[Resolvido!]68159.exe

[JOMALOSA 0]

Executei o HijackThis e no log verifiquei a entrada "O4 - HKCU\..\Run: [68159] C:\WINDOWS/68159.exe". Pesquisando na internet sobre aquele "exe" fui levado ao site http://www.prevx.com/groupwareday.asp?d=941, que diz que é um backdoor.

Por favor peço a vossa ajuda caso realmente seja algum malware.

Anexo envio o log do HijackThis.

Obrigado

José Mário

 

Logfile of HijackThis v1.99.1

Scan saved at 13:04:19, on 12/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\rsvp.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

D:\HijackThis1991\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

O4 - HKCU\..\Run: [68159] C:\WINDOWS/68159.exe

O4 - Startup: FSL Launcher.lnk = C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

[DigRam 144]

Bom Dia JOMALOSA!

 

>@< Em Modo de Segurança,delete manualmente o arquivo,em destaque,e remova a entrada ( ...com o HijackThis ).

>@< Caso não à encontre,faça-o em Modo Normal...mas,feche todos os programas ao faze-lo.

 

O4 - HKCU\..\Run: [68159] C:\WINDOWS/68159.exe

 

>@< Marque-a e clique em Fix checked.

________________________

 

>@< Poste,em Modo Normal,um novo log do HijackThis.

 

Abraços!

[JOMALOSA 0]

Boa Tarde DigRam,

 

Como me orientou entrei em Modo de Segurança e verifiquei o seguinte:

- Não encontrei o arquivo 68159.exe em C:\WINDOWS/

- Entrei em “Pesquisar” e também nada foi encontrado

- Fui em Ferramentas/Opções de pasta/Modo de exibição e desmarquei a opção

“OCULTAR ARQUIVOS PROTEGIDOS DO SISTEMA OPERACIONAL (RECOMENDADO)”

- Voltei a analisar e a pesquisar e nada encontrei

- Executei o HijackThis e o arquivo estava na listagem.

 

Entrei em Modo Normal e executei a rotina anterior e claro, também não encontrei o arquivo, mas consta no HijackThis.

 

Estou postando outro log do HijackThis, em Modo Normal, e aguardo sua orientação.

Obrigado e abraços

José Mário

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:56:36, on 14/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

D:\HijackThis1991\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

O4 - HKCU\..\Run: [68159] C:\WINDOWS/68159.exe

O4 - Startup: FSL Launcher.lnk = C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

[DigRam 144]

Boa Noite JOMALOSA!

 

>@< Faça o download do SDFix.

>@< Salve-o no Disco Local-C e,descompacte-o aì mesmo.

>@< Reinicie o computador em Modo de Segurança.

>@< Dê um duplo clique em: < runThis.bat >

>@< Aperte o Y.

>@< Aguarde a conclusão!

>@< Terminando,aperte Enter.( ...ou,qualquer tecla!)

>@< O computador será reiniciado!

>@< Aguarde,ainda,a conclusão da limpeza.

_________________________

 

>@< Poste o relatório:Report.txt,na sua resposta + HJT,atualizado.

 

Abraços!

[JOMALOSA 0]

Boa Noite DigRam,

 

Executei a rotina solicitada e a seguir estão o Report.txt e o log do HijackThis.

 

Obrigado

José Mário

 

 

 

SDFix: Version 1.142

 

Run by Administrador on qui 14/02/2008 at 23:40

 

Microsoft Windows XP [versÆo 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files...

 

ADS Check:

 

 

 

Final Check:

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-14 23:46:15

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0050f2e8cb97]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0050f2e8cb97]

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Arquivos de programas\\CallIT\\ADPHONE\\ADPHONETuner.exe"="C:\\Arquivos de programas\\CallIT\\ADPHONE\\ADPHONETuner.exe:*:Enabled:ADPHONETuner"

"C:\\Arquivos de programas\\DremTeamShare\\DreMule\\emule.exe"="C:\\Arquivos de programas\\DremTeamShare\\DreMule\\emule.exe:*:Enabled:Dreamule"

"C:\\Arquivos de programas\\DreMule\\emule.exe"="C:\\Arquivos de programas\\DreMule\\emule.exe:*:Enabled:DreaMule"

"C:\\Arquivos de programas\\CallIT\\ADPHONE\\ADPHONE.exe"="C:\\Arquivos de programas\\CallIT\\ADPHONE\\ADPHONE.exe:*:Enabled:ADPHONE"

