[Resolvido!]Não consigo instalar anti-virus e meu pc ta muito lent

[lilicatj 0]

Ja ha alguns dias meu computador ta extremamente lento.

Abrem páginas do nada... tb se fecham do nada.

 

Fui tentar reinstalar meu anti-virus e não consegui. Nenhum instala.

Nem antivirus on line consegui passar.

Depois de muito queimar a cabeça, resolvi pedir ajuda.

 

 

Ai vai o log do hijackthis: (é isso mesmo?)

 

Logfile of HijackThis v1.99.1

Scan saved at 03:01:29, on 18/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

F:\programas\adaw\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cmpe.exe

C:\WINDOWS\system32\xfqqkcgv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\lxcycoms.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Mixer.exe

C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe

C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe

C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miguelmeuanjinho.blogspot.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe

O4 - HKLM\..\Run: [Microsoft System Service] dnservice.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "F:\programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [lxcymon.exe] "C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [1cd84bff] rundll32.exe "C:\WINDOWS\system32\skyeacgd.dll",b

O4 - HKLM\..\Run: [bM1feb7863] Rundll32.exe "C:\WINDOWS\system32\fwdapeip.dll",s

O4 - HKLM\..\RunServices: [Microsoft System Service] dnservice.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [VoipDiscount] "C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: TVRMVCR.lnk = C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE

O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download with GetRight - F:\programas\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - F:\programas\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191260282687

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\programas\adaw\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Unknown owner - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\System32\cmpe.exe

O23 - Service: DomainService - - C:\WINDOWS\system32\xfqqkcgv.exe

O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

O23 - Service: NBService - Nero AG - F:\programas\nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

[DigRam 144]

Bom Dia lilicatj!

 

O computador apresenta variados tipos de infecções e,uma delas é o Vundo.Teremos que executar algumas ferramentas de remoção e,posteriormente,repeti-las.

_____________________

 

>@< Vá em Iniciar >> Executar >> Digite: services.msc >> Ok.

>@< Procure por: DomainService

>@< Dê dois cliques e troque/mude o Tipo de Inicialização,para: Desativado.

_____________________

 

>@< Faça o download do VundoFix.

>@< Salve-o no Desktop!

>@< Execute o VundoFix.exe

>@< Quando o VundoFix abrir,novamente, clique em Scan for Vundo.

>@< Quando ele terminar, clique em Remove Vundo.

>@< Você receberá um prompt perguntando se quer remover os arquivos. Confirme!

>@< Sua área de trabalho vai desaparecer!

>@< Surgirá um aviso dizendo que seu computador deve ser desligado.

>@< Clique em OK e depois,ligue o computador novamente!

>@< É possível que o VundoFix encontre um arquivo, mas não consiga removê-lo. Se isso acontecer, a ferramenta rodará ao reiniciar.

>@< Quando o VundoFix aparecer, clique no botão Scan for Vundo para repetir o processo.

>@< Quando o VundoFix não encontrar mais nenhum arquivo,que não consiga remover,poste o seu relatório ( Log ) que se encontra em C:\Vundofix.txt <!>

______________________

 

>@< Poste,também,um nôvo Log do HijackThis.

 

 

Abraços!

[lilicatj 0]

Bom dia, DigRam

Ai vão os logs...

 

VundoFix V6.7.7

 

Checking Java version...

 

Sun Java not detected

Scan started at 11:58:02 18/1/2008

 

Listing files found while scanning....

 

