[Arquivado] NADADEVIRUS - VIRTUMONDE

[Babidora 0]

Olá,

estou com problemas com umas janelas que se abrem automaticamente querendo instalar um programa chamado "Nadadevírus" e eu CP está mais lento depois que o NOD acusou a presença deste malware que se me lembro bem, se chama Virtuamonde ou algo parecido... Questá em quarentena, mas não foi retirado. Segue o log do hijack para análise:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:18:23, on 25/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [AAWTray] C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [707e8c9b] rundll32.exe "C:\WINDOWS\system32\safmkcnu.dll",b

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198423716281

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F200ECCC-A3A6-45F7-91FB-8C00917FAAA0}: NameServer = 200.225.197.34 200.225.197.37

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 8912 bytes

 

Obrigada!

[DigRam 144]

Boa Noite Babidora!

 

>@< Faça o download do VundoFix.

>@< Salve-o no Desktop!

>@< Execute o VundoFix.exe

>@< Quando o VundoFix abrir,novamente, clique em Scan for Vundo.

>@< Quando ele terminar, clique em Remove Vundo.

>@< Você receberá um prompt perguntando se quer remover os arquivos. Confirme!

>@< Sua área de trabalho vai desaparecer!

>@< Surgirá um aviso dizendo que seu computador deve ser desligado.

>@< Clique em OK e depois,ligue o computador novamente!

>@< É possível que o VundoFix encontre um arquivo, mas não consiga removê-lo. Se isso acontecer, a ferramenta rodará ao reiniciar.

>@< Quando o VundoFix aparecer, clique no botão Scan for Vundo para repetir o processo.

>@< Quando o VundoFix não encontrar mais nenhum arquivo,que não consiga remover,poste o seu relatório ( Log ) que se encontra em C:\Vundofix.txt

>@< Poste,também,um nôvo Log do HijackThis.

 

Abraços!

[Babidora 0]

Olá, o vundo não adiantou, não achou nada. Então passei o Active Scan e encontrei o que deveria retirar do Cp. segue o primeiro log do panda:

Incidencia Estado Elemento

 

Spyware:Spyware/Virtumonde No desinfectado C:\Documents and Settings\Bibadora\Configurações locais\Temp\is151464.exe

Herramienta potencialmente no deseada:Application/AVSystemCare No desinfectado C:\Documents and Settings\Bibadora\Configurações locais\Temporary Internet Files\Content.IE5\FXL24EF5\setup_br[1].cab[uGESZ_0001_N122M1701NetInstaller.exe]

Spyware:Cookie/YieldManager No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@ad.yieldmanager[1].txt

Spyware:Cookie/Adrevolver No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@adrevolver[1].txt

Spyware:Cookie/PointRoll No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@ads.pointroll[2].txt

Spyware:Cookie/adultfriendfinder No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@adultfriendfinder[2].txt

Spyware:Cookie/Advertising No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@advertising[2].txt

Spyware:Cookie/Atlas DMT No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@atdmt[2].txt

Spyware:Cookie/Serving-sys No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@bs.serving-sys[2].txt

Spyware:Cookie/Casalemedia No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@casalemedia[2].txt

Spyware:Cookie/Dbbsrv No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@dbbsrv[2].txt

Spyware:Cookie/did-it No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@did-it[1].txt

Spyware:Cookie/Doubleclick No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@doubleclick[1].txt

Spyware:Cookie/Comclick No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@fl01.ct2.comclick[2].txt

Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@ig.com[1].txt

Spyware:Cookie/Linksynergy No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@linksynergy[2].txt

Spyware:Cookie/Mediaplex No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@mediaplex[1].txt

Spyware:Cookie/QuestionMarket No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@questionmarket[1].txt

Spyware:Cookie/Serving-sys No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@serving-sys[1].txt

Spyware:Cookie/Statcounter No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@statcounter[2].txt

Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@terra.com[1].txt

Spyware:Cookie/Com.com No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@uol.com[2].txt

Spyware:Cookie/myaffiliateprogram No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@www.myaffiliateprogram[1].txt

Spyware:Cookie/Zedo No desinfectado C:\Documents and Settings\Bibadora\Cookies\bibadora@zedo[2].txt

Spyware:Spyware/Vundo No desinfectado C:\WINDOWS\system32\awtqpmm.dll

Spyware:Spyware/Virtumonde No desinfectado C:\WINDOWS\system32\edbayeab.dll

Spyware:Spyware/Vundo No desinfectado C:\WINDOWS\system32\efcdaya.dll

Spyware:Spyware/Virtumonde No desinfectado C:\WINDOWS\system32\jugaqttu.dll

Spyware:Spyware/Vundo No desinfectado C:\WINDOWS\system32\urqopmk.dll

Spyware:Spyware/Vundo

 

Eu consegui retirar a maioria pela pesquisa, deletando. Mas o que não consegui foi principalmente esse:

Spyware:Spyware/Vundo C:\WINDOWS\system32\urqopmk.dll

 

Agora passei o Combofix, e o resultado foi:

