Disinfection failed

 

D:\ah.exe

Deleted

 

D:\Programa\pspv.zip=>pspv.exe

Infected with: Trojan.Icqsmiley.E

 

D:\Programa\pspv.zip=>pspv.exe

Disinfection failed

 

D:\Programa\pspv.zip=>pspv.exe

Deleted

 

D:\Programa\pspv.zip

Updated

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP163\A0049854.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP163\A0049854.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP163\A0049854.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049885.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049885.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP164\A0049885.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0049889.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0049889.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0049889.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050823.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050823.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP165\A0050823.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050843.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050843.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050843.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050858.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050858.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050858.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050874.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050874.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP166\A0050874.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050896.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050896.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050896.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050911.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050911.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050911.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050925.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050925.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP167\A0050925.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050940.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050940.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050940.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050968.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050968.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050968.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050983.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050983.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP168\A0050983.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP169\A0050993.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP169\A0050993.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP169\A0050993.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP170\A0051000.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP170\A0051000.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP170\A0051000.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP171\A0051033.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP171\A0051033.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP171\A0051033.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP172\A0051044.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP172\A0051044.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP172\A0051044.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051079.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051079.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051079.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051144.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051144.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP173\A0051144.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP174\A0052146.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP174\A0052146.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP174\A0052146.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052150.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052150.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052150.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052169.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052169.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052169.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052181.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052181.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052181.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052213.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052213.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052213.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052233.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052233.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052233.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052275.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052275.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP175\A0052275.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052286.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052286.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052286.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052308.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052308.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP176\A0052308.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052314.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052314.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052314.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052344.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052344.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP177\A0052344.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052370.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052370.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052370.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052414.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052414.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0052414.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053416.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053416.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053416.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053437.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053437.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053437.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053466.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053466.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0053466.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054466.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054466.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054466.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054503.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054503.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054503.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054515.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054515.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054515.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054525.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054525.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP178\A0054525.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054536.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054536.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054536.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054563.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054563.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054563.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054583.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054583.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054583.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054596.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054596.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP179\A0054596.exe

Deleted

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059758.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059758.exe

Disinfection failed

 

D:\System Volume Information\_restore{E7BDBCD6-D124-4A7C-A717-2A85F63483D7}\RP184\A0059758.exe

Deleted

 

D:\You-tube tools\allok_mp4converter liciense by Dr.XJ\allok_mp4converter.exe

Infected with: Trojan.Generic.26312

 

D:\You-tube tools\allok_mp4converter liciense by Dr.XJ\allok_mp4converter.exe

Disinfection failed

 

D:\You-tube tools\allok_mp4converter liciense by Dr.XJ\allok_mp4converter.exe

Deleted

 

D:\You-tube tools\DVT\Flash2Video.KeyMaker.exe

Infected with: Trojan.Packed.2547

 

D:\You-tube tools\DVT\Flash2Video.KeyMaker.exe

Disinfection failed

 

D:\You-tube tools\DVT\Flash2Video.KeyMaker.exe

Deleted

 

----------------------------------------------------------------------------------------------------------------------------------------------

 

ComboFix 08-01-04.1 - Administrador 2008-01-08 10:24:29.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.119 [GMT -2:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE

C:\WINDOWS\system32\j8Iu0J28.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))))

.

 

2008-01-07 15:06 . 2008-01-07 15:06 <DIR> d----c--- C:\Arquivos de programas\Palavras-Cruzadas 7.0

2008-01-07 09:05 . 2008-01-07 09:05 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-01-07 09:05 . 2008-01-07 09:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-01-07 09:05 . 2008-01-07 09:05 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Configurações locais

2008-01-07 09:05 . 2008-01-07 09:05 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-01-07 09:05 . 2008-01-07 09:05 <DIR> d-------- C:\Documents and Settings\Default User\Configurações locais

2008-01-07 09:05 . 2008-01-07 09:05 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-01-07 09:03 . 2008-01-07 09:03 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-01-07 09:03 . 2008-01-07 09:03 <DIR> d----c--- C:\Arquivos de programas\microsoft frontpage

2008-01-07 09:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-03 16:12 . 2008-01-03 16:12 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\BitTorrent

2008-01-03 16:12 . 2008-01-03 16:12 <DIR> d----c--- C:\Arquivos de programas\BitTorrent