C:\WINDOWS\system32\aabmcdah.exe

C:\WINDOWS\system32\abplaeng.dll

C:\WINDOWS\system32\ainotdwt.dll

C:\WINDOWS\system32\amheeemb.ini

C:\WINDOWS\system32\aninmosk.exe

C:\WINDOWS\system32\aqcnsfcs.dll

C:\WINDOWS\system32\atjdmvgv.dll

C:\WINDOWS\system32\awtsq.dll

C:\WINDOWS\system32\awtsr.dll

C:\windows\system32\awtss.dll

C:\WINDOWS\system32\awtst.dll

C:\WINDOWS\system32\awvts.dll

C:\WINDOWS\system32\awvvw.dll

C:\WINDOWS\system32\awywuggm.dll

C:\WINDOWS\system32\axdimyau.exe

C:\WINDOWS\system32\bayjrsyc.dll

C:\WINDOWS\system32\bfhachfa.exe

C:\WINDOWS\system32\bhbwjfpd.dll

C:\WINDOWS\system32\bhgmxaxu.dll

C:\WINDOWS\system32\bjxcvyqk.dll

C:\WINDOWS\system32\bmeeehma.dll

C:\WINDOWS\system32\bqymqsie.dll

C:\WINDOWS\system32\bsomaiot.dll

C:\WINDOWS\system32\bxihnmjx.dll

C:\WINDOWS\system32\caaqfvis.dll

C:\WINDOWS\system32\cagixgax.dll

C:\WINDOWS\system32\cdqxhfkc.dll

C:\WINDOWS\system32\cekyigys.exe

C:\WINDOWS\system32\ckkeqstc.exe

C:\WINDOWS\system32\cmvhhlql.exe

C:\WINDOWS\system32\cnjmfiht.dll

C:\WINDOWS\system32\cnyqtigy.dll

C:\WINDOWS\system32\crpcacvu.dll

C:\WINDOWS\system32\csrivqkd.dll

C:\WINDOWS\system32\csuyiqvd.exe

C:\WINDOWS\system32\cysrjyab.ini

C:\WINDOWS\system32\dcloejem.dll

C:\windows\system32\ddabb.dll

C:\WINDOWS\system32\ddabx.dll

C:\WINDOWS\system32\ddaby.dll

C:\WINDOWS\system32\ddagprfh.dll

C:\WINDOWS\system32\ddayv.dll

C:\WINDOWS\system32\ddayw.dll

C:\windows\system32\ddccd.dll

C:\WINDOWS\system32\ddccy.dll

C:\WINDOWS\system32\ddcyx.dll

C:\WINDOWS\system32\dhodklsn.exe

C:\WINDOWS\system32\dilfmorq.dll

C:\WINDOWS\system32\dkarusks.dll

C:\WINDOWS\system32\dkxdkxev.dll

C:\WINDOWS\system32\dqmavufb.dll

C:\WINDOWS\system32\drwxgfqf.exe

C:\WINDOWS\system32\dushtnjp.exe

C:\WINDOWS\system32\dvntbxhh.exe

C:\WINDOWS\system32\ebfstigu.dll

C:\WINDOWS\system32\egmcynwu.exe

C:\WINDOWS\system32\eigqagtw.dll

C:\WINDOWS\system32\eweyslox.exe

C:\WINDOWS\system32\ewxqjfyp.dll

C:\WINDOWS\system32\eyclkjql.dll

C:\WINDOWS\system32\fbhbyoli.exe

C:\WINDOWS\system32\fdulmssa.dll

C:\WINDOWS\system32\fkcbrfvj.dll

C:\WINDOWS\system32\fkilipqe.dll

C:\WINDOWS\system32\fktrypga.exe

C:\WINDOWS\system32\fmebfxqr.exe

C:\WINDOWS\system32\fngbkufg.dll

C:\WINDOWS\system32\fuefxgyx.exe

C:\WINDOWS\system32\fwdapeip.dll

C:\WINDOWS\system32\gagjbmjr.dll

C:\WINDOWS\system32\gdqieaxt.dll

C:\WINDOWS\system32\gebca.dll

C:\WINDOWS\system32\gebcc.dll

C:\WINDOWS\system32\gebcy.dll

C:\windows\system32\gebyw.dll

C:\WINDOWS\system32\gebyx.dll

C:\WINDOWS\system32\geebc.dll

C:\windows\system32\geeda.dll

C:\WINDOWS\system32\geedd.dll

C:\WINDOWS\system32\geede.dll

C:\WINDOWS\system32\ggeiidek.dll

C:\WINDOWS\system32\glqqrmdd.exe

C:\WINDOWS\system32\haubakpn.dll

C:\WINDOWS\system32\hdkyucfe.dll

C:\WINDOWS\system32\helehhyy.exe

C:\WINDOWS\system32\hgmqkapw.dll

C:\WINDOWS\system32\hgslfuto.dll

C:\WINDOWS\system32\hiwsbiov.dll

C:\WINDOWS\system32\hlqavral.dll

C:\WINDOWS\system32\hohgrhhd.dll

C:\WINDOWS\system32\hptjtnxo.dll

C:\WINDOWS\system32\hqbedlpq.dll

C:\WINDOWS\system32\htqhqpfv.dll

C:\WINDOWS\system32\hvwwqpre.exe

C:\WINDOWS\system32\hybitebs.exe

C:\WINDOWS\system32\idphnvmg.dll

C:\WINDOWS\system32\iifgfgh.dll

C:\WINDOWS\system32\innvhofe.dll

C:\WINDOWS\system32\ioqqenmh.exe

C:\WINDOWS\system32\iyicwglb.dll

C:\WINDOWS\system32\jbfoxbhi.dll

C:\WINDOWS\system32\jihfxjkw.exe

C:\WINDOWS\system32\jkhfd.dll

C:\windows\system32\jkhff.dll

C:\WINDOWS\system32\jkhfg.dll

C:\windows\system32\jkhhe.dll

C:\windows\system32\jkhhh.dll

C:\windows\system32\jkklk.dll

C:\WINDOWS\system32\jkklm.dll

C:\WINDOWS\system32\jltqcuvm.dll

C:\WINDOWS\system32\joscwlic.exe

C:\WINDOWS\system32\jshwsjlc.dll

C:\WINDOWS\system32\jxelgcgt.exe

C:\WINDOWS\system32\kciffxsh.dll

C:\WINDOWS\system32\kdsbyttl.dll

C:\WINDOWS\system32\kjdwhijq.exe

C:\windows\system32\kmllm.bak1

C:\windows\system32\kmllm.bak2

C:\windows\system32\kmllm.ini

C:\windows\system32\kmllm.ini2

C:\windows\system32\kmllm.tmp

C:\WINDOWS\system32\kngmhegu.exe

C:\WINDOWS\system32\kqyvcxjb.ini

C:\WINDOWS\system32\kthssdhv.dll

C:\WINDOWS\system32\ktirrwgx.dll

C:\WINDOWS\system32\kxprldya.dll

C:\WINDOWS\system32\lagmabrv.exe

C:\WINDOWS\system32\lclghcne.exe

C:\WINDOWS\system32\liggehyc.dll

C:\WINDOWS\system32\lixbnaav.dll

C:\WINDOWS\system32\lvdvaxiw.exe

C:\WINDOWS\system32\lxmeuxta.dll

C:\WINDOWS\system32\lyghkjmt.dll

C:\WINDOWS\system32\mbwmuphu.dll

C:\WINDOWS\system32\mduiqmch.dll

C:\WINDOWS\system32\mgguwywa.ini

C:\WINDOWS\system32\micfkise.dll

C:\WINDOWS\system32\mljgf.dll

C:\WINDOWS\system32\mljgh.dll

C:\windows\system32\mljjk.dll

C:\WINDOWS\system32\mlljh.dll

C:\WINDOWS\system32\mlljj.dll

C:\WINDOWS\system32\mlljk.dll

C:\WINDOWS\system32\mllmj.dll

C:\WINDOWS\system32\mllmk.dll

C:\WINDOWS\system32\moxqstdi.dll

C:\WINDOWS\system32\mylpwelq.dll

C:\WINDOWS\system32\nekkywcq.dll

C:\WINDOWS\system32\ngpxmgfq.dll

C:\WINDOWS\system32\ngysttge.dll

C:\WINDOWS\system32\nwbiywna.exe

C:\WINDOWS\system32\oerijbup.exe

C:\WINDOWS\system32\ojtmknux.dll

C:\WINDOWS\system32\otdtminl.dll

C:\WINDOWS\system32\pafkhnld.dll

C:\WINDOWS\system32\paypgbsp.dll

C:\WINDOWS\system32\pgvrrxdo.dll

C:\WINDOWS\system32\pljnstiy.dll

C:\WINDOWS\system32\pmkhe.dll

C:\WINDOWS\system32\pmkhf.dll

C:\WINDOWS\system32\pmkhi.dll

C:\WINDOWS\system32\pmkjg.dll

C:\WINDOWS\system32\pmkjj.dll

C:\WINDOWS\system32\powyhnah.dll

C:\WINDOWS\system32\pviytkhp.dll

C:\WINDOWS\system32\qdubufdm.exe

C:\WINDOWS\system32\qgnbbnqk.dll

C:\WINDOWS\system32\qkpnskcx.dll

C:\WINDOWS\system32\qkufypfa.dll

C:\WINDOWS\system32\qpgeanpq.dll

C:\WINDOWS\system32\rhfurbpv.exe

C:\WINDOWS\system32\rhhifjkc.exe

C:\WINDOWS\system32\rlipeosf.dll

C:\WINDOWS\system32\rmeftjek.dll

C:\WINDOWS\system32\rsiucini.dll

C:\WINDOWS\system32\ruxyulub.exe

C:\WINDOWS\system32\rvtqrvfd.dll

C:\WINDOWS\system32\shdkxwmv.dll

C:\WINDOWS\system32\smntadny.exe

C:\WINDOWS\system32\smpexhsr.dll

C:\WINDOWS\system32\ssqpm.dll

C:\WINDOWS\system32\ssqpn.dll

C:\WINDOWS\system32\ssqrp.dll

C:\WINDOWS\system32\ssqrq.dll

C:\windows\system32\ssqrr.dll

C:\WINDOWS\system32\sstqn.dll

C:\windows\system32\sstqo.dll

C:\windows\system32\sstqp.dll

C:\WINDOWS\system32\sstqr.dll

C:\WINDOWS\system32\ssttq.dll

C:\WINDOWS\system32\ssttr.dll

C:\WINDOWS\system32\sstts.dll

C:\WINDOWS\system32\ssttt.dll

C:\WINDOWS\system32\ssttu.dll

C:\WINDOWS\system32\svknjxni.dll

C:\WINDOWS\system32\tfrodmfb.dll

C:\WINDOWS\system32\tllarppe.dll

C:\WINDOWS\system32\tqgkcdpl.dll

C:\WINDOWS\system32\tsfpdsto.dll

C:\WINDOWS\system32\ttovfjop.dll

C:\WINDOWS\system32\tvwmouno.dll

C:\WINDOWS\system32\ufneugiq.dll

C:\WINDOWS\system32\ukihbwcj.dll

C:\WINDOWS\system32\upohaxyr.exe

C:\WINDOWS\system32\uppiqbhl.dll

C:\WINDOWS\system32\urigrnic.dll

C:\WINDOWS\system32\uwdvsskq.exe

C:\WINDOWS\system32\uxpawdsw.exe

C:\WINDOWS\system32\vgvmdjta.ini

C:\WINDOWS\system32\vilfpqwh.exe

C:\WINDOWS\system32\vmyvvdcb.dll

C:\WINDOWS\system32\vqavwkkt.dll

C:\WINDOWS\system32\vslxavvb.exe

C:\WINDOWS\system32\vtnjiaia.dll

C:\WINDOWS\system32\vtsqo.dll

C:\windows\system32\vtsqp.dll

C:\WINDOWS\system32\vtstt.dll

C:\windows\system32\vtstu.dll

C:\WINDOWS\system32\vturo.dll

C:\WINDOWS\system32\vturq.dll

C:\windows\system32\vtutq.dll

C:\WINDOWS\system32\vtutr.dll

C:\WINDOWS\system32\vtutt.dll

C:\WINDOWS\system32\vtutu.dll

C:\WINDOWS\system32\wdoroyve.dll

C:\WINDOWS\system32\wklisalw.dll

C:\WINDOWS\system32\wkxludql.dll

C:\WINDOWS\system32\wlswarwy.dll

C:\WINDOWS\system32\wmosjnxq.dll

C:\WINDOWS\system32\wnqaftmb.dll

C:\WINDOWS\system32\wuuydgnb.dll

C:\WINDOWS\system32\xaihsokf.dll

C:\WINDOWS\system32\xfqqkcgv.exe

C:\WINDOWS\system32\xikojbju.dll

C:\WINDOWS\system32\xkkrfbvg.dll

C:\WINDOWS\system32\xqgfbouk.dll

C:\WINDOWS\system32\ydngatpl.dll

C:\WINDOWS\system32\yeiwyawc.dll

C:\WINDOWS\system32\ygdwmmrn.dll

C:\WINDOWS\system32\yjbbilof.dll

C:\WINDOWS\system32\yksbjogb.dll

C:\WINDOWS\system32\ylavoyqo.dll

C:\WINDOWS\system32\yqotdolj.dll

C:\WINDOWS\system32\yyfwjpow.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\aabmcdah.exe

C:\WINDOWS\system32\aabmcdah.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\abplaeng.dll

C:\WINDOWS\system32\abplaeng.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ainotdwt.dll

C:\WINDOWS\system32\ainotdwt.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\amheeemb.ini

C:\WINDOWS\system32\amheeemb.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\aninmosk.exe

C:\WINDOWS\system32\aninmosk.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\aqcnsfcs.dll

C:\WINDOWS\system32\aqcnsfcs.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\atjdmvgv.dll

C:\WINDOWS\system32\atjdmvgv.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\awtsq.dll

C:\WINDOWS\system32\awtsq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\awtsr.dll

C:\WINDOWS\system32\awtsr.dll Has been deleted!

 

Attempting to delete C:\windows\system32\awtss.dll

C:\windows\system32\awtss.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\awtst.dll

C:\WINDOWS\system32\awtst.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\awvts.dll

C:\WINDOWS\system32\awvts.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\awvvw.dll

C:\WINDOWS\system32\awvvw.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\awywuggm.dll

C:\WINDOWS\system32\awywuggm.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\axdimyau.exe

C:\WINDOWS\system32\axdimyau.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bayjrsyc.dll

C:\WINDOWS\system32\bayjrsyc.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bfhachfa.exe

C:\WINDOWS\system32\bfhachfa.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bhbwjfpd.dll

C:\WINDOWS\system32\bhbwjfpd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bhgmxaxu.dll

C:\WINDOWS\system32\bhgmxaxu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bjxcvyqk.dll

C:\WINDOWS\system32\bjxcvyqk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bmeeehma.dll

C:\WINDOWS\system32\bmeeehma.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bqymqsie.dll

C:\WINDOWS\system32\bqymqsie.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bsomaiot.dll

C:\WINDOWS\system32\bsomaiot.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bxihnmjx.dll

C:\WINDOWS\system32\bxihnmjx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\caaqfvis.dll

C:\WINDOWS\system32\caaqfvis.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\cagixgax.dll

C:\WINDOWS\system32\cagixgax.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\cdqxhfkc.dll

C:\WINDOWS\system32\cdqxhfkc.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\cekyigys.exe

C:\WINDOWS\system32\cekyigys.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ckkeqstc.exe

C:\WINDOWS\system32\ckkeqstc.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\cmvhhlql.exe

C:\WINDOWS\system32\cmvhhlql.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\cnjmfiht.dll

C:\WINDOWS\system32\cnjmfiht.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\cnyqtigy.dll

C:\WINDOWS\system32\cnyqtigy.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\crpcacvu.dll

C:\WINDOWS\system32\crpcacvu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\csrivqkd.dll

C:\WINDOWS\system32\csrivqkd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\csuyiqvd.exe

C:\WINDOWS\system32\csuyiqvd.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\cysrjyab.ini

C:\WINDOWS\system32\cysrjyab.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dcloejem.dll

C:\WINDOWS\system32\dcloejem.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ddabb.dll

C:\windows\system32\ddabb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ddabx.dll

C:\WINDOWS\system32\ddabx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ddaby.dll

C:\WINDOWS\system32\ddaby.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ddagprfh.dll

C:\WINDOWS\system32\ddagprfh.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ddayv.dll

C:\WINDOWS\system32\ddayv.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ddayw.dll

C:\WINDOWS\system32\ddayw.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ddccd.dll

C:\windows\system32\ddccd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ddccy.dll

C:\WINDOWS\system32\ddccy.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ddcyx.dll

C:\WINDOWS\system32\ddcyx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dhodklsn.exe

C:\WINDOWS\system32\dhodklsn.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dilfmorq.dll

C:\WINDOWS\system32\dilfmorq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dkarusks.dll

C:\WINDOWS\system32\dkarusks.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dkxdkxev.dll

C:\WINDOWS\system32\dkxdkxev.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dqmavufb.dll

C:\WINDOWS\system32\dqmavufb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\drwxgfqf.exe

C:\WINDOWS\system32\drwxgfqf.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dushtnjp.exe

C:\WINDOWS\system32\dushtnjp.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dvntbxhh.exe

C:\WINDOWS\system32\dvntbxhh.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ebfstigu.dll

C:\WINDOWS\system32\ebfstigu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\egmcynwu.exe

C:\WINDOWS\system32\egmcynwu.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\eigqagtw.dll

C:\WINDOWS\system32\eigqagtw.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\eweyslox.exe

C:\WINDOWS\system32\eweyslox.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ewxqjfyp.dll

C:\WINDOWS\system32\ewxqjfyp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\eyclkjql.dll

C:\WINDOWS\system32\eyclkjql.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fbhbyoli.exe

C:\WINDOWS\system32\fbhbyoli.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fdulmssa.dll

C:\WINDOWS\system32\fdulmssa.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fkcbrfvj.dll

C:\WINDOWS\system32\fkcbrfvj.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fkilipqe.dll

C:\WINDOWS\system32\fkilipqe.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fktrypga.exe

C:\WINDOWS\system32\fktrypga.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fmebfxqr.exe

C:\WINDOWS\system32\fmebfxqr.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fngbkufg.dll

C:\WINDOWS\system32\fngbkufg.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fuefxgyx.exe

C:\WINDOWS\system32\fuefxgyx.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\fwdapeip.dll

C:\WINDOWS\system32\fwdapeip.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\gagjbmjr.dll

C:\WINDOWS\system32\gagjbmjr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\gdqieaxt.dll

C:\WINDOWS\system32\gdqieaxt.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\gebca.dll

C:\WINDOWS\system32\gebca.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\gebcc.dll

C:\WINDOWS\system32\gebcc.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\gebcy.dll

C:\WINDOWS\system32\gebcy.dll Has been deleted!

 

Attempting to delete C:\windows\system32\gebyw.dll

C:\windows\system32\gebyw.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\gebyx.dll

C:\WINDOWS\system32\gebyx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\geebc.dll

C:\WINDOWS\system32\geebc.dll Has been deleted!

