[Arquivado] I.E. fechando quase sempre...

[vgomespt 0]

Boas...

 

Meu I.E. vai e volta e fecha todas as páginas abertas, a versão é 6.0 no meu firefox tudo tranquilo...Alguma idéia de alguma praga que tá fazendo isso ?! Alguma atualização do microsoft para esta versão ? Não tô muito afim de instalar a ver. 7.

 

Hã, não dá nenhuma msg de erro, simplesmente fecham...uso o avg e o spybot e parece estar ok, mas, vou postar aqui,...

 

Logfile of HijackThis v1.99.1

Scan saved at 14:40:31, on 07-02-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\ctfmon.exe

E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

D:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.pt/s/v/24.11/uploader2.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7AF635BC-10ED-43F6-BD45-801C307B9558}: NameServer = 195.245.176.19 194.38.131.19

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

[jgarcia 1]

Opa vgomespt,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[vgomespt 0]

beleza JGarcia !

 

Eu já tinha instalado o I.E. 7 e algumas actualizações que não iam pelo automático, ainda fiz manualmente, mas persistiu o problema....passei combofix agora...

 

ComboFix 08-02-12.1 - Vladmir 2008-02-12 9:12:33.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.202 [GMT 0:00]

Executando de: C:\Documents and Settings\Vladmir\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\system32\drivers\down

 

----- BITS: Possible infected sites -----

 

hxxp://www.download.windowsupdate.com

hxxp://go.microsoft.com

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-12 to 2008-02-12 ))))))))))))))))))))))))))))))))

.

 

2008-02-11 15:32 . 2008-02-11 15:32 <DIR> d-------- C:\Arquivos de programas\VIGOS Gsitemap 0.97a

2008-02-11 14:58 . 2008-02-11 14:58 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-02-11 14:58 . 2008-02-11 14:58 <DIR> d-------- C:\Arquivos de programas\Reference Assemblies

2008-02-11 14:58 . 2008-02-11 14:58 <DIR> d-------- C:\Arquivos de programas\MSBuild

2008-02-11 14:57 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-02-11 14:50 . 2008-02-11 14:50 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2008-02-09 09:46 . 2008-02-09 09:46 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-02-09 09:43 . 2008-02-09 10:50 1,355 --a------ C:\WINDOWS\imsins.BAK

2008-02-06 20:31 . 1999-10-12 14:36 137,572 --a------ C:\WINDOWS\cep1unin.exe

2008-02-06 20:31 . 2008-02-08 22:09 258 --a------ C:\WINDOWS\coolmp3.ini

2008-02-06 20:29 . 2008-02-08 22:44 18,428 --a------ C:\WINDOWS\Cool.ini

2008-02-06 20:29 . 2008-02-08 22:44 10,705 --a------ C:\WINDOWS\coolcust.ini

2008-02-06 20:29 . 2008-02-08 22:44 0 --a------ C:\WINDOWS\COOLSYS.INI

2008-02-06 13:45 . 2008-02-06 13:45 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nullsoft

2008-01-30 18:15 . 2008-01-30 18:16 12,366,732 --------- C:\avg7qt.dat

2008-01-28 11:10 . 2008-01-28 11:10 <DIR> d-------- C:\Arquivos de programas\SourceTec

2008-01-28 11:10 . 2008-01-28 11:10 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SourceTec

2008-01-17 13:37 . 2008-01-17 13:37 <DIR> d-------- C:\Arquivos de programas\Whiz FTP

2008-01-15 23:41 . 2008-01-15 23:41 <DIR> dr-h----- C:\$VAULT$.AVG

2008-01-15 20:03 . 2008-01-15 20:03 <DIR> d-------- C:\Documents and Settings\Vladmir\Dados de aplicativos\AVG7

2008-01-15 20:02 . 2008-01-15 20:02 <DIR> d-------- C:\Documents and Settings\LocalService.AUTORIDADE NT\Dados de aplicativos\AVG7