"C:\\Arquivos de programas\\eMule\\emule.exe"="C:\\Arquivos de programas\\eMule\\emule.exe:*:Enabled:eMuleMorphXT"

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"="C:\\Arquivos de programas\\iTunes\\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files:

---------------

 

 

Files with Hidden Attributes:

 

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"

Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"

Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"

Sun 16 Dec 2007 195,072 A..H. --- "C:\Arquivos de programas\Intermedia Design\Helium 2007\UserDataRemove.exe"

Sun 16 Dec 2007 824,832 A..H. --- "C:\Documents and Settings\All Users\Dados de aplicativos\Data\LicenseManager2007.dll"

Mon 11 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT2.tmp"

 

Finished!

 

 

---------------

 

 

Logfile of HijackThis v1.99.1

Scan saved at 23:52:10, on 14/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

D:\HijackThis1991\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

O4 - HKCU\..\Run: [68159] C:\WINDOWS/68159.exe

O4 - Startup: FSL Launcher.lnk = C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

[DigRam 144]

Boa Noite JOMALOSA!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

______________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[JOMALOSA 0]

Boa Noite DigRam,

 

Aqui estão os logs solicitados.

Obrigado

José Mário

 

 

ComboFix 08-02-16.2 - Administrador 2008-02-15 21:05:28.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.2381 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-01-16 to 2008-02-16 ))))))))))))))))))))))))))))))))

.

 

2008-02-14 23:40 . 2004-08-03 23:45 577,536 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll

2008-02-14 23:39 . 2008-02-14 23:39 <DIR> d-------- C:\WINDOWS\ERUNT

2008-02-14 23:02 . 2008-02-14 23:48 <DIR> d-------- C:\SDFix

2008-02-14 23:02 . 2008-02-14 23:02 1,308,807 --a------ C:\SDFix.exe

2008-02-14 14:58 . 2008-02-14 14:58 <DIR> d-------- C:\Arquivos de programas\Webteh

2008-02-14 14:43 . 2008-02-14 14:43 <DIR> d-------- C:\Arquivos de programas\Nuclear Coffee

2008-02-14 14:23 . 2008-02-14 14:27 <DIR> d-------- C:\Arquivos de programas\You Ripper

2008-02-14 14:23 . 2008-02-14 14:23 92,728 --------- C:\WINDOWS\system32\bass.dll

2008-02-12 14:23 . 2008-02-12 14:23 <DIR> d-------- C:\Arquivos de programas\Google Hacks

2008-02-12 13:15 . 2008-02-14 14:11 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2008-02-12 13:15 . 2008-02-12 13:15 <DIR> d-------- C:\Arquivos de programas\iTunes

2008-02-12 13:15 . 2008-02-12 13:15 <DIR> d-------- C:\Arquivos de programas\iPod

2008-02-12 13:15 . 2008-02-15 11:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-12 13:15 . 2008-02-12 13:15 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-12 13:14 . 2008-02-12 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-02-12 13:14 . 2008-02-12 13:14 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-02-12 13:14 . 2008-02-12 13:14 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2008-02-12 13:13 . 2008-02-12 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-02-11 23:46 . 2008-02-14 21:51 <DIR> d-------- C:\Arquivos de programas\eMule

2008-02-11 19:14 . 2008-02-14 22:12 <DIR> d-------- C:\Arquivos de programas\DreMule

2008-02-11 14:32 . 2008-02-11 14:32 0 --a------ C:\WINDOWS\QuickInstall.INI

2008-02-11 14:31 . 2008-02-11 14:31 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Arcsoft

2008-02-11 14:26 . 2008-02-11 14:32 <DIR> d-------- C:\Arquivos de programas\palmOne

2008-02-11 11:23 . 2008-02-12 10:29 <DIR> d-------- C:\Arquivos de programas\Google

2008-02-11 11:05 . 2006-03-02 16:29 204,800 --a------ C:\WINDOWS\system32\outsidex.ocx

2008-02-10 22:39 . 2008-02-10 22:40 19 --a------ C:\WINDOWS\system32\p.d

2008-02-10 22:34 . 2008-02-11 19:54 <DIR> d-------- C:\Arquivos de programas\Puran Defrag

2008-02-10 22:34 . 2004-04-12 17:27 609,584 --a------ C:\WINDOWS\system32\comctl32.ocx