 

Attempting to delete C:\windows\system32\geeda.dll

C:\windows\system32\geeda.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\geedd.dll

C:\WINDOWS\system32\geedd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\geede.dll

C:\WINDOWS\system32\geede.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ggeiidek.dll

C:\WINDOWS\system32\ggeiidek.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\glqqrmdd.exe

C:\WINDOWS\system32\glqqrmdd.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\haubakpn.dll

C:\WINDOWS\system32\haubakpn.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hdkyucfe.dll

C:\WINDOWS\system32\hdkyucfe.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\helehhyy.exe

C:\WINDOWS\system32\helehhyy.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hgmqkapw.dll

C:\WINDOWS\system32\hgmqkapw.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hgslfuto.dll

C:\WINDOWS\system32\hgslfuto.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hiwsbiov.dll

C:\WINDOWS\system32\hiwsbiov.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hlqavral.dll

C:\WINDOWS\system32\hlqavral.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hohgrhhd.dll

C:\WINDOWS\system32\hohgrhhd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hptjtnxo.dll

C:\WINDOWS\system32\hptjtnxo.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hqbedlpq.dll

C:\WINDOWS\system32\hqbedlpq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\htqhqpfv.dll

C:\WINDOWS\system32\htqhqpfv.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hvwwqpre.exe

C:\WINDOWS\system32\hvwwqpre.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\hybitebs.exe

C:\WINDOWS\system32\hybitebs.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\idphnvmg.dll

C:\WINDOWS\system32\idphnvmg.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\innvhofe.dll

C:\WINDOWS\system32\innvhofe.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ioqqenmh.exe

C:\WINDOWS\system32\ioqqenmh.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\iyicwglb.dll

C:\WINDOWS\system32\iyicwglb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jbfoxbhi.dll

C:\WINDOWS\system32\jbfoxbhi.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jihfxjkw.exe

C:\WINDOWS\system32\jihfxjkw.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jkhfd.dll

C:\WINDOWS\system32\jkhfd.dll Has been deleted!

 

Attempting to delete C:\windows\system32\jkhff.dll

C:\windows\system32\jkhff.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jkhfg.dll

C:\WINDOWS\system32\jkhfg.dll Has been deleted!

 

Attempting to delete C:\windows\system32\jkhhe.dll

C:\windows\system32\jkhhe.dll Has been deleted!

 

Attempting to delete C:\windows\system32\jkhhh.dll

C:\windows\system32\jkhhh.dll Has been deleted!

 

Attempting to delete C:\windows\system32\jkklk.dll

C:\windows\system32\jkklk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jkklm.dll

C:\WINDOWS\system32\jkklm.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jltqcuvm.dll

C:\WINDOWS\system32\jltqcuvm.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\joscwlic.exe

C:\WINDOWS\system32\joscwlic.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jshwsjlc.dll

C:\WINDOWS\system32\jshwsjlc.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\jxelgcgt.exe

C:\WINDOWS\system32\jxelgcgt.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\kciffxsh.dll

C:\WINDOWS\system32\kciffxsh.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\kdsbyttl.dll

C:\WINDOWS\system32\kdsbyttl.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\kjdwhijq.exe

C:\WINDOWS\system32\kjdwhijq.exe Has been deleted!

 

Attempting to delete C:\windows\system32\kmllm.bak1

C:\windows\system32\kmllm.bak1 Has been deleted!

 

Attempting to delete C:\windows\system32\kmllm.bak2

C:\windows\system32\kmllm.bak2 Has been deleted!

 

Attempting to delete C:\windows\system32\kmllm.ini

C:\windows\system32\kmllm.ini Has been deleted!

 

Attempting to delete C:\windows\system32\kmllm.ini2

C:\windows\system32\kmllm.ini2 Has been deleted!

 

Attempting to delete C:\windows\system32\kmllm.tmp

C:\windows\system32\kmllm.tmp Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\kngmhegu.exe

C:\WINDOWS\system32\kngmhegu.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\kqyvcxjb.ini

C:\WINDOWS\system32\kqyvcxjb.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\kthssdhv.dll

C:\WINDOWS\system32\kthssdhv.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ktirrwgx.dll

C:\WINDOWS\system32\ktirrwgx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\kxprldya.dll

C:\WINDOWS\system32\kxprldya.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\lagmabrv.exe

C:\WINDOWS\system32\lagmabrv.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\lclghcne.exe

C:\WINDOWS\system32\lclghcne.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\liggehyc.dll

C:\WINDOWS\system32\liggehyc.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\lixbnaav.dll

C:\WINDOWS\system32\lixbnaav.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\lvdvaxiw.exe

C:\WINDOWS\system32\lvdvaxiw.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\lxmeuxta.dll

C:\WINDOWS\system32\lxmeuxta.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\lyghkjmt.dll

C:\WINDOWS\system32\lyghkjmt.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mbwmuphu.dll

C:\WINDOWS\system32\mbwmuphu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mduiqmch.dll

C:\WINDOWS\system32\mduiqmch.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mgguwywa.ini

C:\WINDOWS\system32\mgguwywa.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\micfkise.dll

C:\WINDOWS\system32\micfkise.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mljgf.dll

C:\WINDOWS\system32\mljgf.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mljgh.dll

C:\WINDOWS\system32\mljgh.dll Has been deleted!

 

Attempting to delete C:\windows\system32\mljjk.dll

C:\windows\system32\mljjk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlljh.dll

C:\WINDOWS\system32\mlljh.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlljj.dll

C:\WINDOWS\system32\mlljj.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlljk.dll

C:\WINDOWS\system32\mlljk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mllmj.dll

C:\WINDOWS\system32\mllmj.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mllmk.dll

C:\WINDOWS\system32\mllmk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\moxqstdi.dll

C:\WINDOWS\system32\moxqstdi.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mylpwelq.dll

C:\WINDOWS\system32\mylpwelq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\nekkywcq.dll

C:\WINDOWS\system32\nekkywcq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ngpxmgfq.dll

C:\WINDOWS\system32\ngpxmgfq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ngysttge.dll

C:\WINDOWS\system32\ngysttge.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\nwbiywna.exe

C:\WINDOWS\system32\nwbiywna.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\oerijbup.exe

C:\WINDOWS\system32\oerijbup.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ojtmknux.dll

C:\WINDOWS\system32\ojtmknux.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\otdtminl.dll

C:\WINDOWS\system32\otdtminl.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pafkhnld.dll

C:\WINDOWS\system32\pafkhnld.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\paypgbsp.dll

C:\WINDOWS\system32\paypgbsp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pgvrrxdo.dll

C:\WINDOWS\system32\pgvrrxdo.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pljnstiy.dll

C:\WINDOWS\system32\pljnstiy.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmkhe.dll

C:\WINDOWS\system32\pmkhe.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmkhf.dll

C:\WINDOWS\system32\pmkhf.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmkhi.dll

C:\WINDOWS\system32\pmkhi.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmkjg.dll

C:\WINDOWS\system32\pmkjg.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pmkjj.dll

C:\WINDOWS\system32\pmkjj.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\powyhnah.dll

C:\WINDOWS\system32\powyhnah.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\pviytkhp.dll

C:\WINDOWS\system32\pviytkhp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qdubufdm.exe

C:\WINDOWS\system32\qdubufdm.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qgnbbnqk.dll

C:\WINDOWS\system32\qgnbbnqk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qkpnskcx.dll

C:\WINDOWS\system32\qkpnskcx.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qkufypfa.dll

C:\WINDOWS\system32\qkufypfa.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qpgeanpq.dll

C:\WINDOWS\system32\qpgeanpq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rhfurbpv.exe

C:\WINDOWS\system32\rhfurbpv.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rhhifjkc.exe

C:\WINDOWS\system32\rhhifjkc.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rlipeosf.dll

C:\WINDOWS\system32\rlipeosf.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rmeftjek.dll

C:\WINDOWS\system32\rmeftjek.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rsiucini.dll

C:\WINDOWS\system32\rsiucini.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ruxyulub.exe

C:\WINDOWS\system32\ruxyulub.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rvtqrvfd.dll

C:\WINDOWS\system32\rvtqrvfd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\shdkxwmv.dll

C:\WINDOWS\system32\shdkxwmv.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\smntadny.exe

C:\WINDOWS\system32\smntadny.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\smpexhsr.dll

C:\WINDOWS\system32\smpexhsr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ssqpm.dll

C:\WINDOWS\system32\ssqpm.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ssqpn.dll

C:\WINDOWS\system32\ssqpn.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ssqrp.dll

C:\WINDOWS\system32\ssqrp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ssqrq.dll

C:\WINDOWS\system32\ssqrq.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ssqrr.dll

C:\windows\system32\ssqrr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sstqn.dll

C:\WINDOWS\system32\sstqn.dll Has been deleted!

 

Attempting to delete C:\windows\system32\sstqo.dll

C:\windows\system32\sstqo.dll Has been deleted!

 

Attempting to delete C:\windows\system32\sstqp.dll

C:\windows\system32\sstqp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sstqr.dll

C:\WINDOWS\system32\sstqr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ssttq.dll

C:\WINDOWS\system32\ssttq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ssttr.dll

C:\WINDOWS\system32\ssttr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sstts.dll

C:\WINDOWS\system32\sstts.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ssttt.dll

C:\WINDOWS\system32\ssttt.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ssttu.dll

C:\WINDOWS\system32\ssttu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\svknjxni.dll

C:\WINDOWS\system32\svknjxni.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\tfrodmfb.dll

C:\WINDOWS\system32\tfrodmfb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\tllarppe.dll

C:\WINDOWS\system32\tllarppe.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\tqgkcdpl.dll

C:\WINDOWS\system32\tqgkcdpl.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\tsfpdsto.dll

C:\WINDOWS\system32\tsfpdsto.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ttovfjop.dll

C:\WINDOWS\system32\ttovfjop.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\tvwmouno.dll

C:\WINDOWS\system32\tvwmouno.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ufneugiq.dll

C:\WINDOWS\system32\ufneugiq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ukihbwcj.dll

C:\WINDOWS\system32\ukihbwcj.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\upohaxyr.exe

C:\WINDOWS\system32\upohaxyr.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\uppiqbhl.dll

C:\WINDOWS\system32\uppiqbhl.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\urigrnic.dll

C:\WINDOWS\system32\urigrnic.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\uwdvsskq.exe

C:\WINDOWS\system32\uwdvsskq.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\uxpawdsw.exe

C:\WINDOWS\system32\uxpawdsw.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vgvmdjta.ini

C:\WINDOWS\system32\vgvmdjta.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vilfpqwh.exe

C:\WINDOWS\system32\vilfpqwh.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vmyvvdcb.dll

C:\WINDOWS\system32\vmyvvdcb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vqavwkkt.dll

C:\WINDOWS\system32\vqavwkkt.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vslxavvb.exe

C:\WINDOWS\system32\vslxavvb.exe Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtnjiaia.dll

C:\WINDOWS\system32\vtnjiaia.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtsqo.dll

C:\WINDOWS\system32\vtsqo.dll Has been deleted!

 

Attempting to delete C:\windows\system32\vtsqp.dll

C:\windows\system32\vtsqp.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtstt.dll

C:\WINDOWS\system32\vtstt.dll Has been deleted!

 

Attempting to delete C:\windows\system32\vtstu.dll

C:\windows\system32\vtstu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vturo.dll

C:\WINDOWS\system32\vturo.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vturq.dll

C:\WINDOWS\system32\vturq.dll Has been deleted!

