[Resolvido!]Suspeita de Virus,Alguém poderia analizar meu log ?

[astoufo 0]

Quando vou desligar o meu pc aparece a janela ''finalizar programa 29a5ea88'' e depois ''finalizar programa MCI command handling window''.espero ajuda, Por favor analisem o log . Desde já obrigado.

 

Logfile of HijackThis v1.99.1

Scan saved at 00:38:28, on 19/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Live Toolbar\msn_sl.exe

C:\hijackthis\HijackThis.exe

 

R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de

programas\Best_Security_Tips\tbBest.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0

090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de

programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de

programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Arquivos de

programas\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de

programas\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-6740a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Arquivos de programas\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de

programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de

programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de

programas\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live

Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live

Toolbar\Components\pt-br\msntabres.dll.mui/229?6fc7b623c63940c6b2ca1dab8f2900d3

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live

Toolbar\Components\pt-br\msntabres.dll.mui/230?6fc7b623c63940c6b2ca1dab8f2900d3

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.as

O8 - Extra context menu item: E&xportar para Microsoft Excel%20-res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}- C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de

programas\Java\jre1.6.0_03\bin\ssv.dll (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de

programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de

programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid%5b/url%5d

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid</a>=39204O16%20-%20DPF:%20{1F831FA6-42FC-11D4-95A6-0080AD30DCE1}%20(InstaFred)%20-%20file://C:\Arquivos%20de%20programas\AutoCAD%202002%20Esp\InstFred.ocxO16%20-%20DPF:%20{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}%20(YInstStarter%20Class)%20-%20C:\Arquivos%20de%20programas\Yahoo!\Common\yinsthelper.dllO16%20-%20DPF:%20{644E432F-49D3-41A1-8DD5-E099162EEEC5}%20(Symantec%20RuFSI%20Utility%20Class)%20-%20%5burl="http://security.symantec.com/sscv6/S'>http://security.symantec.com/sscv6/S

haredContent/common/bin/cabsa.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}-http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Control de AcDcToday) - file://C:\Arquivos de

programas\AutoCAD 2002 Esp\AcDcToday.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {AE563726-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Arquivos de programas\AutoCAD2002 Esp\InstBanr.ocx

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Control AcPreview) - file://C:\Arquivos de programas\AutoCAD 2002 Esp\AcPreview.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShS

erviceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil

Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe"

/service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe"

/service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google

Updater\GoogleUpdaterService.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

[DigRam 144]

Boa Tarde! astoufo

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite a proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

_________________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[astoufo 0]

Olá DigRam

Executei o ComboFix

Abaixo as logs do ComboFix e HJT atualizado...

 

 

 

ComboFix 08-03-18.1 - USER 2008-03-21 19:53:32.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.147 [GMT -3:00]

Executando de: C:\Documents and Settings\USER\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\USER\Dados de aplicativos\inst.exe

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\Config.xml

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\db\Aliases.dbs

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\db\Sites.dbs

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\dwld\WhiteList.xip

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\report\aggr_storage.xml

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\report\send_storage.xml

C:\Documents and Settings\USER\Dados de aplicativos\ShoppingReport\cs\res1(2)\WhiteList.dbs

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))))

.

 

2008-03-21 01:38 . 2008-03-21 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-03-19 19:23 . 2008-03-19 19:23 <DIR> d-------- C:\Arquivos de programas\Riva

2008-03-15 19:33 . 2008-03-15 19:33 <DIR> d-------- C:\Arquivos de programas\CDisplay

2008-03-15 12:46 . 2008-03-15 13:00 <DIR> d-------- C:\WINDOWS\system32\xvidcore

2008-03-10 23:27 . 2008-03-10 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DFX

2008-03-10 23:27 . 2008-03-10 23:27 <DIR> d-------- C:\Arquivos de programas\DFX

2008-03-03 23:52 . 2008-03-03 23:52 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\SiteAdvisor

2008-03-03 22:08 . 2008-03-03 22:08 <DIR> d-------- C:\Documents and Settings\USER\Dados de aplicativos\Comodo

2008-03-03 22:08 . 2008-03-03 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Comodo