ComboFix 08-02-25.3 - Bibadora 2008-02-28 23:16:16.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.540 [GMT -3:00]

Executando de: C:\Arquivos de programas\COmbofix\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\adeeg.ini

C:\WINDOWS\system32\adeeg.ini2

C:\WINDOWS\system32\ayuhydda.dll

C:\WINDOWS\system32\dcvaaxtm.ini

C:\WINDOWS\system32\geeda.dll

C:\WINDOWS\system32\gsdsipil.ini

C:\WINDOWS\system32\gxrerrdr.dll

C:\WINDOWS\system32\iltioerj.ini

C:\WINDOWS\system32\ktakhanl.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\msssc.dll

C:\WINDOWS\system32\mtxaavcd.dll

C:\WINDOWS\system32\oohtwhgv.dll

C:\WINDOWS\system32\pifjnpwt.dll

C:\WINDOWS\system32\qacmaaob.dll

C:\WINDOWS\system32\rowwqrnh.ini

C:\WINDOWS\system32\unckmfas.ini

C:\WINDOWS\system32\urqopmk.dll

C:\WINDOWS\system32\utugbttn.ini

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))))

.

 

2008-02-28 23:11 . 2008-02-28 23:13 <DIR> d-------- C:\Arquivos de programas\COmbofix

2008-02-28 18:53 . 2008-02-28 18:57 806,370 --a------ C:\WINDOWS\system32\z4123xff

2008-02-28 18:00 . 2008-02-28 18:03 <DIR> d-------- C:\Arquivos de programas\ccleaner

2008-02-28 16:37 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS

2008-02-28 16:35 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\jtdoksruwmdp.sys

2008-02-27 22:02 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\rnlbddatecut.sys

2008-02-27 19:22 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\tyikwkmjatwx.sys

2008-02-27 19:06 . 2008-02-27 19:06 <DIR> d-------- C:\VundoFix Backups

2008-02-27 19:06 . 2007-07-15 23:34 109,056 --a------ C:\Arquivos de programas\VundoFix.exe

2008-02-27 00:21 . 2008-02-27 00:21 <DIR> d-------- C:\Arquivos de programas\MSXML 6.0

2008-02-26 17:44 . 2008-02-27 09:03 2,828 --ahs---- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-02-26 17:44 . 2008-02-27 09:03 88 -r-hs---- C:\Documents and Settings\All Users\Dados de aplicativos\2BA40CDD27.sys

2008-02-26 17:25 . 2008-02-26 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Corel

2008-02-26 17:25 . 2008-02-26 17:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Protexis

2008-02-26 16:55 . 2008-02-28 18:58 63,871 --a------ C:\WINDOWS\BM734dbf07.xml

2008-02-26 16:55 . 2008-02-28 22:22 22 --a------ C:\WINDOWS\pskt.ini

2008-02-23 06:22 . 2008-02-23 06:22 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-02-23 05:02 . 2008-02-28 17:26 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-02-23 05:02 . 2008-02-28 16:29 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-02-23 05:02 . 2008-02-28 16:29 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-02-23 05:02 . 2008-02-28 16:29 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-02-21 23:07 . 2001-09-05 23:50 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll

2008-02-21 23:07 . 2001-09-05 23:50 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll

2008-02-21 23:07 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-02-21 23:07 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-02-21 23:07 . 2008-02-28 17:36 207 --a------ C:\WINDOWS\lexstat.ini

2008-02-21 23:06 . 2008-02-21 23:06 <DIR> d-------- C:\Documents and Settings\Bibadora\WINDOWS

2008-02-21 23:06 . 1997-04-18 11:53 298,496 --a------ C:\WINDOWS\unin0416.exe

2008-02-21 23:05 . 2008-02-21 23:05 <DIR> d-------- C:\Lxk1100

2008-02-21 22:31 . 2008-02-21 22:54 <DIR> d-------- C:\Arquivos de programas\lexmark

2008-02-16 00:52 . 2007-09-24 22:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-02-16 00:51 . 2008-02-16 00:52 <DIR> d-------- C:\Arquivos de programas\Java

2008-02-16 00:41 . 2008-02-16 00:41 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-02-13 23:08 . 2008-02-13 23:08 <DIR> d-------- C:\Arquivos de programas\emule

2008-02-11 18:12 . 2008-02-28 18:50 2,048 --a------ C:\pumpprex3.ini

2008-02-11 15:48 . 2008-02-11 15:58 <DIR> d-------- C:\Arquivos de programas\Conference

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-28 19:57 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-02-28 19:56 --------- d--h--w C:\Arquivos de programas\Scpad

2008-02-28 19:56 --------- d-----w C:\Arquivos de programas\QuickTime

2008-02-28 19:54 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-02-28 19:54 --------- d-----w C:\Arquivos de programas\Lexmark X1100 Series

2008-02-28 19:51 --------- d-----w C:\Arquivos de programas\Google

2008-02-28 19:51 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-02-28 19:51 --------- d-----w C:\Arquivos de programas\Free Download Manager