 

Attempting to delete C:\windows\system32\vtutq.dll

C:\windows\system32\vtutq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtutr.dll

C:\WINDOWS\system32\vtutr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtutt.dll

C:\WINDOWS\system32\vtutt.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtutu.dll

C:\WINDOWS\system32\vtutu.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\wdoroyve.dll

C:\WINDOWS\system32\wdoroyve.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\wklisalw.dll

C:\WINDOWS\system32\wklisalw.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\wkxludql.dll

C:\WINDOWS\system32\wkxludql.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\wlswarwy.dll

C:\WINDOWS\system32\wlswarwy.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\wmosjnxq.dll

C:\WINDOWS\system32\wmosjnxq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\wnqaftmb.dll

C:\WINDOWS\system32\wnqaftmb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\wuuydgnb.dll

C:\WINDOWS\system32\wuuydgnb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xaihsokf.dll

C:\WINDOWS\system32\xaihsokf.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xfqqkcgv.exe

C:\WINDOWS\system32\xfqqkcgv.exe Could not be deleted.

 

Attempting to delete C:\WINDOWS\system32\xikojbju.dll

C:\WINDOWS\system32\xikojbju.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xkkrfbvg.dll

C:\WINDOWS\system32\xkkrfbvg.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xqgfbouk.dll

C:\WINDOWS\system32\xqgfbouk.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ydngatpl.dll

C:\WINDOWS\system32\ydngatpl.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\yeiwyawc.dll

C:\WINDOWS\system32\yeiwyawc.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ygdwmmrn.dll

C:\WINDOWS\system32\ygdwmmrn.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\yjbbilof.dll

C:\WINDOWS\system32\yjbbilof.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\yksbjogb.dll

C:\WINDOWS\system32\yksbjogb.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ylavoyqo.dll

C:\WINDOWS\system32\ylavoyqo.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\yqotdolj.dll

C:\WINDOWS\system32\yqotdolj.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\yyfwjpow.dll

C:\WINDOWS\system32\yyfwjpow.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\fwdapeip.dll

C:\WINDOWS\system32\fwdapeip.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\xfqqkcgv.exe

C:\WINDOWS\system32\xfqqkcgv.exe Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:35:20, on 18/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

F:\programas\adaw\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cmpe.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Mixer.exe

C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

F:\programas\D-Tools\daemon.exe

F:\programas\QuickTime\qttask.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\PowerS.exe

F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe

C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Pando Networks\Pando\Pando.exe

C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe

C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE

C:\WINDOWS\system32\lxcycoms.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miguelmeuanjinho.blogspot.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O1 - Hosts: 91.184.6.104 pagead2.googlesyndication.com

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll

O2 - BHO: (no name) - {15E9639E-7EBF-49EB-B57D-14976E025940} - C:\WINDOWS\system32\mllmk.dll (file missing)

O2 - BHO: (no name) - {20CDD577-53C3-4DE0-A850-EB9FD5EA9EB1} - (no file)

O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - F:\programas\GetRight\xx2gr.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: (no name) - {CE20B817-0CFF-4313-BD92-17CECCEA8EED} - (no file)

O2 - BHO: {c4532cc2-1d2e-80c8-db94-9c6971446f9e} - {e9f64417-96c9-49bd-8c08-e2d12cc2354c} - C:\WINDOWS\system32\oiossonr.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe

O4 - HKLM\..\Run: [Microsoft System Service] dnservice.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "F:\programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [lxcymon.exe] "C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [1cd84bff] rundll32.exe "C:\WINDOWS\system32\eigqagtw.dll",b

O4 - HKLM\..\Run: [bM1feb7863] Rundll32.exe "C:\WINDOWS\system32\fwdapeip.dll",s

O4 - HKLM\..\RunServices: [Microsoft System Service] dnservice.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [VoipDiscount] "C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: TVRMVCR.lnk = C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE

O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download with GetRight - F:\programas\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - F:\programas\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191260282687

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: iifgfgh - iifgfgh.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winbjd32 - C:\WINDOWS\SYSTEM32\winbjd32.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\programas\adaw\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Unknown owner - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\System32\cmpe.exe

O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

O23 - Service: NBService - Nero AG - F:\programas\nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

[DigRam 144]

Boa Noite lilicatj!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite o Firewall e Antivírus.

>@< Feche todas as janelas e execute a ferramenta!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no Mouse ou teclado.

______________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[lilicatj 0]

DigRam, Boa noite! E obrigada por estar me ajudando!

 

Aí vão os logs

 

ComboFix 08-01-18.5 - Lívia 2008-01-19 0:19:55.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.660 [GMT -2:00]

Executando de: C:\Documents and Settings\Lívia\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\afpdjecy.ini

C:\WINDOWS\system32\ainfpalw.dll

C:\WINDOWS\system32\aiuhilmb.dll

C:\WINDOWS\system32\alswlkty.dll

C:\WINDOWS\system32\aqglwonv.dll

C:\WINDOWS\system32\atvwuxsl.ini

C:\WINDOWS\system32\atxuemxl.ini

C:\WINDOWS\system32\auhuewka.dll

C:\WINDOWS\system32\aveosctp.dll

C:\WINDOWS\system32\awoytyuo.ini

C:\WINDOWS\system32\bcdvvymv.ini

C:\WINDOWS\system32\behxbhqd.dll

C:\WINDOWS\system32\bfjwedgd.dll

C:\WINDOWS\system32\bfuvamqd.ini

C:\WINDOWS\system32\bgbgwtwj.dll

C:\WINDOWS\system32\bgojbsky.ini

C:\WINDOWS\system32\bhifkpja.dll

C:\WINDOWS\system32\bmmvcxvn.dll

C:\WINDOWS\system32\bmtfaqnw.ini

C:\WINDOWS\system32\bthnerok.dll

C:\WINDOWS\system32\bvpbsiao.dll

C:\WINDOWS\system32\cfemqgel.dll

C:\WINDOWS\system32\cgcnpncp.dll

C:\WINDOWS\system32\cgxnlcpv.dll

C:\WINDOWS\system32\chrjhcnp.dll

C:\WINDOWS\system32\crdvigix.dll

C:\WINDOWS\system32\creinncb.dll

C:\WINDOWS\system32\cvijggtp.dll

C:\WINDOWS\system32\cwpyjeoh.dll

C:\WINDOWS\system32\cyheggil.ini

C:\WINDOWS\system32\dasrwxmq.ini

C:\WINDOWS\system32\dbxnjrtj.dll

C:\WINDOWS\system32\dfltwfav.dll

C:\WINDOWS\system32\dfvrqtvr.ini

C:\WINDOWS\system32\dgcaeyks.ini

C:\WINDOWS\system32\dgebmhnw.dll

C:\WINDOWS\system32\dguwmfxu.ini

C:\WINDOWS\system32\dhhrghoh.ini

C:\WINDOWS\system32\dmutcyjg.dll

C:\WINDOWS\system32\dpsevjec.ini

C:\WINDOWS\system32\dqxtfllv.ini

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\dtdgxvdn.dll

C:\WINDOWS\system32\dunfxeop.dll

C:\WINDOWS\system32\efcuykdh.ini

C:\WINDOWS\system32\efohvnni.ini

C:\WINDOWS\system32\efouqhye.ini

C:\WINDOWS\system32\eisqmyqb.ini

C:\WINDOWS\system32\ejubbory.dll

C:\WINDOWS\system32\ekrnovwf.ini

C:\WINDOWS\system32\enwvwece.dll

C:\WINDOWS\system32\epphvuog.dll

C:\WINDOWS\system32\epprallt.ini

C:\WINDOWS\system32\eqpilikf.ini

C:\WINDOWS\system32\euktnhwp.dll

C:\WINDOWS\system32\evyorodw.ini

C:\WINDOWS\system32\ewcybicw.dll

C:\WINDOWS\system32\fcktjlng.ini

C:\WINDOWS\system32\fdtaqpei.dll

C:\WINDOWS\system32\fdtobeek.dll

C:\WINDOWS\system32\ffbiymkb.dll

C:\WINDOWS\system32\ffepaqxr.dll

C:\WINDOWS\system32\fmtfksap.ini

C:\WINDOWS\system32\folibbjy.ini

C:\WINDOWS\system32\fsoepilr.ini

C:\WINDOWS\system32\fybmnrud.dll

C:\WINDOWS\system32\gbisggym.ini

C:\WINDOWS\system32\gbuufumg.dll

C:\WINDOWS\system32\geajldjw.ini

C:\WINDOWS\system32\gfgbiopj.dll

C:\WINDOWS\system32\ghitlgqv.dll

C:\WINDOWS\system32\gipvfhmr.ini

C:\WINDOWS\system32\gkaxfkgd.dll

C:\WINDOWS\system32\gldhxevg.dll

C:\WINDOWS\system32\gnjfgyto.dll

C:\WINDOWS\system32\gvbfrkkx.ini

C:\WINDOWS\system32\hajuvtte.dll

C:\WINDOWS\system32\hbuksiog.ini

C:\WINDOWS\system32\hemsordn.dll

C:\WINDOWS\system32\hfrpgadd.ini

C:\WINDOWS\system32\hhkwvvxn.dll

C:\WINDOWS\system32\hhxcaiot.dll

C:\WINDOWS\system32\hnmjvtbr.dll

C:\WINDOWS\system32\hstfqtmc.ini

C:\WINDOWS\system32\hubfrvjk.dll

C:\WINDOWS\system32\hukxuopt.dll

C:\WINDOWS\system32\hyqbiown.dll

C:\WINDOWS\system32\iaknttkn.dll

C:\WINDOWS\system32\iatxxrbe.dll

C:\WINDOWS\system32\ihbxofbj.ini

C:\WINDOWS\system32\imayggtp.dll

C:\WINDOWS\system32\inicuisr.ini

C:\WINDOWS\system32\iyvcqvlw.dll

C:\WINDOWS\system32\jcwbhiku.ini

C:\WINDOWS\system32\jeydjvup.dll

C:\WINDOWS\system32\jhffyrvy.dll

C:\WINDOWS\system32\jhkvegth.dll

C:\WINDOWS\system32\jlodtoqy.ini

C:\WINDOWS\system32\jpldalrn.ini

C:\WINDOWS\system32\jrigoxmq.dll

C:\WINDOWS\system32\jvfrbckf.ini

C:\WINDOWS\system32\jvgxydpw.ini

C:\WINDOWS\system32\kbwbncgr.dll

C:\WINDOWS\system32\kejtfemr.ini

C:\WINDOWS\system32\kklqjiah.dll

C:\WINDOWS\system32\kqnbbngq.ini

C:\WINDOWS\system32\kuwokltd.dll

C:\WINDOWS\system32\kwbnonkw.dll

C:\WINDOWS\system32\kwjsnphk.ini

C:\WINDOWS\system32\leqieteh.dll

C:\WINDOWS\system32\lmdrsyfk.dll

C:\WINDOWS\system32\lnimtdto.ini

C:\WINDOWS\system32\lqbwxjni.dll

C:\WINDOWS\system32\lqdulxkw.ini

C:\WINDOWS\system32\lsfkmnud.dll

C:\WINDOWS\system32\lttybsdk.ini

C:\WINDOWS\system32\lxhvaaum.dll

C:\WINDOWS\system32\lybbnwuh.dll

C:\WINDOWS\system32\lywlusur.ini

C:\WINDOWS\system32\mbpiyyvr.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\moaejmtr.ini