2008-02-10 22:34 . 2007-12-02 16:35 159,849 --a------ C:\WINDOWS\system32\PuranDefragS.exe

2008-02-10 22:34 . 2007-12-09 19:52 139,264 --a------ C:\WINDOWS\system32\PuranDefrag.exe

2008-02-10 22:34 . 2007-12-09 16:27 36,864 --a------ C:\WINDOWS\system32\PuranDefragBT.exe

2008-02-10 22:34 . 2007-10-25 14:45 28,767 --a------ C:\WINDOWS\system32\PuranDefrag.dll

2008-02-10 22:34 . 1997-03-07 12:18 2,306 --a------ C:\WINDOWS\system32\ictxmenu.tlb

2008-02-10 22:34 . 1997-03-07 12:18 2,292 --a------ C:\WINDOWS\system32\idataobj.tlb

2008-02-10 22:34 . 2007-07-13 00:45 750 --a------ C:\WINDOWS\system32\PuranDefrag.exe.manifest

2008-02-10 22:34 . 2008-02-10 22:40 3 --a------ C:\WINDOWS\system32\pd.id

2008-02-10 22:19 . 2008-02-10 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Intermedia Design

2008-02-10 22:19 . 2008-02-10 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Data

2008-02-10 21:57 . 2008-02-11 12:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-02-10 21:44 . 2008-02-10 22:19 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Intermedia Design

2008-02-10 21:42 . 2008-02-10 22:19 <DIR> d-------- C:\Arquivos de programas\Intermedia Design

2008-02-10 21:42 . 2002-02-04 01:52 1,230,336 --a------ C:\WINDOWS\system32\msxml4.dll

2008-02-10 21:42 . 2002-02-04 01:43 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll

2008-02-10 21:42 . 2003-04-18 15:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-02-10 20:39 . 2008-02-10 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TreeCardGames

2008-02-10 20:39 . 2008-02-10 23:00 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\SolSuite

2008-02-10 20:39 . 2008-02-10 20:40 <DIR> d-------- C:\Arquivos de programas\SolSuite

2008-02-10 20:31 . 2008-02-10 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WinZip

2008-02-10 19:03 . 2008-02-10 19:03 <DIR> d-------- C:\Documents and Settings\Administrador\FSL

2008-02-10 19:03 . 2008-02-10 19:03 <DIR> d-------- C:\Arquivos de programas\FSL

2008-02-10 18:50 . 2008-02-12 12:02 <DIR> d-------- C:\Arquivos de programas\SpywareBlaster

2008-02-10 18:50 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-02-10 17:41 . 2008-02-10 17:43 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-02-09 20:52 . 2008-02-09 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-09 20:52 . 2008-02-09 20:53 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-02-09 19:00 . 2008-02-09 19:00 18,632 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT

2008-02-09 18:25 . 2008-02-09 18:25 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-02-09 17:07 . 2008-02-09 17:07 379 --a------ C:\WINDOWS\ODBC.INI

2008-02-09 17:06 . 2003-06-18 16:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-02-09 17:04 . 2008-02-09 17:04 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-02-09 17:04 . 2008-02-09 17:04 <DIR> d-------- C:\Arquivos de programas\Microsoft ActiveSync

2008-02-09 17:00 . 2008-02-09 17:00 <DIR> dr-h----- C:\MSOCache

2008-02-09 15:20 . 2008-02-09 15:20 <DIR> d-------- C:\Arquivos de programas\On2 Technologies

2008-02-09 15:20 . 2006-03-24 16:01 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll

2008-02-09 15:20 . 2006-03-24 16:09 237,568 --a------ C:\WINDOWS\system32\vp7dec.ax

2008-02-09 15:20 . 2005-10-25 12:10 53,248 --a------ C:\WINDOWS\system32\vp7dec_settings.cpl

2008-02-09 14:59 . 2008-02-09 15:00 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-09 13:29 . 2007-12-04 10:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-02-09 13:29 . 2004-01-09 06:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-02-09 13:29 . 2007-12-04 09:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-02-09 13:29 . 2007-12-04 11:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-02-09 13:29 . 2007-12-04 11:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-02-09 13:29 . 2007-12-04 11:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-02-09 13:29 . 2007-12-04 11:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-02-09 13:29 . 2007-12-04 11:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-02-09 13:28 . 2008-02-09 13:28 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-02-09 13:23 . 2008-02-09 13:23 <DIR> d---s---- C:\Documents and Settings\Administrador\UserData

2008-02-09 11:16 . 2008-02-09 13:19 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-02-09 10:42 . 2008-02-09 13:09 121 --a------ C:\WINDOWS\bdagent.INI

2008-02-09 10:29 . 2008-02-09 11:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\BitDefender

2008-02-09 01:11 . 2007-07-30 18:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-02-09 01:11 . 2007-07-30 18:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-09 01:10 . 2007-07-30 18:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-09 01:05 . 2008-02-09 01:11 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-09 00:56 . 2008-02-09 01:12 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Winamp

2008-02-09 00:56 . 2008-02-09 00:58 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-02-09 00:24 . 2008-02-09 00:50 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts

2008-02-09 00:17 . 2008-02-09 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-09 00:17 . 2008-02-09 00:23 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-02-09 00:17 . 2008-02-09 00:23 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-09 00:09 . 2004-08-03 23:45 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-02-09 00:09 . 2004-08-03 23:45 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

2008-02-09 00:03 . 2008-02-09 00:03 <DIR> d-------- C:\Arquivos de programas\Microsoft IntelliPoint

2008-02-09 00:01 . 2004-08-03 23:45 153,600 --a------ C:\WINDOWS\system32\irftp.exe

2008-02-09 00:01 . 2004-08-03 23:45 153,600 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe

2008-02-09 00:01 . 2004-08-03 23:45 27,648 --a------ C:\WINDOWS\system32\irmon.dll

2008-02-09 00:01 . 2004-08-03 23:45 27,648 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll

2008-02-09 00:01 . 2004-08-03 23:45 8,192 --a------ C:\WINDOWS\system32\wshirda.dll

2008-02-09 00:01 . 2004-08-03 23:45 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll

2008-02-09 00:00 . 2008-02-15 11:49 <DIR> d-------- C:\WINDOWS\system32\Lang

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-08 20:30 558,142 ----a-w C:\WINDOWS\java\Packages\Z7F139BR.ZIP

2008-02-08 20:30 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-02-08 20:29 155,995 ----a-w C:\WINDOWS\java\Packages\RZJ9FH7R.ZIP

2008-02-08 20:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-02-08 20:27 --------- d-----w C:\Arquivos de programas\Serviços on-line

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]

"ADPHONE"="C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE" [2007-11-19 14:18 2482176]

"68159"="C:\WINDOWS/68159.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 04:29 7561216]

"RTHDCPL"="RTHDCPL.EXE" [2005-05-25 12:37 14477312 C:\WINDOWS\RTHDCPL.EXE]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]

"SDTray"="C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe" [2007-08-02 09:49 1063752]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:45 110592 C:\WINDOWS\system32\bthprops.cpl]

"IntelliPoint"="C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe" [2004-06-03 05:50 204800]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:45 15360]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

FSL Launcher.lnk - C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe [2008-02-10 19:03:28 1481728]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADPHONE]

--a------ 2007-11-19 14:18 2482176 C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-01-28 10:43 2097488 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"XCOMM"=2 (0x2)

"VSSERV"=2 (0x2)

"LIVESRV"=2 (0x2)

"bdss"=2 (0x2)

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-15 21:06:56

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-02-15 21:09:04

.

2008-02-11 00:57:55 --- E O F ---

 

 

------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 21:13:34, on 15/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

D:\HijackThis1991\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

O4 - HKCU\..\Run: [68159] C:\WINDOWS/68159.exe

O4 - Startup: FSL Launcher.lnk = C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

[DigRam 144]

Boa Noite JOMALOSA!

 

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do code,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::C:\WINDOWS/68159.exeRegistry::[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\68159]

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório: C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[JOMALOSA 0]

DigRam,

De novo estou postando os logs solicitados

Abraços

José Mário

 

 

ComboFix 08-02-16.2 - Administrador 2008-02-15 22:26:57.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.2374 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE

C:\WINDOWS/68159.exe

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-01-16 to 2008-02-16 ))))))))))))))))))))))))))))))))

.

 

2008-02-14 23:40 . 2004-08-03 23:45 577,536 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll

2008-02-14 23:39 . 2008-02-14 23:39 <DIR> d-------- C:\WINDOWS\ERUNT

2008-02-14 23:02 . 2008-02-14 23:48 <DIR> d-------- C:\SDFix

2008-02-14 23:02 . 2008-02-14 23:02 1,308,807 --a------ C:\SDFix.exe

2008-02-14 14:58 . 2008-02-14 14:58 <DIR> d-------- C:\Arquivos de programas\Webteh

2008-02-14 14:43 . 2008-02-14 14:43 <DIR> d-------- C:\Arquivos de programas\Nuclear Coffee

2008-02-14 14:23 . 2008-02-14 14:27 <DIR> d-------- C:\Arquivos de programas\You Ripper

2008-02-14 14:23 . 2008-02-14 14:23 92,728 --------- C:\WINDOWS\system32\bass.dll

2008-02-12 14:23 . 2008-02-12 14:23 <DIR> d-------- C:\Arquivos de programas\Google Hacks

2008-02-12 13:15 . 2008-02-14 14:11 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2008-02-12 13:15 . 2008-02-12 13:15 <DIR> d-------- C:\Arquivos de programas\iTunes

2008-02-12 13:15 . 2008-02-12 13:15 <DIR> d-------- C:\Arquivos de programas\iPod

2008-02-12 13:15 . 2008-02-15 11:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-12 13:15 . 2008-02-12 13:15 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-12 13:14 . 2008-02-12 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-02-12 13:14 . 2008-02-12 13:14 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-02-12 13:14 . 2008-02-12 13:14 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2008-02-12 13:13 . 2008-02-12 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-02-11 23:46 . 2008-02-14 21:51 <DIR> d-------- C:\Arquivos de programas\eMule

2008-02-11 19:14 . 2008-02-14 22:12 <DIR> d-------- C:\Arquivos de programas\DreMule

2008-02-11 14:32 . 2008-02-11 14:32 0 --a------ C:\WINDOWS\QuickInstall.INI

2008-02-11 14:31 . 2008-02-11 14:31 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Arcsoft

2008-02-11 14:26 . 2008-02-11 14:32 <DIR> d-------- C:\Arquivos de programas\palmOne

2008-02-11 11:23 . 2008-02-12 10:29 <DIR> d-------- C:\Arquivos de programas\Google

2008-02-11 11:05 . 2006-03-02 16:29 204,800 --a------ C:\WINDOWS\system32\outsidex.ocx

2008-02-10 22:39 . 2008-02-10 22:40 19 --a------ C:\WINDOWS\system32\p.d

2008-02-10 22:34 . 2008-02-11 19:54 <DIR> d-------- C:\Arquivos de programas\Puran Defrag

2008-02-10 22:34 . 2004-04-12 17:27 609,584 --a------ C:\WINDOWS\system32\comctl32.ocx

2008-02-10 22:34 . 2007-12-02 16:35 159,849 --a------ C:\WINDOWS\system32\PuranDefragS.exe

2008-02-10 22:34 . 2007-12-09 19:52 139,264 --a------ C:\WINDOWS\system32\PuranDefrag.exe

2008-02-10 22:34 . 2007-12-09 16:27 36,864 --a------ C:\WINDOWS\system32\PuranDefragBT.exe

2008-02-10 22:34 . 2007-10-25 14:45 28,767 --a------ C:\WINDOWS\system32\PuranDefrag.dll

2008-02-10 22:34 . 1997-03-07 12:18 2,306 --a------ C:\WINDOWS\system32\ictxmenu.tlb

2008-02-10 22:34 . 1997-03-07 12:18 2,292 --a------ C:\WINDOWS\system32\idataobj.tlb

2008-02-10 22:34 . 2007-07-13 00:45 750 --a------ C:\WINDOWS\system32\PuranDefrag.exe.manifest

2008-02-10 22:34 . 2008-02-10 22:40 3 --a------ C:\WINDOWS\system32\pd.id

2008-02-10 22:19 . 2008-02-10 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Intermedia Design

2008-02-10 22:19 . 2008-02-10 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Data

2008-02-10 21:57 . 2008-02-11 12:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-02-10 21:44 . 2008-02-10 22:19 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Intermedia Design

2008-02-10 21:42 . 2008-02-10 22:19 <DIR> d-------- C:\Arquivos de programas\Intermedia Design

2008-02-10 21:42 . 2002-02-04 01:52 1,230,336 --a------ C:\WINDOWS\system32\msxml4.dll

2008-02-10 21:42 . 2002-02-04 01:43 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll

2008-02-10 21:42 . 2003-04-18 15:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-02-10 20:39 . 2008-02-10 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TreeCardGames

2008-02-10 20:39 . 2008-02-10 23:00 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\SolSuite

2008-02-10 20:39 . 2008-02-10 20:40 <DIR> d-------- C:\Arquivos de programas\SolSuite

2008-02-10 20:31 . 2008-02-10 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WinZip

2008-02-10 19:03 . 2008-02-10 19:03 <DIR> d-------- C:\Documents and Settings\Administrador\FSL

2008-02-10 19:03 . 2008-02-10 19:03 <DIR> d-------- C:\Arquivos de programas\FSL

2008-02-10 18:50 . 2008-02-12 12:02 <DIR> d-------- C:\Arquivos de programas\SpywareBlaster

2008-02-10 18:50 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-02-10 17:41 . 2008-02-10 17:43 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-02-09 20:52 . 2008-02-09 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-09 20:52 . 2008-02-09 20:53 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-02-09 19:00 . 2008-02-09 19:00 18,632 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT

2008-02-09 18:25 . 2008-02-09 18:25 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-02-09 17:07 . 2008-02-09 17:07 379 --a------ C:\WINDOWS\ODBC.INI

2008-02-09 17:06 . 2003-06-18 16:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-02-09 17:04 . 2008-02-09 17:04 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-02-09 17:04 . 2008-02-09 17:04 <DIR> d-------- C:\Arquivos de programas\Microsoft ActiveSync

2008-02-09 17:00 . 2008-02-09 17:00 <DIR> dr-h----- C:\MSOCache

2008-02-09 15:20 . 2008-02-09 15:20 <DIR> d-------- C:\Arquivos de programas\On2 Technologies

2008-02-09 15:20 . 2006-03-24 16:01 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll

2008-02-09 15:20 . 2006-03-24 16:09 237,568 --a------ C:\WINDOWS\system32\vp7dec.ax

2008-02-09 15:20 . 2005-10-25 12:10 53,248 --a------ C:\WINDOWS\system32\vp7dec_settings.cpl

2008-02-09 14:59 . 2008-02-09 15:00 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-02-09 13:29 . 2007-12-04 10:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-02-09 13:29 . 2004-01-09 06:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-02-09 13:29 . 2007-12-04 09:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-02-09 13:29 . 2007-12-04 11:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-02-09 13:29 . 2007-12-04 11:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-02-09 13:29 . 2007-12-04 11:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-02-09 13:29 . 2007-12-04 11:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-02-09 13:29 . 2007-12-04 11:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-02-09 13:28 . 2008-02-09 13:28 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-02-09 13:23 . 2008-02-09 13:23 <DIR> d---s---- C:\Documents and Settings\Administrador\UserData

2008-02-09 11:16 . 2008-02-09 13:19 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-02-09 10:42 . 2008-02-09 13:09 121 --a------ C:\WINDOWS\bdagent.INI

2008-02-09 10:29 . 2008-02-09 11:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\BitDefender

2008-02-09 01:11 . 2007-07-30 18:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-02-09 01:11 . 2007-07-30 18:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-02-09 01:10 . 2007-07-30 18:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-02-09 01:05 . 2008-02-09 01:11 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-09 00:56 . 2008-02-09 01:12 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Winamp

2008-02-09 00:56 . 2008-02-09 00:58 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-02-09 00:24 . 2008-02-09 00:50 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts

2008-02-09 00:17 . 2008-02-09 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-09 00:17 . 2008-02-09 00:23 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-02-09 00:17 . 2008-02-09 00:23 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-02-09 00:09 . 2004-08-03 23:45 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-02-09 00:09 . 2004-08-03 23:45 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

2008-02-09 00:03 . 2008-02-09 00:03 <DIR> d-------- C:\Arquivos de programas\Microsoft IntelliPoint

2008-02-09 00:01 . 2004-08-03 23:45 153,600 --a------ C:\WINDOWS\system32\irftp.exe

2008-02-09 00:01 . 2004-08-03 23:45 153,600 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe

2008-02-09 00:01 . 2004-08-03 23:45 27,648 --a------ C:\WINDOWS\system32\irmon.dll

2008-02-09 00:01 . 2004-08-03 23:45 27,648 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll

2008-02-09 00:01 . 2004-08-03 23:45 8,192 --a------ C:\WINDOWS\system32\wshirda.dll