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\Vladmir\Configuraþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\vlad\Definiþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\rosely\Definiþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Definiþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\NetworkService.AUTORIDADE NT\Configuraþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Definiþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\LocalService.AUTORIDADE NT\Configuraþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Configuraþ§es locais

2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\Administrador.MASTER-BDEFA930\Configuraþ§es locais

2008-01-14 12:54 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS

2008-01-14 12:53 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\mtbraaoaoolx.sys

2008-01-14 02:19 . 2008-01-14 02:19 <DIR> d-------- C:\Arquivos de programas\Unlocker

2008-01-14 01:07 . 2008-01-14 01:07 140,288 --a------ C:\vcleaner.exe

2008-01-13 21:51 . 2008-01-13 21:51 <DIR> d-------- C:\Documents and Settings\Vladmir\.housecall6.6

2008-01-13 20:59 . 2008-01-13 20:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2008-01-13 13:02 . 2008-01-13 13:03 351,612 --a------ C:\WINDOWS\system32\vsconfig.xml

2008-01-13 11:00 . 2008-01-13 11:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-01-13 11:00 . 2008-01-13 11:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab

2008-01-13 01:41 . 2008-01-13 01:41 <DIR> d-------- C:\Documents and Settings\Vladmir\Dados de aplicativos\Simply Super Software

2008-01-13 01:41 . 2008-01-13 01:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Simply Super Software

2008-01-13 01:41 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-01-13 01:41 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-01-13 01:41 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-01-13 01:41 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-01-13 01:41 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll

2008-01-13 01:24 . 2008-01-13 19:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-01-13 01:24 . 2008-01-13 19:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-01-13 01:24 . 2008-01-13 19:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-01-13 01:24 . 2008-01-13 19:20 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-01-13 01:21 . 2008-01-13 01:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Kaspersky Lab Setup Files

2008-01-12 21:55 . 2008-01-12 21:55 <DIR> d-------- C:\Documents and Settings\Vladmir\Dados de aplicativos\Uniblue

2008-01-12 21:29 . 2008-01-12 21:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Avg7

2008-01-12 17:14 . 2008-01-12 17:14 <DIR> d-------- C:\!KillBox

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-21 13:52 160,349 ----a-w C:\WINDOWS\Sqirlz Morph Uninstaller.exe

2007-12-20 15:28 --------- d-----w C:\Documents and Settings\Vladmir\Dados de aplicativos\Wings3D

2007-12-18 21:44 88,376 ----a-w C:\Documents and Settings\Vladmir\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-12-11 12:27 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-12-11 12:27 286,720 ------w C:\WINDOWS\Setup1.exe

2007-12-10 23:50 56,976 ----a-w C:\WINDOWS\system32\GenSvcInst.exe

2007-12-10 23:50 122,512 ----a-w C:\WINDOWS\system32\bgsvcgen.exe

2007-10-13 16:35 36,868 ----a-w C:\Arquivos de programas\uninst-Particular.exe

2004-01-31 19:54 331,776 ----a-w C:\WINDOWS\inf\pdfinst2.exe

2003-07-14 23:54 205,734,144 ----a-w C:\Documents and Settings\Vladimir\videocd.bin

2006-01-28 09:57 80 --sha-r C:\WINDOWS\Ct4set.bin

2007-09-19 21:43 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2007-09-19 21:43 88 --sh--r C:\WINDOWS\system32\5DEDD50FB4.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:45 15360]

"SpybotSD TeaTimer"="E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-01-15 20:02 579072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-01-15 20:02 219136]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.exe.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.exe.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^VIA RAID TOOL.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\VIA RAID TOOL.lnk

backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Vladmir^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\Vladmir\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Vladmir^Menu Iniciar^Programas^Inicializar^WinMySQLadmin.lnk]

path=C:\Documents and Settings\Vladmir\Menu Iniciar\Programas\Inicializar\WinMySQLadmin.lnk

backup=C:\WINDOWS\pss\WinMySQLadmin.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-05-11 03:06 40048 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