C:\WINDOWS\system32\moirxeho.ini

C:\WINDOWS\system32\mpanpowc.ini

C:\WINDOWS\system32\mwqjdpwk.ini

C:\WINDOWS\system32\mxgvmugm.dll

C:\WINDOWS\system32\nanlvwij.ini

C:\WINDOWS\system32\nfjrpbps.ini

C:\WINDOWS\system32\njpiihwa.dll

C:\WINDOWS\system32\npkabuah.ini

C:\WINDOWS\system32\nqjjqkhr.dll

C:\WINDOWS\system32\nrhdrqrh.dll

C:\WINDOWS\system32\nueyocnh.ini

C:\WINDOWS\system32\nybdrenr.ini

C:\WINDOWS\system32\odmrvvco.ini

C:\WINDOWS\system32\odxrrvgp.ini

C:\WINDOWS\system32\ofaxyrra.ini

C:\WINDOWS\system32\ogmqiiah.ini

C:\WINDOWS\system32\ohfvwdwq.dll

C:\WINDOWS\system32\oiossonr.dll

C:\WINDOWS\system32\omimterg.dll

C:\WINDOWS\system32\onsyopra.dll

C:\WINDOWS\system32\onuomwvt.ini

C:\WINDOWS\system32\oqoshjrg.dll

C:\WINDOWS\system32\otsdpfst.ini

C:\WINDOWS\system32\oxhhlcba.dll

C:\WINDOWS\system32\oxntjtph.ini

C:\WINDOWS\system32\oxsteail.dll

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\paomraxi.dll

C:\WINDOWS\system32\pbhstmxw.ini

C:\WINDOWS\system32\pcxmxvjt.dll

C:\WINDOWS\system32\piswolot.ini

C:\WINDOWS\system32\pjtodksh.dll

C:\WINDOWS\system32\pojfvott.ini

C:\WINDOWS\system32\ppnehsli.dll

C:\WINDOWS\system32\ppvwlnju.ini

C:\WINDOWS\system32\psbgpyap.ini

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\ptwlckss.ini

C:\WINDOWS\system32\pyfjqxwe.ini

C:\WINDOWS\system32\qexgdmbl.dll

C:\WINDOWS\system32\qhkmojtj.dll

C:\WINDOWS\system32\qhshmhgt.ini

C:\WINDOWS\system32\qiguenfu.ini

C:\WINDOWS\system32\qjmbpiba.dll

C:\WINDOWS\system32\qkmgyrgp.ini

C:\WINDOWS\system32\qlewplym.ini

C:\WINDOWS\system32\qmrjbpiq.dll

C:\WINDOWS\system32\qpldebqh.ini

C:\WINDOWS\system32\qpnaegpq.ini

C:\WINDOWS\system32\qpynjqcq.dll

C:\WINDOWS\system32\qromflid.ini

C:\WINDOWS\system32\qtlqckdc.dll

C:\WINDOWS\system32\qwxqiqgw.dll

C:\WINDOWS\system32\qxgxscig.dll

C:\WINDOWS\system32\qxnbikfb.ini

C:\WINDOWS\system32\qxnjsomw.ini

C:\WINDOWS\system32\qyldulrq.ini

C:\WINDOWS\system32\rbqhqepv.dll

C:\WINDOWS\system32\rkwuwfum.dll

C:\WINDOWS\system32\rqggawlg.dll

C:\WINDOWS\system32\rvhmtmdt.dll

C:\WINDOWS\system32\rvpiflqu.ini

C:\WINDOWS\system32\sabyetgi.dll

C:\WINDOWS\system32\saocevkd.dll

C:\WINDOWS\system32\sbjhkofl.dll

C:\WINDOWS\system32\sciqlmga.dll

C:\WINDOWS\system32\sfjddhkk.ini

C:\WINDOWS\system32\smkxhxyw.ini

C:\WINDOWS\system32\soyefatn.dll

C:\WINDOWS\system32\srpusagr.ini

C:\WINDOWS\system32\ssagaoqf.dll

C:\WINDOWS\system32\ssrimouh.ini

C:\WINDOWS\system32\suqejwsq.dll

C:\WINDOWS\system32\susqchja.ini

C:\WINDOWS\system32\svcqacyi.dll

C:\WINDOWS\system32\sxfuelik.dll

C:\WINDOWS\system32\sxwduwyc.dll

C:\WINDOWS\system32\tcwabrwd.dll

C:\WINDOWS\system32\tdeedtbh.ini

C:\WINDOWS\system32\thihiuvx.dll

C:\WINDOWS\system32\tiofldqs.dll

C:\WINDOWS\system32\tjxwrujt.dll

C:\WINDOWS\system32\tlcjwfhd.dll

C:\WINDOWS\system32\tmjkhgyl.ini

C:\WINDOWS\system32\toiamosb.ini

C:\WINDOWS\system32\tsdnwala.ini

C:\WINDOWS\system32\ttkqxjos.dll

C:\WINDOWS\system32\tuhcmqyo.ini

C:\WINDOWS\system32\tuuwmalr.dll

C:\WINDOWS\system32\tvyhxqvi.dll

C:\WINDOWS\system32\ucxwoaru.dll

C:\WINDOWS\system32\udeejhkk.ini

C:\WINDOWS\system32\udwlnsox.ini

C:\WINDOWS\system32\ufecocaw.dll

C:\WINDOWS\system32\ugitsfbe.ini

C:\WINDOWS\system32\uiiiicdk.dll

C:\WINDOWS\system32\ujtubpib.ini

C:\WINDOWS\system32\ukbujxnc.ini

C:\WINDOWS\system32\ukvalfxr.ini

C:\WINDOWS\system32\uootasxm.dll

C:\WINDOWS\system32\uracvejm.dll

C:\WINDOWS\system32\utryxrab.dll

C:\WINDOWS\system32\uukhtskq.ini

C:\WINDOWS\system32\uuxdanph.ini

C:\WINDOWS\system32\uuxrffkl.ini

C:\WINDOWS\system32\uwqivedb.ini

C:\WINDOWS\system32\uxcyophx.dll

C:\WINDOWS\system32\uxgqvtpx.dll

C:\WINDOWS\system32\uyfuirck.dll

C:\WINDOWS\system32\uympruah.ini

C:\WINDOWS\system32\uynxqjrt.dll

C:\WINDOWS\system32\vaanbxil.ini

C:\WINDOWS\system32\vexrvtyt.ini

C:\WINDOWS\system32\vfpqhqth.ini

C:\WINDOWS\system32\vfwetrjt.dll

C:\WINDOWS\system32\vhchwhor.dll

C:\WINDOWS\system32\vmjndqcu.ini

C:\WINDOWS\system32\vmwjirwh.dll

C:\WINDOWS\system32\vrvelxoh.dll

C:\WINDOWS\system32\vsllymry.ini

C:\WINDOWS\system32\vutdvlgg.dll

C:\WINDOWS\system32\wcfnussw.dll

C:\WINDOWS\system32\wcoodcjs.dll

C:\WINDOWS\system32\weynjndv.dll

C:\WINDOWS\system32\winbjd32.dll

C:\WINDOWS\system32\wlasilkw.ini

C:\WINDOWS\system32\wmnhuxor.dll

C:\WINDOWS\system32\wnfdherd.ini

C:\WINDOWS\system32\wnpevuuo.ini

C:\WINDOWS\system32\wpcap.dll

C:\WINDOWS\system32\wtgaqgie.ini

C:\WINDOWS\system32\xajqqtyp.dll

C:\WINDOWS\system32\xcklsssf.dll

C:\WINDOWS\system32\xdqdpnek.ini

C:\WINDOWS\system32\xdtikoti.ini

C:\WINDOWS\system32\xjyktshy.dll

C:\WINDOWS\system32\xkvjtjfu.dll

C:\WINDOWS\system32\xunkmtjo.ini

C:\WINDOWS\system32\ybiijyoa.ini

C:\WINDOWS\system32\ybpnvxoq.dll

C:\WINDOWS\system32\ybqlyklo.dll

C:\WINDOWS\system32\ybxynmph.ini

C:\WINDOWS\system32\ybyjlyca.dll

C:\WINDOWS\system32\yctenoli.dll

C:\WINDOWS\system32\ydippjdm.ini

C:\WINDOWS\system32\ygavnhlf.dll

C:\WINDOWS\system32\ygitqync.ini

C:\WINDOWS\system32\ygtgavkk.dll

C:\WINDOWS\system32\yitsnjlp.ini

C:\WINDOWS\system32\yjhactdm.ini

C:\WINDOWS\system32\yjpkauis.dll

C:\WINDOWS\system32\yjqgsdmh.ini

C:\WINDOWS\system32\yoycqyvn.ini

C:\WINDOWS\system32\yvkiayqo.dll

C:\WINDOWS\system32\yxpwussu.dll

C:\WINDOWS\system32\yxuxdqly.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_DOMAINSERVICE

-------\LEGACY_NPF

-------\DomainService

-------\NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))

.

 

2008-01-19 00:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-18 11:58 . 2008-01-18 12:28 <DIR> d-------- C:\VundoFix Backups

2008-01-18 02:59 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe

2008-01-18 02:09 . 2008-01-18 02:21 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-01-18 02:09 . 2008-01-18 02:31 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-01-18 02:09 . 2008-01-18 02:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-01-18 02:09 . 2008-01-18 02:31 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-01-18 02:04 . 2008-01-18 02:04 60,076,544 --a------ C:\Downloads.bc!

2008-01-17 15:40 . 2008-01-18 11:39 22 --a------ C:\WINDOWS\pskt.ini

2008-01-15 12:22 . 2008-01-15 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar

2008-01-15 12:17 . 2008-01-15 12:39 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-01-15 11:21 . 2008-01-15 22:39 1,802,475 ---hs---- C:\WINDOWS\system32\tvlcuknl.ini

2008-01-14 23:08 . 2008-01-15 11:16 1,845,210 ---hs---- C:\WINDOWS\system32\pxlymfco.ini

2008-01-13 19:07 . 2008-01-14 23:08 1,851,020 ---hs---- C:\WINDOWS\system32\hfsyvmyp.ini

2008-01-13 14:27 . 2008-01-13 19:07 1,850,968 ---hs---- C:\WINDOWS\system32\spgxvtxw.ini

2008-01-12 20:08 . 2008-01-13 14:23 2,106,519 ---hs---- C:\WINDOWS\system32\jssvgbjh.ini

2008-01-08 19:13 . 2008-01-08 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-01-07 22:18 . 2008-01-07 22:18 <DIR> d-------- C:\Arquivos de programas\Smilebox

2008-01-06 22:05 . 2008-01-19 00:28 <DIR> d-------- C:\Arquivos de programas\lx_cats

2008-01-06 22:04 . 2006-02-20 15:03 409,600 --a------ C:\WINDOWS\system32\lxcyinpa.dll

2008-01-06 22:04 . 2006-02-20 15:06 393,216 --a------ C:\WINDOWS\system32\lxcyiesc.dll

2008-01-06 22:04 . 2006-03-21 11:42 303,104 --a------ C:\WINDOWS\system32\lxcycoin.dll

2008-01-06 22:04 . 2005-07-08 04:11 40,960 --a------ C:\WINDOWS\system32\lxcyvs.dll

2008-01-06 22:03 . 2008-01-06 22:06 <DIR> d-------- C:\Arquivos de programas\Lexmark Toolbar

2008-01-06 22:03 . 2008-01-06 22:03 <DIR> d-------- C:\Arquivos de programas\Lexmark 3400 Series

2008-01-06 22:02 . 2008-01-06 22:02 <DIR> d-------- C:\Lexmark

2008-01-06 19:48 . 2008-01-06 21:08 42,932,456 --a------ C:\cjb3400BP.exe

2008-01-06 12:54 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-01-06 12:54 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2007-12-19 22:15 . 2007-12-19 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2007-12-19 22:14 . 2008-01-03 20:59 <DIR> d-------- C:\Arquivos de programas\StuffPlug3

2007-12-19 22:07 . 2007-12-19 22:07 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-12-19 22:07 . 2007-12-19 22:07 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-18 04:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-18 04:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-01-18 04:11 --------- d-----w C:\Arquivos de programas\Symantec

2008-01-08 21:13 --------- d-----w C:\Arquivos de programas\Apple Software Update

2007-12-20 00:14 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-18 00:57 --------- d-----w C:\Arquivos de programas\VoipRaider.com

2007-12-17 23:42 --------- d-----w C:\Arquivos de programas\VoipDiscount.com

2007-12-11 01:25 --------- d-----w C:\Arquivos de programas\Pando Networks

2007-12-06 03:56 --------- d-----w C:\Arquivos de programas\ACD Systems

2007-11-26 20:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-11-21 16:48 --------- d-----w C:\Arquivos de programas\Google

2007-11-20 21:13 --------- d-----w C:\Arquivos de programas\Yahoo!