2008-02-09 00:01 . 2004-08-03 23:45 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll

2008-02-09 00:00 . 2008-02-15 11:49 <DIR> d-------- C:\WINDOWS\system32\Lang

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-08 20:30 558,142 ----a-w C:\WINDOWS\java\Packages\Z7F139BR.ZIP

2008-02-08 20:30 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-02-08 20:29 155,995 ----a-w C:\WINDOWS\java\Packages\RZJ9FH7R.ZIP

2008-02-08 20:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-02-08 20:27 --------- d-----w C:\Arquivos de programas\Serviços on-line

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]

"ADPHONE"="C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE" [2007-11-19 14:18 2482176]

"68159"="C:\WINDOWS/68159.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 04:29 7561216]

"RTHDCPL"="RTHDCPL.EXE" [2005-05-25 12:37 14477312 C:\WINDOWS\RTHDCPL.EXE]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]

"SDTray"="C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe" [2007-08-02 09:49 1063752]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:45 110592 C:\WINDOWS\system32\bthprops.cpl]

"IntelliPoint"="C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe" [2004-06-03 05:50 204800]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:45 15360]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

FSL Launcher.lnk - C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe [2008-02-10 19:03:28 1481728]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADPHONE]

--a------ 2007-11-19 14:18 2482176 C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-01-28 10:43 2097488 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"XCOMM"=2 (0x2)

"VSSERV"=2 (0x2)

"LIVESRV"=2 (0x2)

"bdss"=2 (0x2)

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-15 22:28:18

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-02-15 22:29:48

.

2008-02-11 00:57:55 --- E O F ---

 

 

--------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 22:39:04, on 15/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\explorer.exe

D:\HijackThis1991\HijackThis.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

O4 - HKCU\..\Run: [68159] C:\WINDOWS/68159.exe

O4 - Startup: FSL Launcher.lnk = C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

[DigRam 144]

Boa Noite JOMALOSA!

 

>@< Navegue até a pasta em destaque:

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"68159"

 

>@< Encontrando-a,pode deletar!

______________________

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

______________________

 

>@< Poste,então: Relatório do BitDefender + Log do HijackThis,atualizado.

>@< Ps: O relatório do BitDefender,estará em: C\Windows\BDOSCAN8\bdoscan.txt

 

Abraços!

[JOMALOSA 0]

DigRam,

 

Abaixo estão os logs do Bitdefender e do HijackThis.

Um abraço e obrigado.

José Mário

 

 

 

[General]

App = "BitDefender Online Scanner v8"

Date = 16:02:2008

Time = 19:13:56

Scan Path = A:\;C:\;D:\;E:\;

 

[Engines Info]

Virus Definitions = 981525

Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"

Scan plugins = 16

Archive plugins = 41

Unpack plugins = 7

E-mail plugins = 6

System plugins = 5

 

[scan Statistics]

Folders = 4225

Files = 250815

Archives = 3106

Packed files = 12439

Identified viruses = 3

Infected files = 4

Warnings = 0

Suspect files = 4

Disinfected files = 0

Deleted files = 8

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 39

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000027 = "C:\System Volume Information\_restore{1173B065-3EE4-4E2B-B05D-95722FE486E0}\RP31\A0010679.exe Infected with: Backdoor.SDBot.DETV"

Line00000026 = "C:\System Volume Information\_restore{1173B065-3EE4-4E2B-B05D-95722FE486E0}\RP31\A0010679.exe Deleted"

Line00000025 = "D:\Downloads_Softwares\Regcure_1_5_0_0.rar=>RegCure_v1.5.0.0\RegCure_v1.5.0.0\ParetoLogic_Slayer_v1.4.exe Infected with: Packer.PESpin.A"

Line00000024 = "D:\Downloads_Softwares\Regcure_1_5_0_0.rar=>RegCure_v1.5.0.0\RegCure_v1.5.0.0\ParetoLogic_Slayer_v1.4.exe Disinfection failed"

Line00000023 = "D:\Downloads_Softwares\Regcure_1_5_0_0.rar=>RegCure_v1.5.0.0\RegCure_v1.5.0.0\ParetoLogic_Slayer_v1.4.exe Deleted"

Line00000022 = "D:\Downloads_Softwares\Regcure_1_5_0_0.rar Update failed"