--a------ 2008-01-15 20:02 579072 C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelCorelDRAW10 Reminder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy PDF Creator]

--a------ 2004-02-09 09:50 463872 E:\Arquivos de programas\Easy PDF Creator\EasyPDFCreator.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2002-11-03 22:13 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-02-16 16:15 221184 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-02-16 16:15 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Arquivos de programas\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 17:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]

C:\Arquivos de programas\MSN Apps\Updater\01.02.0002.1001\pt-br\msnappau.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2006-01-24 20:31 7094272 C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 15:40 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

C:\ARQUIV~1\NEWDOT~1\NEWDOT~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2007-08-17 21:48 439872 C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-09-24 03:24 282624 C:\Arquivos de programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Arquivos de programas\ASUSTeK\ASUSDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxAssistant]

--a------ 2003-01-13 14:15 86016 C:\Arquivos de programas\Arquivos comuns\Roxio Shared\Upgrade\RoxAssist.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]

--a------ 2003-01-09 09:21 253952 C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

--a------ 2003-01-13 10:19 757760 C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]

--a------ 2003-01-13 14:05 69632 C:\Arquivos de programas\Arquivos comuns\Roxio Shared\System\EngUtil.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

C:\W

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]

--a------ 2002-06-06 11:15 861184 C:\Arquivos de programas\Alcatel\SpeedTouch USB\Dragdiag.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--a------ 2007-08-31 16:46 1460560 E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StillImageMonitor]

C:\W

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2004-02-22 23:44 32881 C:\Arquivos de programas\Java\j2re1.4.2_04\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

E:\Arquivos de programas\Trojan Remover\Trjscan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

--a------ 2006-09-07 17:19 15872 C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]

C:\Arquivos de programas\WeatherCast\Weather.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

E:\Arquivos de programas\windows_defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WinDefend"=2 (0x2)

"XAMPP"=2 (0x2)

"SoundMAX Agent Service (default)"=2 (0x2)

"Service1"=2 (0x2)

"SandraTheSrv"=3 (0x3)

"SandraDataSrv"=3 (0x3)

"ProtexisLicensing"=2 (0x2)

"IDriverT"=3 (0x3)

"gusvc"=3 (0x3)

"FLEXnet Licensing Service"=3 (0x3)

"CCALib8"=2 (0x2)

"Bonjour Service"=2 (0x2)

"bgsvcgen"=2 (0x2)

"AVG Anti-Spyware Guard"=2 (0x2)

"Adobe LM Service"=3 (0x3)

 

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]

R2 HWiNFO32;HWiNFO32 Kernel Driver;E:\Programas\HWiNFO32\HWiNFO32.SYS [2005-11-03 13:44]

R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-12 09:16:38

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-02-12 9:19:40

ComboFix2.txt 2008-01-15 19:56:10

ComboFix-quarantined-files.txt 2008-02-12 09:19:38

.

2008-02-09 10:42:56 --- E O F ---

 

 

------------------------------------------------

 

 

Logfile of HijackThis v1.99.1

Scan saved at 09:29, on 2008-02-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe

D:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Save Flash\SaveFlash.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.pt/s/v/24.11/uploader2.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

 

-------------------------------------------------------------

Agora apareceu esta linha, e não sei o que seja

O11 - Options group: [iNTERNATIONAL] International*

 

E no combofix...

C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\system32\drivers\down

 

----- BITS: Possible infected sites -----

 

hxxp://www.download.windowsupdate.com

hxxp://go.microsoft.com

 

Veja se está limpo, e se der ainda o que estava causando isso....estou no F.F. agora, vou mudar para o I.E. e navegar para ver se ainda ele se fecha....

 

Obrigadão!

