Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

DevilDestructor

[Resolvido!]Popup CID

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

DevilDestructor    0

DevilDestructor
Postado

Boas noites

 

Tenho tido um problema com um popup cid ou zed que teima em não desaparecer mesmo utilizando diversos programas específicos para o resolver.

Segue o log efectuado com o Hijackthis aguardando ajuda para a sua resolução.

 

Abçs

 

Logfile of HijackThis v1.99.1

Scan saved at 22:11:55, on 14-02-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\sistray.EXE

C:\WINDOWS\System32\keyhook.exe

C:\Programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Programas\ScanSoft\PaperPort\pptd40nt.exe

C:\Programas\Brother\ControlCenter2\brctrcen.exe

C:\Programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programas\ClamWin\bin\ClamTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\HotKey\HotKey.exe

C:\Programas\Brother\Brmfcmon\BrMfcWnd.exe

C:\Programas\Vasilios Applications\Instant Memory Cleaner\Instant Memory Cleaner.exe

C:\Programas\Brother\Brmfcmon\BrMfcmon.exe

C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

C:\PROGRA~1\FICHEI~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\Programas\Mozilla Firefox\firefox.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\internt.exe,

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programas\Ficheiros comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Programas\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Programas\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Programas\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programas\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ClamWin] "C:\Programas\ClamWin\bin\ClamTray.exe" --logon

O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\save once.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [pokeball] C:\DOCUME~1\MANUEL\APPLIC~1\THISDE~1\MessTwo.exe

O4 - Startup: Instant Memory Cleaner.lnk = C:\Programas\Vasilios Applications\Instant Memory Cleaner\Instant Memory Cleaner.exe

O4 - Global Startup: HotKey Driver.lnk = C:\Programas\HotKey\HotKey.exe

O4 - Global Startup: Monitor de estado.lnk = C:\Programas\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: Download All Links with IDM - C:\Programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\Programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Internet TV by Endicosoft.com - {1D958E09-3112-7f0e-9723-5C1321C57B27} - C:\Programas\Internet TV 2050\InternetTV.exe (file missing)

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MANUEL\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.geoweb.pt/vector2/mgaxctrl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173390532625

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite DevilDestructor!

 

>@< Faça o download do FindLop.

>@< Descompacte o programa e envie os arquivos,para uma pasta própria: < C:\FindLop.exe >

>@< Mas,não execute-o ainda!

>@< Faça o download do Lop Uninstaller.

>@< Caso o AntiVírus,acuse a ferramenta como Malware,ignore o aviso e permita a sua execução.

>@< Caso o navegador dificulte o download,coloque: < http://lop.com >,como Site Preferencial.

>@< Desabilite as proteções residentes de AntiVírus e AntiSpywares.

>@< Execute o desinstalador!

>@< Digite os números e,confirme!

>@< Ps: Não sendo possível,rodar o desinstalador,siga apenas com o FindLop.

>@< Execute,agora,o findlop.bat

>@< Será gerado um relatório ( findlop.txt ) no Disco Local-C.

>@< Poste,na sua resposta,um nôvo Log do HijackThis.

>@< Poste,também,o relatório [ findlop.txt ] que está em C:\xxx..

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DevilDestructor    0

DevilDestructor
Postado

Boa tarde DigRam

 

Em primeiro lugar agradecer a atenção prestada :thumbsup: .

Efectuei todos os passos e conforme solicitado segue o log do HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 16:39:56, on 17-02-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\sistray.EXE

C:\WINDOWS\System32\keyhook.exe

C:\Programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Programas\ScanSoft\PaperPort\pptd40nt.exe

C:\Programas\Brother\ControlCenter2\brctrcen.exe

C:\Programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\HotKey\HotKey.exe

C:\Programas\Brother\Brmfcmon\BrMfcWnd.exe

C:\Programas\Vasilios Applications\Instant Memory Cleaner\Instant Memory Cleaner.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\explorer.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\internt.exe,

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programas\Ficheiros comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Programas\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Programas\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Programas\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programas\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Instant Memory Cleaner.lnk = C:\Programas\Vasilios Applications\Instant Memory Cleaner\Instant Memory Cleaner.exe

O4 - Global Startup: HotKey Driver.lnk = C:\Programas\HotKey\HotKey.exe

O4 - Global Startup: Monitor de estado.lnk = C:\Programas\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: Download All Links with IDM - C:\Programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\Programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Internet TV by Endicosoft.com - {1D958E09-3112-7f0e-9723-5C1321C57B27} - C:\Programas\Internet TV 2050\InternetTV.exe (file missing)

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MANUEL\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.geoweb.pt/vector2/mgaxctrl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173390532625

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

Segue também o relatório do findlop:

 

[TRACE] Enumerating jobs and queues

[TRACE] Activating job 'MP Scheduled Scan.job'

[TRACE] Printing all job properties

 

ApplicationName: 'C:\Programas\Windows Defender\MpCmdRun.exe'

Parameters: 'Scan -RestrictPrivileges'

WorkingDirectory: ''

Comment: 'Scheduled Scan'

Creator: 'SYSTEM'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 02/17/2008 16:12:38

NextRun: 02/18/2008 2:06:00

StartError: S_OK

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 1

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 0

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Daily

DaysInterval: 1

StartDate: 02/17/2008

EndDate: 00/00/0000

StartTime: 02:06

MinutesDuration: 0

MinutesInterval: 0

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

 

 

 

Abçs

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde DevilDestructor!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

__________________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DevilDestructor    0

DevilDestructor
Postado

Boas tardes

 

Mais uma vez obg pela atenção DigRam.