2008-03-03 22:05 . 2008-03-03 23:11 <DIR> d-------- C:\Arquivos de programas\Comodo

2008-03-03 22:05 . 2006-09-12 08:17 210 --a------ C:\boot.ini.comodofirewall

2008-03-03 21:54 . 2008-03-05 09:23 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-03-03 21:54 . 2008-03-03 21:55 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-03-02 21:38 . 2008-03-02 21:38 7,168 --ahs---- C:\WINDOWS\Thumbs.db

2008-02-25 14:44 . 2008-02-25 14:44 31 --a------ C:\WINDOWS\idc.ini

2008-02-24 13:15 . 2008-02-24 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2008-02-24 13:14 . 2004-07-26 16:56 12,800 --a------ C:\WINDOWS\system32\Wing32.dll

2008-02-22 19:09 . 2008-02-22 19:09 0 --a------ C:\WINDOWS\Infob.dat

2008-02-22 19:09 . 2008-02-22 19:09 0 --a------ C:\WINDOWS\Infoa.dat

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-21 18:49 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\SiteAdvisor

2008-03-21 00:32 --------- d-----w C:\Arquivos de programas\eMule

2008-03-19 22:51 --------- d-----w C:\Arquivos de programas\dvdSanta

2008-03-11 02:27 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-03-04 02:52 --------- d-----w C:\Arquivos de programas\SiteAdvisor

2008-03-04 00:50 --------- d-----w C:\Arquivos de programas\Total Video Converter

2008-02-24 21:52 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-02-24 21:51 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-02-24 21:51 --------- d-----w C:\Arquivos de programas\Gootec(2)

2008-02-24 17:13 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\uTorrent

2008-02-20 14:14 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-02-19 12:50 --------- d-----w C:\Arquivos de programas\uTorrent

2008-02-19 12:05 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\uTorrent(2)

2008-02-17 01:46 --------- d-----w C:\Arquivos de programas\Java

2008-02-17 01:32 3,082 ----a-w C:\WINDOWS\system32\affv208325p1now.sys

2008-02-17 01:16 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\Sun(3)

2008-02-17 01:16 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\Azureus

2008-02-17 01:16 --------- d-----w C:\Arquivos de programas\Conduit

2008-02-17 01:16 --------- d-----w C:\Arquivos de programas\Best_Security_Tips

2008-02-16 15:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SiteAdvisor

2008-02-16 15:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-02-13 23:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Azureus

2008-02-13 17:42 --------- d-----w C:\Arquivos de programas\Google

2008-02-13 16:29 --------- d-----w C:\Arquivos de programas\CallIT

2008-02-11 14:34 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Autodesk Shared

2008-02-11 13:45 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\Autodesk

2008-02-10 14:49 47,360 ----a-w C:\Documents and Settings\USER\Dados de aplicativos\pcouffin.sys

2008-02-10 14:49 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\Vso

2008-02-10 14:49 --------- d-----w C:\Arquivos de programas\VSO

2008-02-02 16:01 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\Winff

2008-01-27 17:11 81,920 ----a-w C:\Documents and Settings\USER\Dados de aplicativos\ezpinst.exe

2008-01-27 17:11 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-01-25 02:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2008-01-23 21:52 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-01-23 21:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2007-12-24 12:44 158,456 ------w C:\WINDOWS\system32\pxwma.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]

2008-01-16 09:32 1530904 --a------ C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= "C:\Arquivos de programas\Best_Security_Tips\tbBest.dll" [2008-01-16 09:32 1530904]

 

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= C:\Arquivos de programas\Best_Security_Tips\tbBest.dll [2008-01-16 09:32 1530904]

 

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-09 20:41 171448]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

"DLD.EXE"="C:\Arquivos de programas\Download Direct\DLD.exe" [ ]

"ADPHONE"="C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]

"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-10-25 12:56 61440]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-01-23 18:51 185896]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"SiteAdvisor"="C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 18:03 36640]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]

VIA RAID TOOL.lnk - C:\Arquivos de programas\VIA\RAID\raid_tool.exe [2006-05-25 22:55:36 585728]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Real\\RealPlayer\\realplay.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\uTorrent\\utorrent.exe"=