2007-11-20 21:12 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

2007-10-04 22:34 88 --sh--r C:\WINDOWS\system32\42325A4885.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15E9639E-7EBF-49EB-B57D-14976E025940}]

C:\WINDOWS\system32\mllmk.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]

"Pando"="C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" [2007-11-02 16:36 5223752]

"VoipDiscount"="C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2007-05-31 16:22 7419456]

"VoipRaider"="C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" [2007-10-22 17:18 7804208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Client Server Runtime Process"="C:\WINDOWS\System32\csrs.exe" [ ]

"Microsoft System Service"="dnservice.exe" []

"C-Media Mixer"="Mixer.exe" [2002-07-12 17:33 1581056 C:\WINDOWS\mixer.exe]

"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2007-02-22 13:33 52840]

"desp2k"="C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 17:05 65536]

"DAEMON Tools-1033"="F:\programas\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"Symantec PIF AlertEng"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"QuickTime Task"="F:\programas\QuickTime\qttask.exe" [2007-02-16 10:54 282624]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]

"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]

"PowerS"="C:\WINDOWS\PowerS.exe" [2001-08-03 18:56 159800]

"Adobe Photo Downloader"="F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 06:32 61440]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"lxcymon.exe"="C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe" [2006-03-06 13:48 286720]

"EzPrint"="C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe" [2006-02-07 01:10 98304]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-12-20 13:16 37376]

"1cd84bff"="C:\WINDOWS\system32\eigqagtw.dll" [ ]

"BM1feb7863"="C:\WINDOWS\system32\fwdapeip.dll" [ ]

"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 07:54 65536]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Microsoft System Service"="dnservice.exe" []

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 05:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

TVRMVCR.lnk - C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE [2007-10-07 23:12:08]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgfgh]

iifgfgh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjd32]

winbjd32.dll

 

R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2003-03-26 23:48]

R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2002-02-22 14:36]

R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2002-02-22 14:36]

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\System32\cmpe.exe [2007-02-26 12:11]

R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 15:23]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 01:09]

S2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;"C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c100c8e-938a-11dc-9a0d-0011d892df0c}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-01-08 21:13:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-19 00:29:29

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCYCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16??????????????????????????????????

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusÆo: 2008-01-19 0:31:18 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-19 02:31:09

.

2008-01-09 04:28:22 --- E O F ---

 

 

E o Log do HJT

 

 

Logfile of HijackThis v1.99.1

Scan saved at 00:38:17, on 19/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cmpe.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Mixer.exe

F:\programas\D-Tools\daemon.exe

F:\programas\QuickTime\qttask.exe

C:\WINDOWS\PowerS.exe

F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe

C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe

C:\WINDOWS\system32\lxcycoms.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Pando Networks\Pando\Pando.exe

C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe

C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miguelmeuanjinho.blogspot.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll

O2 - BHO: (no name) - {15E9639E-7EBF-49EB-B57D-14976E025940} - C:\WINDOWS\system32\mllmk.dll (file missing)

O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - F:\programas\GetRight\xx2gr.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe

O4 - HKLM\..\Run: [Microsoft System Service] dnservice.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "F:\programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [lxcymon.exe] "C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [1cd84bff] rundll32.exe "C:\WINDOWS\system32\eigqagtw.dll",b

O4 - HKLM\..\Run: [bM1feb7863] Rundll32.exe "C:\WINDOWS\system32\fwdapeip.dll",s

O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

O4 - HKLM\..\RunServices: [Microsoft System Service] dnservice.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [VoipDiscount] "C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: TVRMVCR.lnk = C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE

O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download with GetRight - F:\programas\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - F:\programas\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191260282687

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: iifgfgh - iifgfgh.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winbjd32 - winbjd32.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\programas\adaw\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Unknown owner - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\System32\cmpe.exe

O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

O23 - Service: NBService - Nero AG - F:\programas\nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

[DigRam 144]

Bom Dia lilicatj!

 

>@< Reinicie o computador em Modo de Segurança.

>@< Abra o HijackThis e clique em: Do a system scan only.

>@< Marque as entradas,logo abaixo,e clique em Fix checked. Marque as que encontrar!

 

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {15E9639E-7EBF-49EB-B57D-14976E025940} - C:\WINDOWS\system32\mllmk.dll (file missing)

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe

O4 - HKLM\..\Run: [Microsoft System Service] dnservice.exe

O4 - HKLM\..\Run: [1cd84bff] rundll32.exe "C:\WINDOWS\system32\eigqagtw.dll",b

O4 - HKLM\..\Run: [bM1feb7863] Rundll32.exe "C:\WINDOWS\system32\fwdapeip.dll",s

O4 - HKLM\..\RunServices: [Microsoft System Service] dnservice.exe

O20 - Winlogon Notify: iifgfgh - iifgfgh.dll (file missing)

O20 - Winlogon Notify: winbjd32 - winbjd32.dll (file missing)

>@< Ainda em Modo Seguro e no HijackThis,clique em: Open the misc tools section.

>@< Clique em: Delete an NT Service.

>@< Coloque o nome do Serviço: DomainService ,na caixa.

>@< Clique em Ok.

>@< Não reinicie,ainda,o computador!

_________________________

 

>@< Delete a pasta: C:\VundoFix Backups e o relatório C:\VundoFix.txt <!>

>@< Reinicie em Modo Normal,o computador!

_________________________

 

Delete:

 

C:\QooBox << Pertence ao ComboFix.

C:\ComboFix.txt << Log anterior do ComboFix.

_________________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\system32\tvlcuknl.ini

C:\WINDOWS\system32\pxlymfco.ini

C:\WINDOWS\system32\hfsyvmyp.ini

C:\WINDOWS\system32\spgxvtxw.ini

C:\WINDOWS\system32\jssvgbjh.ini

C:\WINDOWS\system32\eigqagtw.dll

C:\WINDOWS\system32\fwdapeip.dll

C:\WINDOWS\System32\csrs.exe

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15E9639E-7EBF-49EB-B57D-14976E025940}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Client Server Runtime Process"=""

"Microsoft System Service"=""

"1cd84bff"=""

"BM1feb7863"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Microsoft System Service"=""

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgfgh]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbjd32]

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[lilicatj 0]

Olá DigRam, bom dia!

Aí vão os relatórios:

 

ComboFix 08-01-18.5 - Lívia 2008-01-20 15:28:29.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.653 [GMT -2:00]

Executando de: C:\Documents and Settings\Lívia\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Lívia\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))

.

 

2008-01-19 00:31 . 2008-01-19 00:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-01-19 00:31 . 2008-01-19 00:31 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-01-19 00:31 . 2008-01-19 00:31 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-01-19 00:31 . 2008-01-19 00:31 <DIR> d-------- C:\Documents and Settings\LÝvia\Configuraþ§es locais

2008-01-19 00:31 . 2008-01-19 00:31 <DIR> d-------- C:\Documents and Settings\Default User\Configuraþ§es locais

2008-01-19 00:31 . 2008-01-19 00:31 <DIR> d-------- C:\Documents and Settings\Bruno\Configuraþ§es locais

2008-01-19 00:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-18 02:59 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe

2008-01-18 02:09 . 2008-01-18 02:21 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-01-18 02:09 . 2008-01-18 02:31 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-01-18 02:09 . 2008-01-18 02:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-01-18 02:09 . 2008-01-18 02:31 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-01-18 02:04 . 2008-01-18 02:04 60,076,544 --a------ C:\Downloads.bc!

2008-01-17 15:40 . 2008-01-18 11:39 22 --a------ C:\WINDOWS\pskt.ini

2008-01-15 12:22 . 2008-01-15 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar

2008-01-15 12:17 . 2008-01-15 12:35 <DIR> d-------- C:\Documents and Settings\Lívia\Dados de aplicativos\Winamp

2008-01-15 12:17 . 2008-01-15 12:39 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-01-15 11:21 . 2008-01-15 22:39 1,802,475 ---hs---- C:\WINDOWS\system32\tvlcuknl.ini

2008-01-14 23:08 . 2008-01-15 11:16 1,845,210 ---hs---- C:\WINDOWS\system32\pxlymfco.ini

2008-01-13 19:07 . 2008-01-14 23:08 1,851,020 ---hs---- C:\WINDOWS\system32\hfsyvmyp.ini

2008-01-13 14:27 . 2008-01-13 19:07 1,850,968 ---hs---- C:\WINDOWS\system32\spgxvtxw.ini

2008-01-12 20:08 . 2008-01-13 14:23 2,106,519 ---hs---- C:\WINDOWS\system32\jssvgbjh.ini

2008-01-08 19:13 . 2008-01-08 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-01-07 22:18 . 2008-01-07 22:18 <DIR> d-------- C:\Arquivos de programas\Smilebox

2008-01-06 22:05 . 2008-01-20 15:21 <DIR> d-------- C:\Arquivos de programas\lx_cats

2008-01-06 22:04 . 2006-02-20 15:03 409,600 --a------ C:\WINDOWS\system32\lxcyinpa.dll

2008-01-06 22:04 . 2006-02-20 15:06 393,216 --a------ C:\WINDOWS\system32\lxcyiesc.dll

2008-01-06 22:04 . 2006-03-21 11:42 303,104 --a------ C:\WINDOWS\system32\lxcycoin.dll

2008-01-06 22:04 . 2005-07-08 04:11 40,960 --a------ C:\WINDOWS\system32\lxcyvs.dll

2008-01-06 22:03 . 2008-01-06 22:06 <DIR> d-------- C:\Arquivos de programas\Lexmark Toolbar

2008-01-06 22:03 . 2008-01-06 22:03 <DIR> d-------- C:\Arquivos de programas\Lexmark 3400 Series

2008-01-06 22:02 . 2008-01-06 22:02 <DIR> d-------- C:\Lexmark

2008-01-06 19:48 . 2008-01-06 21:08 42,932,456 --a------ C:\cjb3400BP.exe

2008-01-06 12:54 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-01-06 12:54 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-19 05:39 --------- d-----w C:\Documents and Settings\Lívia\Dados de aplicativos\Corel

2008-01-19 05:36 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-01-18 04:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-18 04:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-01-18 04:11 --------- d-----w C:\Arquivos de programas\Symantec

2008-01-08 21:13 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-01-04 01:09 --------- d-----w C:\Documents and Settings\Lívia\Dados de aplicativos\LimeWire

2008-01-03 22:59 --------- d-----w C:\Arquivos de programas\StuffPlug3

2007-12-20 00:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2007-12-20 00:14 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-20 00:07 --------- d-----w C:\Arquivos de programas\Windows Live

2007-12-20 00:07 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-12-18 01:02 --------- d-----w C:\Documents and Settings\Lívia\Dados de aplicativos\VoipRaider

2007-12-18 00:57 --------- d-----w C:\Arquivos de programas\VoipRaider.com

2007-12-18 00:55 --------- d-----w C:\Documents and Settings\Lívia\Dados de aplicativos\VoipDiscount

2007-12-17 23:42 --------- d-----w C:\Arquivos de programas\VoipDiscount.com

2007-12-11 01:25 --------- d-----w C:\Arquivos de programas\Pando Networks

2007-12-06 03:56 --------- d-----w C:\Arquivos de programas\ACD Systems

2007-11-26 20:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-11-23 01:49 --------- d-----w C:\Documents and Settings\Lívia\Dados de aplicativos\Lightcomm

2007-11-21 16:48 --------- d-----w C:\Arquivos de programas\Google

2007-11-20 21:13 --------- d-----w C:\Arquivos de programas\Yahoo!