2008-02-28 19:51 --------- d-----w C:\Arquivos de programas\ESET

2008-02-28 01:25 --------- d-----w C:\Arquivos de programas\Windows Live Favorites

2008-02-27 22:04 96,617 ----a-w C:\Arquivos de programas\VundoFix.rar

2008-02-26 20:44 --------- d-----w C:\Documents and Settings\Bibadora\Dados de aplicativos\Corel

2008-02-26 20:14 --------- d-----w C:\Arquivos de programas\Corel

2008-02-26 01:28 --------- d-----w C:\Documents and Settings\Bibadora\Dados de aplicativos\Skype

2008-02-25 19:54 --------- d-----w C:\Documents and Settings\Bibadora\Dados de aplicativos\skypePM

2008-01-26 20:21 --------- d-----w C:\Arquivos de programas\UltraVNC

2008-01-12 08:24 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-01-05 08:43 --------- d-----w C:\Documents and Settings\Bibadora\Dados de aplicativos\Apple Computer

2008-01-05 08:42 --------- d-----w C:\Documents and Settings\Bibadora\Dados de aplicativos\Media Player Classic

2008-01-05 03:43 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2008-01-05 01:09 22,595,368 ----a-w C:\SkypeSetup.exe

2008-01-05 01:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-01-05 01:09 --------- d-----w C:\Arquivos de programas\Skype

2008-01-05 01:09 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Skype

2008-01-04 14:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-01-04 12:40 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\3M

2007-12-31 06:05 --------- d-----w C:\Arquivos de programas\Post - it

2007-12-30 11:41 --------- d-----w C:\Documents and Settings\Little rabitt\Dados de aplicativos\3M

2007-12-29 01:17 --------- d-----w C:\Documents and Settings\Bibadora\Dados de aplicativos\3M

2007-12-29 01:16 --------- d-----w C:\Arquivos de programas\3M

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-08 12:29 68856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Arquivos de programas\Eset\nod32kui.exe" [2007-12-23 12:15 949376]

"AAWTray"="C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 14:53 88024]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 16:14 8491008]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"Lexmark X1100 Series"="C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 11:12 57344]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 08:41 282624]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Post-it© Software Notes Lite.lnk - C:\Arquivos de programas\3M\PSNLite\PsnLite.exe [2004-10-15 13:26:54 2080768]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 00:29 128512]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehCef.dll [2007-08-09 14:39 207944]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 00:29 128512]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Bibadora^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=C:\Documents and Settings\Bibadora\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]

--a------ 2007-08-08 14:53 88024 C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

--a------ 2007-07-02 07:27 219520 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-10-04 16:14 8491008 C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-10-04 16:14 81920 C:\WINDOWS\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-10-04 16:14 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-04-27 08:41 282624 C:\Arquivos de programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-12-07 14:08 21686568 C:\Arquivos de programas\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

--a------ 2002-10-11 17:26 98304 C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Gunz The Duel\\theduel.exe"=

"C:\\Arquivos de programas\\Age of Empires 2\\age2_x1.exe"=

"D:\\Jogos\\Ragdoll Matrix\\RMR.exe"=

"D:\\Jogos\\WORMS\\wwp.exe"=

"C:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\UltraVNC\\vncviewer.exe"=

"C:\\Arquivos de programas\\Conference\\Conference.dll"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"16008:TCP"= 16008:TCP:BitComet 16008 TCP

"16008:UDP"= 16008:UDP:BitComet 16008 UDP

"5900:TCP"= 5900:TCP:vnc5900

"5800:TCP"= 5800:TCP:vnc5800

 

R2 GbpSv;Gbp Service;C:\Arquivos de programas\GbPlugin\GbpSv.exe [2007-08-09 14:43]

R2 PSI_SVC_2;Protexis Licensing V2;"c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-09 23:09]

S3 XDva038;XDva038;C:\WINDOWS\system32\XDva038.sys []

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-02-29 02:21:08 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

 

Agora, por gentileza, analisem esse último log do hijack, pra saber se está tudo limpo, ok?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:20, on 2008-02-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\3M\PSNLite\PsnLite.exe

C:\ARQUIV~1\3M\PSNLite\PSNGive.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.9.24.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [AAWTray] C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198423716281

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F200ECCC-A3A6-45F7-91FB-8C00917FAAA0}: NameServer = 200.225.197.34 200.225.197.37

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 10226 bytes

Obrigada!

[DigRam 144]

Bom Dia Babidora!

 

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\Documents and Settings\Bibadora\Configurações locais\Temp\is151464.exe

C:\WINDOWS\system32\awtqpmm.dll

C:\WINDOWS\system32\edbayeab.dll

C:\WINDOWS\system32\efcdaya.dll

C:\WINDOWS\system32\jugaqttu.dll

Folder::

C:\WINDOWS\system32\z4123xff

C:\VundoFix Backups

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

 

 

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste apenas o relatório: C:\ComboFix.txt <!>

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.