 

t+

Vlad

[vgomespt 0]

Boas...

 

Fui agora salvar uma pequena imagem para máquina , cerca de 5k...fecharam todas as janelas...putz!

[jgarcia 1]

Opa vgomespt,

 

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

 

Salve-o em sua área de trabalho (desktop) e o execute. Aceite o acordo. Clique em Scan e aguarde.

 

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

 

Ao final do scan será gerado o arquivo fsbl-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

 

Abraços.

[vgomespt 0]

Olá JGarcia,

 

Pela sua experiência, viu se tinha alguma coisa a mais que estava afetando o meu I.E. ?!

Já tô achando que é coisa de máquina ...

 

brigadão!

 

t+

Vlad

[jgarcia 1]

Olá JGarcia,

 

Pela sua experiência, viu se tinha alguma coisa a mais que estava afetando o meu I.E. ?!

Já tô achando que é coisa de máquina ...

 

brigadão!

 

t+

Vlad

Eu preciso de um log do BlackLight para saber se há algum malware "escondido"em seu PC. Cadê o log?

[vgomespt 0]

Boas...

 

Só me deu isso.....

 

02/21/08 11:16:52 [info]: BlackLight Engine 1.0.67 initialized

02/21/08 11:16:52 [info]: OS: 5.1 build 2600 (Service Pack 2)

02/21/08 11:16:52 [Note]: 7019 4

02/21/08 11:16:52 [Note]: 7005 0

02/21/08 11:17:01 [Note]: 7006 0

02/21/08 11:17:01 [Note]: 7011 776

02/21/08 11:17:01 [Note]: 7026 0

02/21/08 11:17:02 [Note]: 7026 0

02/21/08 11:17:05 [Note]: FSRAW library version 1.7.1024

02/21/08 11:23:39 [Note]: 7007 0

[jgarcia 1]

Opa vgomespt,

 

Baixe o SilentRunners.

 

Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

 

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta.

 

Abraços.

 

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

[vgomespt 0]

Boas..

 

O AVG e nem o spybot reclaram....

 

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"SpybotSD TeaTimer" = "E:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

"MSMSGS" = ""C:\Arquivos de programas\Messenger\msmsgs.exe" /background" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"AVG7_CC" = "C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Facilitador de Leitor de Link Adobe PDF"

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Spybot-S&D IE Protection"

\InProcServer32\(Default) = "E:\ARQUIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensão do 'Painel de controle' para panorâmica de vídeo"

-> {HKLM...CLSID} = "Extensão do 'Painel de controle' para panorâmica de vídeo"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone do HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Extensão de ícones de ficheiros do Outlook"

\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Arquivos de programas\Microsoft Office\Office10\msohev.dll" [MS]

"{8f7261d0-d2b9-11d2-9909-00605205b24c}" = "CuteFTP Shell Extension"

-> {HKLM...CLSID} = "CuteFTP Shell Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\CuteShell.dll" [empty string]

"{4EB37360-49E8-11D3-95B5-004033382980}" = "ALZip 4.0 Context Menu Shell Extension"

-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\ARQUIV~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"

-> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"

\InProcServer32\(Default) = "C:\Arquivos de programas\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll" ["Roxio"]

"{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC}" = "My Media"

-> {HKLM...CLSID} = "My Media"

\InProcServer32\(Default) = "C:\Arquivos de programas\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll" ["Roxio, Inc."]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll" [file not found]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll" [file not found]

"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"

-> {HKLM...CLSID} = "Trojan Remover Shell Extension"

\InProcServer32\(Default) = "E:\ARQUIV~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Arquivos de programas\Unlocker\UnlockerCOM.dll" [null data]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"

-> {HKLM...CLSID} = "AVG7 Find Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll" [file not found]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\ARQUIV~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

CuteFTP\(Default) = "{8f7261d0-d2b9-11d2-9909-00605205b24c}"

-> {HKLM...CLSID} = "CuteFTP Shell Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\CuteShell.dll" [empty string]

Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"

-> {HKLM...CLSID} = "Trojan Remover Shell Extension"

\InProcServer32\(Default) = "E:\ARQUIV~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]

 

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\ARQUIV~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]

CuteFTP\(Default) = "{8f7261d0-d2b9-11d2-9909-00605205b24c}"

-> {HKLM...CLSID} = "CuteFTP Shell Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\CuteShell.dll" [empty string]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\ARQUIV~1\ESTsoft\ALZip\AZCTM.dll" ["ESTsoft"]

AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG7 Shell Extension Class"

\InProcServer32\(Default) = "C:\Arquivos de programas\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]

Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"

-> {HKLM...CLSID} = "Trojan Remover Shell Extension"

\InProcServer32\(Default) = "E:\ARQUIV~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Arquivos de programas\Unlocker\UnlockerCOM.dll" [null data]

 

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Arquivos de programas\Unlocker\UnlockerCOM.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Vladmir\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp"

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "C:\Arquivos de programas\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

 

Transport Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{4064EA35-578D-4073-A834-C96D82CBCF40}"

-> {HKLM...CLSID} = "&Save Flash"

\InProcServer32\(Default) = "C:\Arquivos de programas\Save Flash\SaveFlash.dll" ["TODO: <Company name>"]

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{4064EA35-578D-4073-A834-C96D82CBCF40}" = (no title provided)

-> {HKLM...CLSID} = "&Save Flash"

\InProcServer32\(Default) = "C:\Arquivos de programas\Save Flash\SaveFlash.dll" ["TODO: <Company name>"]

 

 

---------------------------------------------

Alguma coisa ?! Não me deixe no escuro....

 

Brigadão !

 

T+

Vlad

[jgarcia 1]

Opa vgomespt,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

[vgomespt 0]

Boas...

 

 

 

Incidência Estado Localização

 

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\WINDOWS\Nircmd.exe

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\VLAD\Application Data\Mozilla\Firefox\Profiles\pyvlwxa6.default\COOKIES.TXT[.ig.com.br/]

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\Documents and Settings\Vladmir\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]

Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\Documents and Settings\Vladmir\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Vladmir\Cookies\vladmir@uol.com[1].txt

Hacktool:Exploit/IFrame.FileDownload Não desinfectado C:\Programas\XAMPP\HTDOCS\MOODLE\MOD\QUIZ\protect_js.php

Adware:Adware/Aureate-Radiate Não desinfectado D:\Programas\CUTEFTP.EXE

Adware:Adware/Aureate-Radiate Não desinfectado E:\Programas\CUTEFTP.EXE

Possível Vírus. Renomeado E:\EMULE\Aone Ultra Video Splitter v4.1.0\KEYGEN.EXE

Virus:Trj/Bancos.RQ

[jgarcia 1]

Opa vgomespt,

 

Vamos lá.

 

Habilite o Windows para mostrar todos os arquivos (até ocultos).

 

1ª Etapa

 

Baixe o CCleaner em:

CCleaner

 

Baixe, mas não execute ainda.

 

Baixe o Killbox em:

Killbox

 

1. Execute o Killbox, clique em Delete on Reboot.

 

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

 

C:\Programas\XAMPP\HTDOCS\MOODLE\MOD\QUIZ\protect_js.php

E:\EMULE\Aone Ultra Video Splitter v4.1.0\KEYGEN.EXE

D:\Programas\CUTEFTP.EXE

E:\Programas\CUTEFTP.EXE

 

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

 

4. Aperte em "X". Responda "não" à pergunta.

 

2ª Etapa

 

Reinicie em Modo Normal.

 

Delete o conteúdo da seguinte pasta:

 

C:\!Killbox

 

Execute o CCleaner e clique em Executar Limpeza.

 

Execute o Active Scan novamente e veja se ainda detecta algo.

 

Um abraço.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.