"C:\\Age Of Empires II\\empires2.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"23949:TCP"= 23949:TCP:BitComet 23949 TCP

"23949:UDP"= 23949:UDP:BitComet 23949 UDP

"45718:TCP"= 45718:TCP:eMule.TCP

"27419:UDP"= 27419:UDP:emule-UDP

"7845:UDP"= 7845:UDP:ZSNES

"7845:TCP"= 7845:TCP:ZSNES

"52436:TCP"= 52436:TCP:utorrent 1.6

"52436:UDP"= 52436:UDP:utorrent 1.6

 

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-21 22:11:16 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-21 19:55:40

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-03-21 19:56:13

ComboFix-quarantined-files.txt 2008-03-21 22:56:05

.

2008-03-20 17:56:36 --- E O F ---

[DigRam 144]

Boa Noite! astoufo

 

>@< Faça uma pesquisa,pelo Jotti,ao arquivo:

 

idc.ini

 

>@< Em File to upload,coloque o caminho: C:\WINDOWS\idc.ini

>@< Em seguida,clique em Submit.

>@< Copie e poste,o relatório desta análise.

_____________________________

 

>@< Abra o HijackThis e,com todos os programas fechados,dê Fix nestas entradas:

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Arquivos de

programas\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll (file missing)

O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Arquivos de programas\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll (file missing)

_____________________________

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em: < >

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

 

<!> Leia o Tutorial: < Link >

 

>@< Poste,então: Relatório do BitDefender + Log do HijackThis,atualizado.

>@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.txt

 

Abraços!

[astoufo 0]

Boa noite! DigRam

Estou postando o Relatório do BitDefender + Log do HijackThis,atualizado

 

BitDefender Online Scanner

 

Scan report generated at: Sat, Mar 22, 2008 - 19:16:30

 

Scan path: A:\;C:\;D:\;

 

Statistics

 

Time

01:07:05

Files

129155

Folders

3833

Boot Sectors

2

Archives

1757

Packed Files

7474

 

Results

 

Identified Viruses

1

Infected Files

1

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

1

Engines Info

Virus Definitions

1021780

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

16

Archive plugins

41

Unpack plugins

7

E-mail plugins

6

System plugins

5

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

 

C:\System Volume Information\_restore{C698BF9B-3E45-4D9E-9BAB-B965CB068F22}\RP351\A0099228.exe=>(ZIP Sfx s)=>fake_del.exe

Detected with: Application.Joke.Fakedel.A

C:\System Volume Information\_restore{C698BF9B-3E45-4D9E-9BAB-B965CB068F22}\RP351\A0099228.exe=>(ZIP Sfx s)=>fake_del.exe

Disinfection failed

C:\System Volume Information\_restore{C698BF9B-3E45-4D9E-9BAB-B965CB068F22}\RP351\A0099228.exe=>(ZIP Sfx s)=>fake_del.exe

Deleted

C:\System Volume Information\_restore{C698BF9B-3E45-4D9E-9BAB-B965CB068F22}\RP351\A0099228.exe=>(ZIP Sfx s)

Updated

C:\System Volume Information\_restore{C698BF9B-3E45-4D9E-9BAB-B965CB068F22}\RP351\A0099228.exe

Update failed

 

Hijack

 

File: idc.ini

Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5: f894b4e8b772ad96ea14be304731fa81

Packers detected: -

Bit9 reports: File not found

 

Scan taken on 22 Mar 2008 20:51:11 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

[DigRam 144]

Bom Dia! astoufo

 

>@< Caso possua estes programas,pode desinstalar:

 

SecureROM

 

Unreal Tournament 2003

___________________________

 

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

___________________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Speech\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Speech\wab64.dll

C:\DOCUME~1\User\LOCALS~1\Temp\CmdLineExt02.dll

Registry::

[-HKEY_CLASSES_ROOT\CLSID\{29A5EA88-29A5-EA88-29A5-EA8829A5EA88}]

[-HKEY_CLASSES_ROOT\CLSID\ {9869EFB4-18E9-11D3-A837-00104B9E30B5}]

[-HKEY_CLASSES_ROOT\TypeLib\ {9869EFA6-18E9-11D3-A837-00104B9E30B5}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {9869EFB4-18E9-11D3-A837-00104B9E30B5}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {9869EFA6-18E9-11D3-A837-00104B9E30B5}]

Driver::

"NetCM"

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

 

 

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Caso não reinicie,faça-o manualmente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[astoufo 0]

Boa noite! DigRam

 

estou postando o relatório do ComboFix:

 

 

 

ComboFix 08-03-24.1 - USER 2008-03-24 23:18:23.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.196 [GMT -3:00]

Executando de: C:\Documents and Settings\USER\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\USER\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Speech\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Speech\wab64.dll

C:\DOCUME~1\User\LOCALS~1\Temp\CmdLineExt02.dll

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))))

.

 

2008-03-24 22:43 . 2008-03-24 22:43 <DIR> d-------- C:\Arquivos de programas\Opera

2008-03-24 08:24 . 2008-03-24 08:30 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-03-23 09:33 . 2008-03-24 20:51 <DIR> d-------- C:\Arquivos de programas\Total Video Converter

2008-03-22 02:35 . 2008-03-22 18:09 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-03-22 01:22 . 2008-03-22 01:22 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-03-21 20:01 . 2007-12-04 11:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-03-21 20:01 . 2004-01-09 07:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-03-21 20:01 . 2007-12-04 10:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-03-21 20:01 . 2007-12-04 12:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-21 20:01 . 2007-12-04 12:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-03-21 20:01 . 2007-12-04 12:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-21 20:01 . 2007-12-04 12:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-21 20:01 . 2007-12-04 12:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-21 01:38 . 2008-03-21 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-03-15 19:33 . 2008-03-15 19:33 <DIR> d-------- C:\Arquivos de programas\CDisplay

2008-03-15 12:46 . 2008-03-15 13:00 <DIR> d-------- C:\WINDOWS\system32\xvidcore

2008-03-10 23:27 . 2008-03-10 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\DFX

2008-03-10 23:27 . 2008-03-10 23:27 <DIR> d-------- C:\Arquivos de programas\DFX

2008-03-03 23:52 . 2008-03-03 23:52 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\SiteAdvisor

2008-03-03 22:08 . 2008-03-03 22:08 <DIR> d-------- C:\Documents and Settings\USER\Dados de aplicativos\Comodo

2008-03-03 22:08 . 2008-03-03 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Comodo

2008-03-03 21:54 . 2008-03-05 09:23 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-03-03 21:54 . 2008-03-03 21:55 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-03-02 21:38 . 2008-03-02 21:38 7,168 --ahs---- C:\WINDOWS\Thumbs.db

2008-02-25 14:44 . 2008-02-25 14:44 31 --a------ C:\WINDOWS\idc.ini

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-25 01:36 --------- d-----w C:\Arquivos de programas\Google

2008-03-25 01:36 --------- d-----w C:\Arquivos de programas\DAP

2008-03-24 22:48 --------- d-----w C:\Arquivos de programas\eMule

2008-03-21 18:49 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\SiteAdvisor

2008-03-19 22:51 --------- d-----w C:\Arquivos de programas\dvdSanta

2008-03-11 02:27 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-03-04 02:52 --------- d-----w C:\Arquivos de programas\SiteAdvisor

2008-02-24 21:52 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-02-24 21:51 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-02-24 21:51 --------- d-----w C:\Arquivos de programas\Gootec(2)

2008-02-24 17:13 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\uTorrent

2008-02-24 16:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

2008-02-20 14:14 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-02-19 12:05 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\uTorrent(2)

2008-02-17 01:46 --------- d-----w C:\Arquivos de programas\Java

2008-02-17 01:32 3,082 ----a-w C:\WINDOWS\system32\affv208325p1now.sys

2008-02-17 01:16 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\Sun(3)

2008-02-17 01:16 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\Azureus

2008-02-17 01:16 --------- d-----w C:\Arquivos de programas\Conduit

2008-02-17 01:16 --------- d-----w C:\Arquivos de programas\Best_Security_Tips

2008-02-16 15:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SiteAdvisor

2008-02-16 15:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-02-13 23:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Azureus

2008-02-13 16:29 --------- d-----w C:\Arquivos de programas\CallIT

2008-02-11 14:34 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Autodesk Shared

2008-02-11 13:45 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\Autodesk

2008-02-10 14:49 47,360 ----a-w C:\Documents and Settings\USER\Dados de aplicativos\pcouffin.sys

2008-02-10 14:49 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\Vso

2008-02-10 14:49 --------- d-----w C:\Arquivos de programas\VSO

2008-02-02 16:01 --------- d-----w C:\Documents and Settings\USER\Dados de aplicativos\Winff

2008-01-27 17:11 81,920 ----a-w C:\Documents and Settings\USER\Dados de aplicativos\ezpinst.exe

2008-01-27 17:11 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-01-25 02:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2008-01-09 18:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]

2008-01-16 09:32 1530904 --a------ C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= "C:\Arquivos de programas\Best_Security_Tips\tbBest.dll" [2008-01-16 09:32 1530904]

 

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= C:\Arquivos de programas\Best_Security_Tips\tbBest.dll [2008-01-16 09:32 1530904]

 

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-09 20:41 171448]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

"DLD.EXE"="C:\Arquivos de programas\Download Direct\DLD.exe" [ ]

"ADPHONE"="C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]

"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-10-25 12:56 61440]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-01-23 18:51 185896]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]

"SiteAdvisor"="C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe" [2007-12-04 18:03 36640]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 11:00 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]

VIA RAID TOOL.lnk - C:\Arquivos de programas\VIA\RAID\raid_tool.exe [2006-05-25 22:55:36 585728]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Real\\RealPlayer\\realplay.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Age Of Empires II\\empires2.exe"=

"C:\\Age Of Empires II\\age2_x1.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"23949:TCP"= 23949:TCP:BitComet 23949 TCP

"23949:UDP"= 23949:UDP:BitComet 23949 UDP

"45718:TCP"= 45718:TCP:eMule.TCP

"27419:UDP"= 27419:UDP:emule-UDP

"7845:UDP"= 7845:UDP:ZSNES

"7845:TCP"= 7845:TCP:ZSNES

"52436:TCP"= 52436:TCP:utorrent 1.6

"52436:UDP"= 52436:UDP:utorrent 1.6

 

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-25 02:11:01 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-24 23:19:58

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Arquivos de programas\SiteAdvisor\6253\saHook.dll

.

Tempo para conclusão: 2008-03-24 23:21:14

ComboFix-quarantined-files.txt 2008-03-25 02:21:12

.

2008-03-25 01:08:48 --- E O F ---

[DigRam 144]

Boa Noite! astoufo

 

>@< Poste um novo log do HijackThis.

 

Abraços!

[astoufo 0]

Boa noite! DigRam estou Postando o log do HijackThis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:49:14, on 26/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

C:\Arquivos de programas\Windows Live Toolbar\msn_sl.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Arquivos de programas\Best_Security_Tips\tbBest.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKCU\..\Run: [ADPHONE] C:\Arquivos de programas\CallIT\ADPHONE\ADPHONE.EXE

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?6fc7b623c63940c6b2ca1dab8f2900d3

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?6fc7b623c63940c6b2ca1dab8f2900d3

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {1F831FA6-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Arquivos de programas\AutoCAD 2002 Esp\InstFred.ocx

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Control de AcDcToday) - file://C:\Arquivos de programas\AutoCAD 2002 Esp\AcDcToday.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {AE563726-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Arquivos de programas\AutoCAD 2002 Esp\InstBanr.ocx

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Control AcPreview) - file://C:\Arquivos de programas\AutoCAD 2002 Esp\AcPreview.ocx

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/USER/Desktop/100px-AranhaBicha%5B1%5D.gif

 

--

End of file - 9476 bytes

[DigRam 144]

Bom Dia! astoufo

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

____________________________

 

Quando vou desligar o meu pc aparece a janela ''finalizar programa 29a5ea88'' e depois ''finalizar programa MCI command handling window''.

>@< Esse problema,ainda,está ocorrendo?

____________________________

 

>@< O Log está limpo!

 

Abraços!

[astoufo 0]

olá DigRam!

Agora esta tudo OK,consigo desligar o pc normalmente.

Muito obrigado pela ajuda,valeu!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.