2007-11-20 21:12 --------- d-----w C:\Arquivos de programas\MegauploadToolbar

2007-11-07 09:28 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 01:24 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-10-25 11:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2001-11-23 15:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

2007-10-04 22:34 88 --sh--r C:\WINDOWS\system32\42325A4885.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]

"Pando"="C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" [2007-11-02 16:36 5223752]

"VoipDiscount"="C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2007-05-31 16:22 7419456]

"VoipRaider"="C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" [2007-10-22 17:18 7804208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"="Mixer.exe" [2002-07-12 17:33 1581056 C:\WINDOWS\mixer.exe]

"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2007-02-22 13:33 52840]

"desp2k"="C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 17:05 65536]

"DAEMON Tools-1033"="F:\programas\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"Symantec PIF AlertEng"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"QuickTime Task"="F:\programas\QuickTime\qttask.exe" [2007-02-16 10:54 282624]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]

"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]

"PowerS"="C:\WINDOWS\PowerS.exe" [2001-08-03 18:56 159800]

"Adobe Photo Downloader"="F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 06:32 61440]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"lxcymon.exe"="C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe" [2006-03-06 13:48 286720]

"EzPrint"="C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe" [2006-02-07 01:10 98304]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-12-20 13:16 37376]

"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 07:54 65536]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 05:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

TVRMVCR.lnk - C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE [2007-10-07 23:12:08]

 

R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2003-03-26 23:48]

R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2002-02-22 14:36]

R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2002-02-22 14:36]

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\System32\cmpe.exe [2007-02-26 12:11]

R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 15:23]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 01:09]

S2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;"C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c100c8e-938a-11dc-9a0d-0011d892df0c}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-08 21:13:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-20 15:30:31

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCYCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16??????

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-01-20 15:31:21

.

2008-01-09 04:28:22 --- E O F ---

 

 

 

 

 

E o log do HJT:

 

Logfile of HijackThis v1.99.1

Scan saved at 15:54:57, on 20/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

F:\programas\adaw\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Mixer.exe

F:\programas\D-Tools\daemon.exe

F:\programas\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\PowerS.exe

F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe

C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Pando Networks\Pando\Pando.exe

C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe

C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE

C:\WINDOWS\System32\cmpe.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\lxcycoms.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miguelmeuanjinho.blogspot.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll

O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - F:\programas\GetRight\xx2gr.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "F:\programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [lxcymon.exe] "C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [VoipDiscount] "C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: TVRMVCR.lnk = C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE

O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download with GetRight - F:\programas\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - F:\programas\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191260282687

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\programas\adaw\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Unknown owner - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\System32\cmpe.exe

O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

O23 - Service: NBService - Nero AG - F:\programas\nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

[DigRam 144]

Bom Dia lilicatj!

 

>@< Execute,novamente,o VundoFix e poste o seu relatório: C:\VundoFix.txt <!>

>@< Delete o antigo!

____________________

 

>@< Faça o download do EliBagla.

>@< Salve-o no Desktop!

>@< Agora,vá ao seu ícone e,execute a ferramenta!

>@< Terminando,reinicie o computador em Modo de Segurança. << Importante!

>@< Rode,novamente,o EliBagla.

____________________

 

>@< Poste o relatório infoSAT.txt,que está na raíz C:\ ( Disco Local-C ),na sua resposta.

 

Abraços!

[lilicatj 0]

Bom dia DigRam

 

Os relatorios:

 

Do VundoFix

 

 

VundoFix V6.7.7

 

Checking Java version...

 

Sun Java not detected

Scan started at 00:42:33 21/1/2008

 

Listing files found while scanning....

 

No infected files were found.

 

 

-------------------------------

 

Do EliBagla

 

Mon Jan 21 01:09:23 2008

EliBagle v10.89 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINXP.EXE --> Eliminado Bagle

 

Mon Jan 21 01:09:38 2008

EliBagle v10.89 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 3459

Nº Total de Ficheros: 49932

Nº de Ficheros Analizados: 10042

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Mon Jan 21 01:16:24 2008

EliBagle v10.89 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

 

Mon Jan 21 01:16:27 2008

EliBagle v10.89 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 3459

Nº Total de Ficheros: 49928

Nº de Ficheros Analizados: 10043

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

[DigRam 144]

Bom Dia lilicatj!

 

>@< Voçê tem,no PC,resquícios do Norton e isso poderá dificultar,a instalação de outro AV.

>@< Nos próximos posts,trataremos de remover esses componentes.

________________________

 

>@< O ComboFix,devido a um erro,não iniciou o script e,portanto,não deletou os ficheiros relacionados.

>@< Repita a operação com o CFScript.txt

 

Delete:

 

C:\QooBox << Pertence ao ComboFix.

C:\ComboFix.txt << Log anterior do ComboFix.

 

>@< Cole no Bloco de Notas,tudo o que está abaixo da palavra quote.

>@< As orientações,estão relatadas no Post #6.

________________________

 

>@< Faça o download do a-squared Free 3.0

>@< Abra o programa e clique em: Atualizar agora >> Aguarde!

>@< Terminando,clique em: Analisar agora.

>@< Caso possa,procure fazer,esta análise,em Modo de Segurança!

>@< Escolha a opção: A fundo.

>@< Clique em Analisar!

>@< Terminando,envie os ítens encontrados para a quarentena.

>@< Aonde,daí,serão excluídos ou restaurados.

>@< Salve o relatório,desta verificação,e poste na sua resposta + HJT,atualizado + ComboFix.txt

 

Abraços!

[lilicatj 0]

Olá DigRam

 

Não consegui fazer tudo dessa vez...

 

Arrastei o arquivo pro ComboFix só que no final ele não reiniciou o pc.

E o A-Squared Free trava no meio da análise. Tentei ontem, tentei hoje de novo mas ele travou nas 3 vezes.

 

Ai vai o log:

 

ComboFix 08-01-18.5 - Lívia 2008-01-21 23:36:51.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.616 [GMT -2:00]

Executando de: C:\Documents and Settings\Lívia\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Lívia\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE

C:\WINDOWS\System32\csrs.exe

C:\WINDOWS\system32\eigqagtw.dll

C:\WINDOWS\system32\fwdapeip.dll

C:\WINDOWS\system32\hfsyvmyp.ini

C:\WINDOWS\system32\jssvgbjh.ini

C:\WINDOWS\system32\pxlymfco.ini

C:\WINDOWS\system32\spgxvtxw.ini

C:\WINDOWS\system32\tvlcuknl.ini

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\hfsyvmyp.ini

C:\WINDOWS\system32\jssvgbjh.ini

C:\WINDOWS\system32\pxlymfco.ini

C:\WINDOWS\system32\spgxvtxw.ini

C:\WINDOWS\system32\tvlcuknl.ini

 

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-22 to 2008-01-22 ))))))))))))))))))))))))))))))))

.

 

2008-01-21 01:58 . 2008-01-21 02:00 <DIR> d-------- C:\Arquivos de programas\a-squared Free

2008-01-21 00:42 . 2008-01-21 00:42 <DIR> d-------- C:\VundoFix Backups

2008-01-19 00:31 . 2008-01-19 00:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-01-19 00:31 . 2008-01-19 00:31 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-01-19 00:31 . 2008-01-19 00:31 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-01-19 00:31 . 2008-01-19 00:31 <DIR> d-------- C:\Documents and Settings\LÝvia\Configuraþ§es locais

2008-01-19 00:31 . 2008-01-19 00:31 <DIR> d-------- C:\Documents and Settings\Default User\Configuraþ§es locais

2008-01-19 00:31 . 2008-01-19 00:31 <DIR> d-------- C:\Documents and Settings\Bruno\Configuraþ§es locais

2008-01-19 00:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-18 02:59 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe

2008-01-18 02:09 . 2008-01-18 02:21 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-01-18 02:09 . 2008-01-18 02:31 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-01-18 02:09 . 2008-01-18 02:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-01-18 02:09 . 2008-01-18 02:31 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-01-18 02:04 . 2008-01-18 02:04 60,076,544 --a------ C:\Downloads.bc!

2008-01-17 15:40 . 2008-01-18 11:39 22 --a------ C:\WINDOWS\pskt.ini

2008-01-15 12:22 . 2008-01-15 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar

2008-01-15 12:17 . 2008-01-15 12:35 <DIR> d-------- C:\Documents and Settings\Lívia\Dados de aplicativos\Winamp

2008-01-15 12:17 . 2008-01-15 12:39 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-01-08 19:13 . 2008-01-08 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-01-07 22:18 . 2008-01-07 22:18 <DIR> d-------- C:\Arquivos de programas\Smilebox

2008-01-06 22:05 . 2008-01-21 23:29 <DIR> d-------- C:\Arquivos de programas\lx_cats

2008-01-06 22:04 . 2006-02-20 15:03 409,600 --a------ C:\WINDOWS\system32\lxcyinpa.dll

2008-01-06 22:04 . 2006-02-20 15:06 393,216 --a------ C:\WINDOWS\system32\lxcyiesc.dll

2008-01-06 22:04 . 2006-03-21 11:42 303,104 --a------ C:\WINDOWS\system32\lxcycoin.dll

2008-01-06 22:04 . 2005-07-08 04:11 40,960 --a------ C:\WINDOWS\system32\lxcyvs.dll

2008-01-06 22:03 . 2008-01-06 22:06 <DIR> d-------- C:\Arquivos de programas\Lexmark Toolbar

2008-01-06 22:03 . 2008-01-06 22:03 <DIR> d-------- C:\Arquivos de programas\Lexmark 3400 Series

2008-01-06 22:02 . 2008-01-06 22:02 <DIR> d-------- C:\Lexmark

2008-01-06 19:48 . 2008-01-06 21:08 42,932,456 --a------ C:\cjb3400BP.exe

2008-01-06 12:54 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-01-06 12:54 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-21 18:59 --------- d-----w C:\Documents and Settings\Lívia\Dados de aplicativos\Corel

2008-01-21 18:54 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-01-18 04:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-18 04:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-01-18 04:11 --------- d-----w C:\Arquivos de programas\Symantec

2008-01-08 21:13 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-01-04 01:09 --------- d-----w C:\Documents and Settings\Lívia\Dados de aplicativos\LimeWire

2008-01-03 22:59 --------- d-----w C:\Arquivos de programas\StuffPlug3

2007-12-20 00:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2007-12-20 00:14 --------- d-----w C:\Arquivos de programas\MSN Messenger

2007-12-20 00:07 --------- d-----w C:\Arquivos de programas\Windows Live

2007-12-20 00:07 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-12-18 01:02 --------- d-----w C:\Documents and Settings\Lívia\Dados de aplicativos\VoipRaider