 

Seguem os logs:

 

ComboFix 08-02-19.2 - MANUEL 2008-02-19 13:33:37.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.144 [GMT 0:00]

Executando de: C:\Documents and Settings\MANUEL\Ambiente de trabalho\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\MANUEL\Application Data\inst.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-01-19 to 2008-02-19 ))))))))))))))))))))))))))))))))

.

 

2008-02-15 14:03 . 2008-02-15 14:10 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-02-15 14:03 . 2008-02-15 14:03 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-02-15 14:02 . 2008-02-15 14:02 <DIR> d-------- C:\Programas\Kaspersky Lab

2008-02-15 14:02 . 2008-02-19 13:52 534,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-02-15 14:02 . 2008-02-19 13:53 15,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-02-15 14:02 . 2008-02-19 13:50 10,100 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-02-15 14:02 . 2008-02-19 13:50 2,516 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-02-15 13:49 . 2008-02-15 14:13 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-02-14 22:53 . 2008-02-15 00:43 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-02-14 21:58 . 2008-02-15 19:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-14 21:58 . 2008-02-14 21:58 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-13 08:08 . 2008-02-13 08:11 212 --a--c--- C:\delete.bat

2008-02-13 07:44 . 2008-02-13 08:06 <DIR> d----c--- C:\NoLopBackups

2008-02-13 00:58 . 2008-02-13 00:58 <DIR> d----c--- C:\Documents and Settings\Administrador\Application Data\Grisoft

2008-02-13 00:31 . 2008-02-13 00:31 <DIR> d----c--- C:\Documents and Settings\Administrador\Application Data\Talkback

2008-02-13 00:25 . 2008-02-13 00:35 <DIR> d----c--- C:\Documents and Settings\Administrador\Application Data\.clamwin

2008-02-13 00:24 . 2008-02-13 00:24 <DIR> dr---c--- C:\Documents and Settings\Administrador\Favoritos

2008-02-07 00:20 . 2008-02-07 00:20 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Avg7

2008-02-04 21:57 . 2008-02-04 21:57 <DIR> d-------- C:\Documents and Settings\MANUEL\Application Data\Leadertech

2008-02-03 14:40 . 2008-02-12 23:52 <DIR> d-------- C:\Programas\Spybot - Search & Destroy

2008-02-03 14:40 . 2008-02-12 14:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-03 14:34 . 2008-02-03 14:34 <DIR> d-------- C:\Programas\Vasilios Applications

2008-02-03 14:34 . 2008-02-03 14:34 17,408 --a--c--- C:\psapi.dll

2008-01-30 18:55 . 2008-01-30 18:55 219,664 --a------ C:\WINDOWS\system32\klogon.dll

2008-01-30 18:53 . 2008-01-30 18:53 23,540 --a------ C:\WINDOWS\system32\drivers\klopp.dat

2008-01-22 18:52 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-01-22 18:52 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-01-22 18:52 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-01-22 18:52 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-01-22 18:52 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-01-22 18:52 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-01-22 18:52 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll

2008-01-22 18:52 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-01-22 18:52 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-01-20 12:42 . 2008-01-20 12:42 <DIR> d-------- C:\WINDOWS\Downloaded Installations

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-19 13:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-02-17 16:32 --------- d-----w C:\Programas\PowerArchiver

2008-02-14 21:49 --------- d-----w C:\Programas\Ficheiros comuns\Adobe

2008-02-13 13:14 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-02-13 00:35 --------- dc----w C:\Documents and Settings\Administrador\Application Data\.clamwin

2008-02-10 22:17 --------- d-----w C:\Documents and Settings\MANUEL\Application Data\Vso

2008-02-07 00:18 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft

2008-01-31 17:45 --------- d-----w C:\Programas\eMule

2008-01-22 18:44 --------- d-----w C:\Documents and Settings\MANUEL\Application Data\Nokia Multimedia Player

2008-01-17 23:04 --------- d-----w C:\Programas\MSBuild

2008-01-17 23:04 --------- d-----w C:\Programas\Microsoft Works

2008-01-17 19:28 --------- d-----w C:\Programas\Microsoft.NET

2008-01-17 19:25 --------- d-----w C:\Programas\Microsoft Visual Studio 8

2008-01-11 09:11 --------- d-----w C:\Programas\Circle Developement

2008-01-09 15:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2008-01-03 23:46 --------- d-----w C:\Documents and Settings\MANUEL\Application Data\PC Tools

2008-01-03 23:38 --------- d-----w C:\Programas\Temp

2008-01-03 23:28 --------- d-----w C:\Programas\ElcomSoft

2008-01-03 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-01-02 01:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-01 17:45 --------- d-----w C:\Programas\Lavasoft