2008-01-03 13:09 . 2008-01-03 13:09 59,931 --a--c--- C:\lojr075.prt

2007-12-27 22:46 . 2007-12-27 22:46 280 --ah-c--- C:\sqmdata03.sqm

2007-12-27 22:46 . 2007-12-27 22:46 244 --ah-c--- C:\sqmnoopt03.sqm

2007-12-27 15:22 . 2007-12-27 15:24 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-12-27 15:22 . 2007-12-27 15:23 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2007-12-27 15:22 . 2007-12-27 15:23 1,406 --a------ C:\WINDOWS\system32\Help.ico

2007-12-27 13:45 . 2007-12-27 13:46 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\SecondLife

2007-12-27 13:43 . 2007-12-27 13:43 <DIR> d----c--- C:\Arquivos de programas\KAIZEN Games

2007-12-26 19:44 . 2007-12-26 19:44 0 --ah----- C:\WINDOWS\SwSys2.bmp

2007-12-26 19:44 . 2007-12-26 19:44 0 --ah----- C:\WINDOWS\SwSys1.bmp

2007-12-26 19:43 . 2007-12-26 19:43 <DIR> d--h----- C:\Documents and Settings\All Users\Dados de aplicativos\{A3A7BCCE-9005-4A6C-82AB-8D46F544F53B}

2007-12-26 19:43 . 2007-12-26 19:43 <DIR> d----c--- C:\Arquivos de programas\visiosonic

2007-12-20 13:55 . 2007-12-20 14:00 90,243,806 --a--c--- C:\lerda.##r

2007-12-20 13:43 . 2007-12-20 13:53 600,483 --a--c--- C:\matr600.prt

2007-12-20 12:57 . 2007-12-20 13:05 9,670 --a--c--- C:\mata030.prt

2007-12-19 13:41 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2007-12-19 13:41 . 1999-06-21 05:10 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2007-12-19 13:40 . 2007-12-19 13:40 <DIR> d----c--- C:\BDE

2007-12-19 13:34 . 2007-12-19 13:34 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Borland Shared

2007-12-19 11:11 . 2007-12-19 11:11 <DIR> d----c--- C:\php

2007-12-19 10:57 . 2007-12-19 13:41 <DIR> d----c--- C:\BDE5202

2007-12-19 10:37 . 2007-12-19 10:37 <DIR> d----c--- C:\Arquivos de programas\PHP

2007-12-19 10:27 . 2007-12-19 10:27 <DIR> d----c--- C:\Arquivos de programas\Apache Group

2007-12-19 10:09 . 2007-12-19 10:09 <DIR> d----c--- C:\Arquivos de programas\Apache Software Foundation

2007-12-19 09:30 . 2007-12-19 09:30 <DIR> d----c--- C:\Arquivos de programas\Trend Micro

2007-12-18 11:23 . 2008-01-05 19:27 <DIR> d----c--- C:\SysLoja

2007-12-18 10:58 . 2007-12-18 10:58 <DIR> d----c--- C:\mtg

2007-12-17 19:26 . 2007-12-21 12:08 5,562 --a--c--- C:\matr580.prt

2007-12-15 09:42 . 2007-12-15 09:48 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\BitComet Turbo

2007-12-15 09:39 . 2007-12-15 09:39 <DIR> d-------- C:\WINDOWS\Sun

2007-12-15 09:31 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-12-15 09:30 . 2007-12-15 09:31 <DIR> d----c--- C:\Arquivos de programas\Java

2007-12-15 09:29 . 2007-12-15 09:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2007-12-13 21:50 . 2007-12-13 21:50 <DIR> d----c--- C:\Arquivos de programas\Nuclear Coffee

2007-12-13 08:59 . 2007-12-13 08:59 <DIR> d----c--- C:\ProgramData

2007-12-13 08:59 . 2007-12-19 15:54 <DIR> d--hs---- C:\Documents and Settings\Administrador\Dados de aplicativos\.#

2007-12-10 13:24 . 2007-12-10 14:19 0 --a------ C:\WINDOWS\system32\pqtmp.fil

2007-12-10 12:55 . 2007-12-10 14:19 <DIR> d----c--- C:\Arquivos de programas\HDD Health

2007-12-10 09:16 . 2007-12-10 13:23 821 --a------ C:\WINDOWS\system32\PQ_BATCH.PQB

2007-12-10 09:14 . 2007-12-10 09:14 <DIR> d----c--- C:\Arquivos de programas\PowerQuest

2007-12-10 09:14 . 2001-08-10 07:00 1,262,956 --------- C:\WINDOWS\system32\XMNT2001.EXE

2007-12-10 09:14 . 2001-08-10 07:00 3,252 --------- C:\WINDOWS\system32\drivers\PQNTDRV.SYS

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-08 10:29 --------- d-----w C:\Arquivos de programas\LogMeIn

2008-01-03 13:12 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-19 17:54 --------- d-sh--w C:\Documents and Settings\Administrador\Dados de aplicativos\.#

2007-12-11 00:47 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

2007-12-10 11:14 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-10 11:02 --------- d-----w C:\Arquivos de programas\UltraVNC

2007-12-04 15:18 --------- d-----w C:\Arquivos de programas\Samsung

2007-12-04 15:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2007-12-03 20:10 --------- d-----w C:\Arquivos de programas\Fake Webcam

2007-11-24 17:00 --------- d-----w C:\Arquivos de programas\CamStudio

2007-11-24 12:43 --------- d-----w C:\Arquivos de programas\Arquivos comuns\snpstd3

2007-11-22 16:58 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2007-11-22 16:57 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2007-11-22 16:41 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Motorola Shared

2007-11-19 17:03 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2007-11-16 18:02 --------- d-----w C:\Arquivos de programas\TechnoLogismiki

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-10 09:59 --------- d-----w C:\Arquivos de programas\eMule

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 14:59 68856]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"BitTorrent"="C:\Arquivos de programas\BitTorrent\bittorrent.exe" [2007-06-20 01:28 43008]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 08:31 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 08:27 126976]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]

"LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 15:03 63048]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 20:54 3735552]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]

"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-10 15:40 20480]

"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-03-10 14:43 270336]

"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 09:07 827392]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-11-21 14:52 87352 C:\WINDOWS\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^EPSON Status Monitor 3 Environment Check(4).lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\EPSON Status Monitor 3 Environment Check(4).lnk

backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check(4).lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

AGRSMMSG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl]

C:\Arquivos de programas\AVPersonal\AVGNT.EXE /min

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2004-08-04 01:45 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

C:\Arquivos de programas\eMule\emule.exe -AutoStart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]

C:\Arquivos de programas\HDD Health\hddhealth.exe -wl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Arquivos de programas\Skype\Phone\Skype.exe /nosplash /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU]

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\UIUCU.EXE -CLEAN_UP

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"DBiFsi"=2 (0x2)

 

R2 AVWUpSrv;AntiVir Update;"C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE" [2005-10-13 17:32]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2007-04-17 15:00]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 12:55]

R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 14:22]

R3 avgntdw;avgntdw;C:\Arquivos de programas\AVPersonal\AVGNTDW.SYS [2005-04-29 09:07]

R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 14:22]

S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 14:31]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{523ddfe1-6fbc-11dc-8cc5-000d9d8f1ce9}]

\Shell\Auto\command - G:\ah.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{804e5b0f-33b8-11da-8cc8-000d9d8f1ce9}]

\Shell\Auto\command - H:\ah.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ad4d7d8-7726-11dc-8ce0-000d9d8f1ce9}]

\Shell\Auto\command - G:\ah.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ah.exe

 

*Newly Created Service* - ASPI32

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-08 10:28:50

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusÆo: 2008-01-08 10:30:47 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-08 12:30:43

.

2007-12-12 21:46:09 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde Rafildes!

 

>@< Faça o download do Mx One 3.0.0

>@< Para baixar,clique em: Descargar

>@< Salve o utilitário em C:\mxone.zip

>@< Descompacte-o para uma pasta própria. << Reserve!

________________________

 

>@< Reinicie o computador em Modo de Segurança.

>@< Clique com o direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema.

>@< Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

>@< Rode,agora,o seu Antivírus ( AVIRA ) e,tudo que encontrar,envie para a quarentena.

>@< Desmarque,novamente,a RS >> Aplicar >> Ok.

>@< Reinicie em Modo Normal.

________________________

 

>@< Faça outro scan em BitDefender,e poste o relatório. Delete o antigo!

________________________

 

>@< Agora,já podemos instalar a proteção anti-worm,que se instalam em memórias USB.

>@< No Asistente de Instalacion Mx One,escolha: Instalador Mx One Guardian

>@< Pelo worm detectado,voçê utiliza ou utilizou unidades de drivers removíveis.

>@< Mantenha a proteção Mx One Guardian Tiempo Real,ativada.

>@< Procure,também,atualizar o programa,sempre que houver disponibilidade!

_______________________

 

>@< Poste,na sua resposta: Relatório do BitDefender + HJT,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

BitDefender Online Scanner

 

 

 

Scan report generated at: Thu, Dec 27, 2007 - 09:37:30

 

 

 

 

 

Scan path: C:\;D:\;E:\;G:\;

 

 

 

 

 

 

 

Statistics

 

Time

00:43:20

 

Files

112676

 

Folders

3873

 

Boot Sectors

8

 

Archives

1174

 

Packed Files

6428

 

 

 

 

Results

 

Identified Viruses

3

 

Infected Files

4

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

3

 

 

 

 

Engines Info

 

Virus Definitions

887223

 

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

 

Scan plugins

14

 

Archive plugins

38

 

Unpack plugins

7

 

E-mail plugins

6

 

System plugins

1

 

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

C:\ah.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\ah.exe

Disinfection failed

 

C:\ah.exe

Deleted

 

C:\WINDOWS\system32\config\svchost.exe

Infected with: Win32.Worm.Autoruner.W

 

C:\WINDOWS\system32\config\svchost.exe

Disinfection failed

 

C:\WINDOWS\system32\config\svchost.exe

Delete failed

 

D:\ah.exe

Infected with: Win32.Worm.Autoruner.W

 

D:\ah.exe

Disinfection failed

 

D:\ah.exe

Deleted

 

G:\ah.exe

Infected with: Win32.Worm.Autoruner.W

 

G:\ah.exe

Disinfection failed

 

G:\ah.exe

Deleted

-----------------------------------------------------------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:37:41, on 27/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\config\svchost.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\BitTorrent\bittorrent.exe

C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Mx One\mogtr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\v7020\DMMultiView\multiview.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [anhao] C:\WINDOWS\system32\config\svchost.exe

O4 - HKLM\..\Run: [Mx_One_Guardian_Tiempo_Real] C:\Arquivos de programas\Mx One\mogtr.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab

O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\ARQUIVOS DE PROGRAMAS\AVPERSONAL\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 9176 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Depois dessas alterações feitas, para abrir as paginas de internet está demorando muito. e como a restaudação do sistema tinha sido destivada, não possuo nenhum ponto para retornar. oq posso fazer?

Compartilhar este post


Link para o post
Compartilhar em outros sites
Depois dessas alterações feitas, para abrir as paginas de internet está demorando muito. e como a restaudação do sistema tinha sido destivada, não possuo nenhum ponto para retornar. oq posso fazer?

_______________

 

Boa Tarde Rafildes!

 

>@< De quantos segundos,é o tempo de espera,para a abertura das páginas?

_______________

 

>@< Cole,todo o conteúdo que está abaixo da palavra quote,para o Bloco de Notas.

 

@echo off

DEL /Q /S C:\WINDOWS\system32\config\svchost.exe

@pause

>@< Salve-o,no Desktop,como "Del.bat"

>@< É importante que o nome fique,entre aspas.

>@< Reinicie o computador,em Modo de Segurança.

>@< Dê um duplo clique em "Del.bat",para executá-lo.

>@< Ps:Execute-o apenas uma vez!

>@< Abra o HijackThis e clique em,Do a system scan only.

>@< Marque a entrada,logo abaixo,e clique em Fix checked.

 

O4 - HKLM\..\Run: [anhao] C:\WINDOWS\system32\config\svchost.exe

>@< Reinicie em Modo Normal!

_______________

 

>@< Poste,na sua resposta,um novo Log do HijackThis.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

É uma questão que quase um minuto, coisa muito lenta mesmo, tipo abre o IE, ai trava fica como "IE Não Responde", ai depois de mais de 40s abre a pagina e começa a carregar.

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:15:40, on 27/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Mx One\mogtr.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.4.6:80

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Mx_One_Guardian_Tiempo_Real] C:\Arquivos de programas\Mx One\mogtr.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://192.168.0.49:10080/cab/OCXChecker_6110.cab

O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://192.168.0.49:10080/cab/DownloadFile_7000.cab

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\ARQUIVOS DE PROGRAMAS\AVPERSONAL\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8549 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde Rafildes!

 

>@< Desinstale: < Google >

>@< Após desinstalar,reinicie o computador.

 

<!> Este procedimento,muitas vezes,concorre para um significativo aumento,na abertura do IE.

_______________________

 

>@< Vá ao Editor do Registro e,navegue até:

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace

 

>@< Busque na coluna,à direita,a chave: Classld Key {D6277990-4C6A-11CF-8D87-00AA0060F5BF}

>@< Procure deletar essa chave!

>@< Saia do Registro e veja se houve um aumento,no carregamento do IE.

______________________

 

>@< Aguardo retorno!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.