2007-12-18 00:57 --------- d-----w C:\Arquivos de programas\VoipRaider.com

2007-12-18 00:55 --------- d-----w C:\Documents and Settings\Lívia\Dados de aplicativos\VoipDiscount

2007-12-17 23:42 --------- d-----w C:\Arquivos de programas\VoipDiscount.com

2007-12-11 01:25 --------- d-----w C:\Arquivos de programas\Pando Networks

2007-12-06 03:56 --------- d-----w C:\Arquivos de programas\ACD Systems

2007-11-26 20:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-11-23 01:49 --------- d-----w C:\Documents and Settings\Lívia\Dados de aplicativos\Lightcomm

2007-11-07 09:28 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-10-29 22:44 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 01:24 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2007-10-25 11:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2001-11-23 15:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

2007-10-04 22:34 88 --sh--r C:\WINDOWS\system32\42325A4885.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]

"Pando"="C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" [2007-11-02 16:36 5223752]

"VoipDiscount"="C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [2007-05-31 16:22 7419456]

"VoipRaider"="C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" [2007-10-22 17:18 7804208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"C-Media Mixer"="Mixer.exe" [2002-07-12 17:33 1581056 C:\WINDOWS\mixer.exe]

"ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2007-02-22 13:33 52840]

"desp2k"="C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 17:05 65536]

"DAEMON Tools-1033"="F:\programas\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"Symantec PIF AlertEng"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]

"QuickTime Task"="F:\programas\QuickTime\qttask.exe" [2007-02-16 10:54 282624]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]

"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]

"PowerS"="C:\WINDOWS\PowerS.exe" [2001-08-03 18:56 159800]

"Adobe Photo Downloader"="F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 06:32 61440]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"lxcymon.exe"="C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe" [2006-03-06 13:48 286720]

"EzPrint"="C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe" [2006-02-07 01:10 98304]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-12-20 13:16 37376]

"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 07:54 65536]

"Client Server Runtime Process"="" []

"Microsoft System Service"="" []

"1cd84bff"="" []

"BM1feb7863"="" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Microsoft System Service"="" []

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 05:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

TVRMVCR.lnk - C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE [2007-10-07 23:12:08]

 

R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2003-03-26 23:48]

R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2002-02-22 14:36]

R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2002-02-22 14:36]

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\System32\cmpe.exe [2007-02-26 12:11]

R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 15:23]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 01:09]

S2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático;"C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c100c8e-938a-11dc-9a0d-0011d892df0c}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-21 21:42:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-21 23:38:50

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCYCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16??

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-01-21 23:39:46

ComboFix-quarantined-files.txt 2008-01-22 01:39:25

.

2008-01-09 04:28:22 --- E O F ---

 

 

 

E o log do HJT

 

 

Logfile of HijackThis v1.99.1

Scan saved at 23:42:27, on 21/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

F:\programas\adaw\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Mixer.exe

F:\programas\D-Tools\daemon.exe

F:\programas\QuickTime\qttask.exe

C:\WINDOWS\PowerS.exe

F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe

C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Pando Networks\Pando\Pando.exe

C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe

C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\WINDOWS\System32\cmpe.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\lxcycoms.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miguelmeuanjinho.blogspot.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll

O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - F:\programas\GetRight\xx2gr.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "F:\programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [lxcymon.exe] "C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [VoipDiscount] "C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: TVRMVCR.lnk = C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE

O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download with GetRight - F:\programas\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - F:\programas\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191260282687

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\programas\adaw\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Unknown owner - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\System32\cmpe.exe

O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

O23 - Service: NBService - Nero AG - F:\programas\nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

 

 

Abraços

[DigRam 144]

Bom Dia lilicatj!

 

Não consegui fazer tudo dessa vez...

Arrastei o arquivo pro ComboFix só que no final ele não reiniciou o pc.

E o A-Squared Free trava no meio da análise. Tentei ontem, tentei hoje de novo mas ele travou nas 3 vezes.

>@< O relatório do ComboFix,está completo.

>@< Durante o scan,verifique qual arquivo está travando o a-squared.

____________________

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

____________________

 

>@< Poste,então: Relatório do BitDefender + Log do HijackThis,atualizado.

 

 

Abaços!

[lilicatj 0]

Bom dia DigRam

 

O log do HJT

Do BitDefender eu não consigo enviar... diz que é muito grande. Salvou um arquivo cheio de tag html... é assim mesmo??

 

------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 03:35:46, on 22/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

F:\programas\adaw\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Mixer.exe

F:\programas\D-Tools\daemon.exe

F:\programas\QuickTime\qttask.exe

C:\WINDOWS\PowerS.exe

F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe

C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Pando Networks\Pando\Pando.exe

C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe

C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\WINDOWS\System32\cmpe.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\lxcycoms.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miguelmeuanjinho.blogspot.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll

O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - F:\programas\GetRight\xx2gr.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "F:\programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\programas\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [lxcymon.exe] "C:\Arquivos de programas\Lexmark 3400 Series\lxcymon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Arquivos de programas\Lexmark 3400 Series\ezprint.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized

O4 - HKCU\..\Run: [VoipDiscount] "C:\Arquivos de programas\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: TVRMVCR.lnk = C:\Arquivos de programas\Prolink\PlayTV XP\TVRMVCR.EXE

O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download with GetRight - F:\programas\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - F:\programas\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191260282687

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.oifotos.com/lib/ImageUploader3.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\programas\adaw\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agendador do LiveUpdate automático - Unknown owner - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\System32\cmpe.exe

O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

O23 - Service: NBService - Nero AG - F:\programas\nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

[lilicatj 0]

Não consegui... Salvei em txt, html... so que não consigo postar...

Diz que é muito grande...

[DigRam 144]

Bom Dia lilicatj!

 

Do BitDefender eu não consigo enviar... diz que é muito grande. Salvou um arquivo cheio de tag html... é assim mesmo??

>@< Se voçê tentar postar,a pasta BDOSCAN8,aí sim,teremos essa impossibilidade!

>@< Vá em: C:\Windows\BDOSCAN8\bdoscan.txt,este é,portanto,o relatório de postagem. ( Log )

>@< Já em relação ao relatório do a-squared,tente...em Modo Normal,a opção Inteligente ao invéz de A fundo.

>@< Não tendo sucesso,faça o scan com o seu Ad-Aware 2007,e poste o relatório.

___________________________

 

>@< No próximo post,faremos a remoção dos resquícios do Norton.

 

Abraços!

[lilicatj 0]

Olá DigRam...

 

Não vai... continua dizendo que é muito grande.

 

Ai vai o relatório do A-Squared

 

-------------------------------------------------

 

a-squared Free - Versão 3.1

Última atualização 22/1/2008 14:04:01

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, C:\WINDOWS\, C:\Arquivos de programas

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

 

Início da análise: 22/1/2008 14:06:37

 

C:\Documents and Settings\Lívia\Cookies\lívia@adservingml[1].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@advertising[2].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@atdmt[1].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@comprafacil.com[2].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@fl01.ct2.comclick[1].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@linksynergy[1].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@mediaplex[1].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@specificclick[2].txt detectado: Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@statcounter[1].txt detectado: Trace.TrackingCookie

 

Analisado

 

Arquivos: 44962

Objetos: 366625

Cookies: 201

Processos: 43

 

Encontrado

 

Arquivos: 0

Objetos: 0

Cookies: 9

Processos: 0

Chaves do registro: 0

 

Fim da análise: 22/1/2008 14:30:47

Duração da análise: 0:24:10

 

C:\Documents and Settings\Lívia\Cookies\lívia@adservingml[1].txt Em quarentena Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@advertising[2].txt Em quarentena Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@atdmt[1].txt Em quarentena Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@comprafacil.com[2].txt Em quarentena Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@fl01.ct2.comclick[1].txt Em quarentena Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@linksynergy[1].txt Em quarentena Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@mediaplex[1].txt Em quarentena Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@specificclick[2].txt Em quarentena Trace.TrackingCookie

C:\Documents and Settings\Lívia\Cookies\lívia@statcounter[1].txt Em quarentena Trace.TrackingCookie

 

Em quarentena

 

Arquivos: 0

Objetos: 0

Cookies: 9

[DigRam 144]

Boa Tarde lilicatf!

 

Não vai... continua dizendo que é muito grande.

>@< Pode abortar o envio do relatório,pois a ação de remoção,foi executada por esse scan.

___________________________

 

>@< Vá em Iniciar >> Executar >> Digite: services.msc >> Ok.

>@< Procure por: Symantec Core LC ,dê dois cliques e troque o Tipo de Inicialização para: Desativado.

>@< Desative,também:

 

Agendador do LiveUpdate automático

 

>@< Reinicie o computador em Modo de Segurança.

>@< Abra o HijackThis e clique em Do a system scan only.

>@< Marque as entradas,logo abaixo,e clique em Fix checked.

 

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll (file missing)

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

>@< Reinicie em Modo Normal!

___________________________

 

>@< Faça o download do RegSeeker.Mas não rode-o ainda!

>@< Faça o download do StartDreck.

>@< Salve-o no Disco Local-C e descompacte-o aí mesmo,enviando o executável ( Labaredas ) para o Desktop.

>@< Rode o StartDreck,com um duplo clique no executável!

>@< Surgirá uma janela em branco.Aguarde!

>@< Terminando,maximize essa janela e selecione os serviços e processos,que serão excluídos.( Os que encontrar! )

>@< Clique em Delete!<< Provavelmente,nem todos os serviços...alvo de nossa ação,estarão listados ou em sequência.

>@< Na pergunta,clique em Sim!

>@< Faça um por vez!

__________________________

 

>> NT Services

 

*Symantec NetDriver Monitor=C:\ARQUIV~1\SYMNET~1\SNDMon.exe /Consumer

*Symantec Event Manager ccEvtMgr - disabled

*Symantec Password Validation ccPwdSvc - disabled

*Symantec Settings Manager ccSetMgr - disabled

*Norton AntiVirus Firewall Monitor Service NPFMntor - disabled

*ScriptBlocking Service SBService - disabled

*Symantec Network Drivers Service SNDSrvc - disabled

*Symantec SPBBCSvc SPBBCSvc – disabled

 

>> Running Processes

 

>@< Ps: Aqui estarão listados,os processos que estão ativos.

>@< Selecione e delete,todas as referencias à Symantec.

>@< Terminando,feche o programa!

>@< Abra o RegSeeker e clique em Limpar registro.

>@< Em Nome da chave,deixe desmarcada as caixas: HKEY_CLASSES_ROOT e Invalid Services ( experimental ).

>@< Clique em Ok! >> Aguarde!

>@< Terminando,clique em Select >> Selecionar tudo >> Action >> Apagar entradas selecionadas >> Ok.

>@< Aceite a sugestão de ter backups,e os nomeie! << Para que ocorra,uma fácil identificação!

__________________________

 

>@< Poste,na sua resposta,um nôvo log do HijackThis...e,tente instalar um AntiVírus,de sua preferência!

 

Abraços!

[lilicatj 0]

Olá DigRam

Boa noite

 

Não consigo rodar o arquivo executavel do StartDreck no desktop.

Ele so abre se estiver no C:/

Diz que não foi encontrado uma dll

[DigRam 144]

Olá DigRam

Boa noite

 

Não consigo rodar o arquivo executavel do StartDreck no desktop.

Ele so abre se estiver no C:/

Diz que não foi encontrado uma dll

_______________

 

Boa Noite lilicatj!

 

>@< Execute-o no Disco Local-C e,....qual dll não foi encontrada?

 

Abraços!

[lilicatj 0]

DigRam

 

A dll:

VB40032.dll