Line00000021 = "D:\Programas_Após_Instalação_XP\DreaMule30.exe Infected with: Trojan.Generic.79118"

Line00000020 = "D:\Programas_Após_Instalação_XP\DreaMule30.exe Deleted"

Line00000019 = "D:\System Volume Information\_restore{1173B065-3EE4-4E2B-B05D-95722FE486E0}\RP42\A0013505.exe Infected with: Trojan.Generic.79118"

Line00000018 = "D:\System Volume Information\_restore{1173B065-3EE4-4E2B-B05D-95722FE486E0}\RP42\A0013505.exe Deleted"

Line00000017 = "D:\VB\Visual_Basic_Docs\1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip=>Control Ou24244872001/Control Outlook.frm Suspected of: Type_ScriptMailer"

Line00000016 = "D:\VB\Visual_Basic_Docs\1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip=>Control Ou24244872001/Control Outlook.frm Disinfection failed"

Line00000015 = "D:\VB\Visual_Basic_Docs\1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip=>Control Ou24244872001/Control Outlook.frm Deleted"

Line00000014 = "D:\VB\Visual_Basic_Docs\1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip Updated"

Line00000013 = "D:\VB\Visual_Basic_Docs\1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip=>Email by Outlook Automation/frmEMail.frm Suspected of: Type_ScriptMailer"

Line00000012 = "D:\VB\Visual_Basic_Docs\1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip=>Email by Outlook Automation/frmEMail.frm Disinfection failed"

Line00000011 = "D:\VB\Visual_Basic_Docs\1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip=>Email by Outlook Automation/frmEMail.frm Deleted"

Line00000010 = "D:\VB\Visual_Basic_Docs\1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip Updated"

Line00000009 = "D:\VB\Visual_Basic_Docs\1000s of Visual Basic Source Code examples.zip Updated"

Line00000008 = "D:\VB\Visual_Basic_Docs\VB_1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip=>Control Ou24244872001/Control Outlook.frm Suspected of: Type_ScriptMailer"

Line00000007 = "D:\VB\Visual_Basic_Docs\VB_1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip=>Control Ou24244872001/Control Outlook.frm Disinfection failed"

Line00000006 = "D:\VB\Visual_Basic_Docs\VB_1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip=>Control Ou24244872001/Control Outlook.frm Deleted"

Line00000005 = "D:\VB\Visual_Basic_Docs\VB_1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip Updated"

Line00000004 = "D:\VB\Visual_Basic_Docs\VB_1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip=>Email by Outlook Automation/frmEMail.frm Suspected of: Type_ScriptMailer"

Line00000003 = "D:\VB\Visual_Basic_Docs\VB_1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip=>Email by Outlook Automation/frmEMail.frm Disinfection failed"

Line00000002 = "D:\VB\Visual_Basic_Docs\VB_1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip=>Email by Outlook Automation/frmEMail.frm Deleted"

Line00000001 = "D:\VB\Visual_Basic_Docs\VB_1000s of Visual Basic Source Code examples.zip=>VB6 and Email.zip Updated"

Line00000000 = "D:\VB\Visual_Basic_Docs\VB_1000s of Visual Basic Source Code examples.zip Updated"

 

 

------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 19:21:26, on 16/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\AcqURL\AcqURL.exe

C:\Arquivos de programas\ElcomSoft\ARPR\ARPR.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

D:\HijackThis1991\HijackThis.exe

 

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sDTray] "C:\Arquivos de programas\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

O4 - Startup: FSL Launcher.lnk = C:\Arquivos de programas\FSL\FSL_Launcher\FSL_Launcher.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

[DigRam 144]

Boa Noite JOMALOSA!

 

Executei o HijackThis e no log verifiquei a entrada "O4 - HKCU\..\Run: [68159] C:\WINDOWS/68159.exe". Pesquisando na internet sobre aquele "exe" fui levado ao site http://www.prevx.com/groupwareday.asp?d=941, que diz que é um backdoor.

Por favor peço a vossa ajuda caso realmente seja algum malware.

>@< Esse problema,ainda lhe incomoda?

_____________________

 

>@< O Log está limpo! :thumbsup:

 

Abraços!

[JOMALOSA 0]

Boa Tarde DigRam

 

Não noto nada de anormal na minha máquima.

Para mim o tópico está resolvido.

Muito obrigado pela ajuda.

Abraços

José Mário

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.