2007-12-26 15:05 --------- d-----w C:\Documents and Settings\MANUEL\Application Data\Datalayer

2007-12-26 15:02 --------- d-----w C:\Documents and Settings\MANUEL\Application Data\Nokia

2007-12-26 14:58 --------- dc----w C:\Documents and Settings\All Users\Application Data\PC Suite

2007-12-26 14:58 --------- d-----w C:\Programas\DIFX

2007-12-26 14:57 --------- d-----w C:\Programas\Nokia

2007-12-26 14:57 --------- d-----w C:\Programas\Ficheiros comuns\PCSuite

2007-12-26 14:57 --------- d-----w C:\Programas\Ficheiros comuns\Nokia

2007-12-26 14:56 --------- dc----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations

2007-12-26 14:56 --------- d-----w C:\Documents and Settings\MANUEL\Application Data\PC Suite

2007-12-26 14:34 --------- dc----w C:\Documents and Settings\All Users\Application Data\Installations

2007-12-25 18:26 --------- d-----w C:\Programas\Messenger Plus! Live

2007-12-21 10:31 --------- d--h--w C:\Programas\InstallShield Installation Information

2007-12-19 19:32 --------- d-----w C:\Programas\MSN content crazy show

2007-12-19 19:29 --------- d-----w C:\Programas\Java

2007-12-19 19:07 --------- d-----w C:\Programas\Microsoft Games

2007-05-27 20:21 47,360 ----a-w C:\Documents and Settings\MANUEL\Application Data\pcouffin.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 10:15 106496]

"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2003-10-30 14:10 667648]

"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2003-10-30 14:09 249856]

"Windows Defender"="C:\Programas\Windows Defender\MSASCui.exe" [2006-11-03 17:20 866584]

"Cmaudio"="cmicnfg.cpl" []

"SSBkgdUpdate"="C:\Programas\Ficheiros comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]

"PaperPort PTD"="C:\Programas\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 20:44 57393]

"IndexSearch"="C:\Programas\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 20:57 40960]

"SetDefPrt"="C:\Programas\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]

"ControlCenter2.0"="C:\Programas\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]

"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"GrooveMonitor"="C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"AVP"="C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-01-30 18:53 227856]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

 

C:\Documents and Settings\MANUEL\Menu Iniciar\Programas\Arranque\

Instant Memory Cleaner.lnk - C:\Programas\Vasilios Applications\Instant Memory Cleaner\Instant Memory Cleaner.exe [2008-02-03 14:33:59 1373409]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\

HotKey Driver.lnk - C:\Programas\HotKey\HotKey.exe [2007-01-23 12:39:57 36864]

Monitor de estado.lnk - C:\Programas\Brother\Brmfcmon\BrMfcWnd.exe [2007-12-06 22:00:32 802816]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programas\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

C:\Programas\Internet Download Manager\IDMan.exe

 

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

R3 USBSTOR;Controlador de armazenamento de massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

S0 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys []

S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-02-25 18:26]

S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-02-25 18:26]

S3 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys [1998-09-16 08:07]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d5e68d4-aae0-11db-b054-00138f10b15a}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-02-19 13:54:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programas\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-19 13:52:22

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\brss01a.exe

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\RunDll32.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-02-19 13:56:37 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-19 13:56:17

.

2008-02-13 13:15:55 --- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:00:23, on 19-02-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\sistray.EXE

C:\WINDOWS\System32\keyhook.exe

C:\Programas\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Programas\ScanSoft\PaperPort\pptd40nt.exe

C:\Programas\Brother\ControlCenter2\brctrcen.exe

C:\Programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\HotKey\HotKey.exe

C:\Programas\Brother\Brmfcmon\BrMfcWnd.exe

C:\Programas\Vasilios Applications\Instant Memory Cleaner\Instant Memory Cleaner.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programas\Internet Download Manager\IDMIECC.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programas\Ficheiros comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Programas\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Programas\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Programas\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programas\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Instant Memory Cleaner.lnk = C:\Programas\Vasilios Applications\Instant Memory Cleaner\Instant Memory Cleaner.exe

O4 - Global Startup: HotKey Driver.lnk = C:\Programas\HotKey\HotKey.exe

O4 - Global Startup: Monitor de estado.lnk = C:\Programas\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: Download All Links with IDM - C:\Programas\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\Programas\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Internet TV by Endicosoft.com - {1D958E09-3112-7f0e-9723-5C1321C57B27} - C:\Programas\Internet TV 2050\InternetTV.exe (file missing)

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MANUEL\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.geoweb.pt/vector2/mgaxctrl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173390532625

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

abç

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde DevilDestructor!

 

>@< Abra o HijackThis e,com todas as janelas fechadas,dê Fix nestas entradas:

 

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MANUEL\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

_________________________

 

Tenho tido um problema com um popup cid ou zed que teima em não desaparecer mesmo utilizando diversos programas específicos para o resolver.

>@< Esse problema,ainda,lhe incomoda?

>@< Bom trabalho!

>@< Log limpo! :thumbsup:

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito