[Resolvido!]Internet Explorer abre sozinho

[Calquito 0]

Olá a todos.

Ultimamente, o meu IE abre sozinho. Não sei se será algum trojan que provoca esta situação.

Deixo aqui o Logfile do HijackThis. Se alguem puder dar uma ajuda, ficaria eternamente grato :grin:

Abraços!

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 16:25:44, on 31-03-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Programas\Winamp\winampa.exe

C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programas\DAEMON Tools Lite\daemon.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\Porto Editora Multimedia\Diciopedia 2008 DVD\TaskIconD2008.exe

C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programas\HijackThis\HiJackThis_v2.exe

C:\WINDOWS\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flirt.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O1 - Hosts: 212.150.54.250 dv-networks.com

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: 299914 helper - {47DF236B-7D10-4C01-9820-50C0D54E7841} - C:\WINDOWS\system32\299914\299914.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe

O4 - HKCU\..\Run: [spyShredder] C:\Program Files\SpyShredder\SpyShredder.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Diciopédia 2008 DVD Tray.lnk = C:\Programas\Porto Editora Multimedia\Diciopedia 2008 DVD\TaskIconD2008.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} (WebInstall Class) - http://xscanner.spyshredderscanner.com/setup/webinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O21 - SSODL: SetupRam - {5b583b62-ad4d-488f-9afd-36a84abbd6ce} - C:\WINDOWS\Installer\{5b583b62-ad4d-488f-9afd-36a84abbd6ce}\SetupRam.dll

O21 - SSODL: zip - {4c26aaee-be36-410d-8266-4430829e11be} - C:\WINDOWS\Installer\{4c26aaee-be36-410d-8266-4430829e11be}\zip.dll

O21 - SSODL: bokpkov - {A1A147ED-D845-4F4B-9BEB-016CACB533C4} - blank (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 8114 bytes

[DigRam 144]

Bom Dia! Calquito

 

>@< Caso possua,desinstale: < BSPlayer >

>@< Instale esta outra versão,que está isenta de adwares: < BSPlayer >

>@< Ps: Não esqueça de descompactá-lo!

___________________________

 

>@< Faça o download do SmitfraudFix.

>@< Salve-o no Disco Local-C e descompacte-o aí mesmo,enviando o executável ( SmitfraudFix.cmd ),para o Desktop.

>@< Reinicie o computador em Modo de Segurança!

>@< Execute o SmitfraudFix.cmd <!>

>@< Aperte a opção 2 >> Enter.

>@< Quando aparecer a mensagem: Do you want to clean the registry,aperte a opção Y >> Enter.

>@< Reinicie,normalmente,o computador!

>@< Caso tenha ocorrido mudanças,no desktop,corrija nas propriedades de vídeo.( Tema )

>@< Copie o Log ( rapport.txt ) e poste,na sua resposta + HijackThis,atualizado.

 

Abraços!

[Calquito 0]

Olá DigRam!

Depois de ter feito tudo o que me pediu, deixo aqui os Logs solicitados.

Só um problema: não consigo postar o Log do rapport.txt porque me diz que é muito longo.

Deixo aqui o log do HijackThis, e aguardo instruções de como lhe fazer chegar o Log do rapport.txt

Desde já lhe agradeço a atenção que deu ao meu problema.

Um abraço!

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 20:58:37, on 01-04-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Programas\Winamp\winampa.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\DAEMON Tools Lite\daemon.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Programas\Porto Editora Multimedia\Diciopedia 2008 DVD\TaskIconD2008.exe

C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\HijackThis\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O1 - Hosts: 212.150.54.250 dv-networks.com

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [spyShredder] C:\Program Files\SpyShredder\SpyShredder.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Diciopédia 2008 DVD Tray.lnk = C:\Programas\Porto Editora Multimedia\Diciopedia 2008 DVD\TaskIconD2008.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} (WebInstall Class) - http://xscanner.spyshredderscanner.com/setup/webinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O21 - SSODL: bokpkov - {A1A147ED-D845-4F4B-9BEB-016CACB533C4} - blank (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 7039 bytes

[DigRam 144]

Boa Noite! Calquito

 

>@< Utilize um servidor,sugiro: < Badongo >

______________________

 

>@< Em Select File,coloque o relatório do SmitfraudFix,que está no PC.

>@< Em Description,digite: Report

>@< Em This material is suitable for minors: Escolha o Sim. ( Yes )

>@< Para enviar,clique no botão Upload.

>@< Terminando,lhe será cedido um link,para download,que voçê nos enviará.

______________________

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares ( TeaTimer ) e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

______________________

 

>@< Poste os relatórios: C:\ComboFix.txt + Log do HJT,atualizado.

 

Abraços!

[Calquito 0]

Olá DigRam!

 

O link para ver o SmitFraudFix rapport é o seguinte:

 

http://www.badongo.com/file/8608816

 

Em seguida, deixo os relatórios pedidos.

Mais uma vez, o meu sincero obrigado pela atenção que tem tido comigo.

Um abraço!

 

ComboFix 08-04-02.1 - Ricardo Freitas 2008-04-03 14:37:21.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.2070.18.200 [GMT 1:00]

Executando de: C:\Documents and Settings\Ricardo Freitas\Ambiente de trabalho\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))

.

 

2008-04-02 06:30 . 2008-04-02 06:30 268 --ah----- C:\sqmdata19.sqm

2008-04-02 06:30 . 2008-04-02 06:30 244 --ah----- C:\sqmnoopt19.sqm

2008-04-02 05:14 . 2008-04-02 05:14 268 --ah----- C:\sqmdata18.sqm

2008-04-02 05:14 . 2008-04-02 05:14 244 --ah----- C:\sqmnoopt18.sqm

2008-04-01 20:47 . 2008-04-01 20:47 2,496 --a------ C:\WINDOWS\system32\tmp.reg

2008-04-01 20:41 . 2008-04-01 20:41 268 --ah----- C:\sqmdata17.sqm

2008-04-01 20:41 . 2008-04-01 20:41 244 --ah----- C:\sqmnoopt17.sqm

2008-04-01 20:37 . 2008-04-01 20:49 <DIR> d-------- C:\SmitfraudFix

2008-04-01 20:35 . 2008-04-01 20:35 1,242,972 --a------ C:\SmitfraudFix.zip

2008-04-01 11:24 . 2008-04-01 11:24 268 --ah----- C:\sqmdata16.sqm

2008-04-01 11:24 . 2008-04-01 11:24 244 --ah----- C:\sqmnoopt16.sqm

2008-04-01 10:10 . 2008-04-01 10:10 268 --ah----- C:\sqmdata15.sqm

2008-04-01 10:10 . 2008-04-01 10:10 244 --ah----- C:\sqmnoopt15.sqm

2008-04-01 02:12 . 2008-04-01 02:12 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\Application Data\dvdcss

2008-04-01 02:10 . 2008-04-01 02:10 0 --a------ C:\WINDOWS\iPlayer.INI

2008-03-31 19:07 . 2002-11-21 10:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll

2008-03-31 19:07 . 2002-11-21 10:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll

2008-03-31 19:07 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll

2008-03-31 19:07 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll

2008-03-31 19:07 . 2002-11-21 10:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll

2008-03-31 19:07 . 2003-07-14 16:49 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll

2008-03-31 19:07 . 2002-11-21 10:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll

2008-03-31 18:57 . 2008-03-31 18:57 268 --ah----- C:\sqmdata14.sqm

2008-03-31 18:57 . 2008-03-31 18:57 244 --ah----- C:\sqmnoopt14.sqm

2008-03-31 16:06 . 2008-03-31 16:06 268 --ah----- C:\sqmdata13.sqm

2008-03-31 16:06 . 2008-03-31 16:06 244 --ah----- C:\sqmnoopt13.sqm

2008-03-31 15:53 . 2008-03-31 15:53 268 --ah----- C:\sqmdata12.sqm

2008-03-31 15:53 . 2008-03-31 15:53 244 --ah----- C:\sqmnoopt12.sqm

2008-03-31 06:43 . 2008-03-31 06:43 268 --ah----- C:\sqmdata11.sqm

2008-03-31 06:43 . 2008-03-31 06:43 244 --ah----- C:\sqmnoopt11.sqm

2008-03-31 01:20 . 2008-03-31 01:20 268 --ah----- C:\sqmdata10.sqm

2008-03-31 01:20 . 2008-03-31 01:20 244 --ah----- C:\sqmnoopt10.sqm

2008-03-30 19:39 . 2008-03-30 19:39 268 --ah----- C:\sqmdata09.sqm

2008-03-30 19:39 . 2008-03-30 19:39 244 --ah----- C:\sqmnoopt09.sqm

2008-03-30 04:04 . 2008-03-30 04:04 268 --ah----- C:\sqmdata08.sqm

2008-03-30 04:04 . 2008-03-30 04:04 244 --ah----- C:\sqmnoopt08.sqm

2008-03-29 18:41 . 2008-03-29 18:41 268 --ah----- C:\sqmdata07.sqm

2008-03-29 18:41 . 2008-03-29 18:41 244 --ah----- C:\sqmnoopt07.sqm

2008-03-29 18:26 . 2008-03-29 18:26 <DIR> d-------- C:\Documents and Settings\Administrador.RICARDOFREITAS\Application Data\Talkback

2008-03-29 18:25 . 2008-03-06 14:24 <DIR> d-------- C:\Documents and Settings\Administrador.RICARDOFREITAS\Os meus documentos

2008-03-29 18:25 . 2008-03-06 14:34 <DIR> d--h----- C:\Documents and Settings\Administrador.RICARDOFREITAS\Modelos

2008-03-29 18:25 . 2008-03-06 14:24 <DIR> dr------- C:\Documents and Settings\Administrador.RICARDOFREITAS\Menu Iniciar

2008-03-29 18:25 . 2008-03-06 14:24 <DIR> d-------- C:\Documents and Settings\Administrador.RICARDOFREITAS\Favoritos

2008-03-29 18:25 . 2008-04-03 14:34 <DIR> d--h----- C:\Documents and Settings\Administrador.RICARDOFREITAS\Definições locais

2008-03-29 18:25 . 2008-03-06 14:24 <DIR> d-------- C:\Documents and Settings\Administrador.RICARDOFREITAS\Ambiente de trabalho

2008-03-29 18:23 . 2008-03-29 18:23 268 --ah----- C:\sqmdata06.sqm

2008-03-29 18:23 . 2008-03-29 18:23 244 --ah----- C:\sqmnoopt06.sqm

2008-03-29 14:14 . 2008-03-29 14:14 268 --ah----- C:\sqmdata05.sqm

2008-03-29 14:14 . 2008-03-29 14:14 244 --ah----- C:\sqmnoopt05.sqm

2008-03-29 11:43 . 2008-03-29 11:43 268 --ah----- C:\sqmdata04.sqm

2008-03-29 11:43 . 2008-03-29 11:43 244 --ah----- C:\sqmnoopt04.sqm

2008-03-28 13:51 . 2008-03-28 13:51 268 --ah----- C:\sqmdata03.sqm

2008-03-28 13:51 . 2008-03-28 13:51 244 --ah----- C:\sqmnoopt03.sqm

2008-03-27 18:13 . 2008-03-27 18:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft

2008-03-27 17:58 . 2008-03-27 19:34 1,552 --a------ C:\Uninstall.lnk

2008-03-27 17:53 . 2008-03-27 17:54 31,232 --a------ C:\a

2008-03-25 13:16 . 2008-03-25 13:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HipSoft

2008-03-25 13:15 . 2008-03-25 13:15 <DIR> d-------- C:\Programas\MumboJumbo

2008-03-24 13:45 . 2004-08-30 15:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll

2008-03-24 13:45 . 2004-12-10 11:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax

2008-03-24 13:45 . 2007-04-12 16:01 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL

2008-03-24 13:19 . 2008-03-24 13:20 <DIR> d-------- C:\Programas\EA SPORTS

2008-03-23 02:24 . 2005-06-15 04:00 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll

2008-03-23 02:23 . 2008-03-23 02:24 <DIR> d-------- C:\Programas\eXtreme Movie Manager

2008-03-23 02:23 . 2000-05-22 00:00 1,009,336 --a------ C:\WINDOWS\system32\Mschrt20.ocx

2008-03-21 01:20 . 2008-03-21 01:20 <DIR> d-------- C:\Programas\BT Next Evolution

2008-03-21 00:44 . 2008-03-21 00:44 1,142 --a------ C:\WINDOWS\mozver.dat

2008-03-21 00:42 . 2008-03-21 00:42 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\Application Data\Talkback

2008-03-21 00:42 . 2008-03-21 00:42 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-20 13:40 . 2008-03-21 04:01 <DIR> d-------- C:\Programas\Uplink

2008-03-20 13:40 . 2008-03-20 13:40 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\WINDOWS

2008-03-20 13:40 . 1997-11-19 16:49 303,616 --a------ C:\WINDOWS\IsUninst.exe

2008-03-19 19:51 . 2008-03-19 19:51 <DIR> d-------- C:\Programas\Apple Software Update

2008-03-19 19:51 . 2008-03-19 19:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple

2008-03-14 14:50 . 2008-03-14 14:50 85 --a------ C:\WINDOWS\wininit.ini

2008-03-14 13:28 . 2008-03-14 13:28 <DIR> d-------- C:\Programas\Lavasoft

2008-03-14 13:28 . 2008-03-14 13:28 <DIR> d-------- C:\Programas\Ficheiros comuns\Wise Installation Wizard

2008-03-14 13:28 . 2008-03-14 13:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-03-14 13:27 . 2008-03-14 13:27 <DIR> d-------- C:\Programas\Spybot - Search & Destroy

2008-03-14 13:27 . 2008-03-14 14:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2008-03-14 01:00 . 2008-03-14 01:00 <DIR> d-------- C:\Programas\CCleaner

2008-03-14 00:46 . 2008-04-03 13:31 268 --ah----- C:\sqmdata02.sqm

2008-03-14 00:46 . 2008-04-03 13:31 244 --ah----- C:\sqmnoopt02.sqm

2008-03-14 00:27 . 2008-03-13 17:34 266,240 --a------ C:\WINDOWS\drnpfdxrqv.dll

2008-03-14 00:27 . 2008-03-13 17:34 249,856 --a------ C:\WINDOWS\altvxvm.dll

2008-03-13 23:27 . 2008-03-13 23:27 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\Application Data\AVSMedia

2008-03-13 23:27 . 2008-03-13 23:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU

2008-03-13 23:25 . 2008-03-14 00:39 <DIR> d-------- C:\Programas\Ficheiros comuns\AVSMedia

2008-03-13 23:22 . 2008-04-01 02:11 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-13 11:30 . 2008-04-03 08:38 268 --ah----- C:\sqmdata01.sqm

2008-03-13 11:30 . 2008-04-03 08:38 244 --ah----- C:\sqmnoopt01.sqm

2008-03-12 11:56 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-12 11:56 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-12 11:56 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-12 11:55 . 2008-04-03 07:46 268 --ah----- C:\sqmdata00.sqm

2008-03-12 11:55 . 2008-04-03 07:46 244 --ah----- C:\sqmnoopt00.sqm

2008-03-11 23:53 . 2008-03-11 23:53 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\Contacts

2008-03-11 23:46 . 2008-03-11 23:52 <DIR> d-------- C:\Programas\Windows Live

2008-03-11 23:27 . 2008-03-11 23:51 <DIR> d--hsc--- C:\Programas\Ficheiros comuns\WindowsLiveInstaller

2008-03-11 23:26 . 2008-03-11 23:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-31 18:07 --------- d-----w C:\Programas\Ficheiros comuns\InterVideo

2008-03-24 12:45 --------- d--h--w C:\Programas\InstallShield Installation Information

2008-03-21 13:16 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS

2008-03-11 12:28 --------- d-----w C:\Programas\Ficheiros comuns\Ahead

2008-03-10 18:48 --------- d-----w C:\Programas\Ficheiros comuns\Adobe

2008-03-05 14:19 --------- d-----w C:\Documents and Settings\DJ Freitas\Application Data\Skype

2008-02-25 15:55 --------- d-----w C:\Documents and Settings\DJ Freitas\Application Data\uTorrent

2008-02-24 17:36 --------- d-----w C:\Programas\Ficheiros comuns\InstallShield

2008-02-18 12:54 --------- d-----w C:\Programas\ratDVD

2007-02-08 17:21 20,904 -c--a-w C:\Documents and Settings\DJ Freitas\Application Data\GDIPFONTCACHEV1.DAT

2005-05-23 14:27 4,187 -c--a-w C:\Programas\0x0409.ini

2003-05-14 22:10 308,278 ----a-w C:\Programas\00000000.256

2003-05-14 22:10 153,718 ----a-w C:\Programas\00000000.016

.

 

------- Sigcheck -------

 

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2008-03-21 14:16 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\dllcache\TCPIP.SYS

2008-03-21 14:16 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\TCPIP.SYS

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"swg"="C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-07 00:12 171448]

"DAEMON Tools Lite"="C:\Programas\DAEMON Tools Lite\daemon.exe" [2008-02-14 00:09 486856]

"MsnMsgr"="C:\Programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"SpybotSD TeaTimer"="C:\Programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

"SpyShredder"="C:\Program Files\SpyShredder\SpyShredder.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2001-12-31 17:04 3756032]

"nwiz"="nwiz.exe" [2001-12-31 17:04 831488 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2001-12-31 17:04 46080]

"Cmaudio"="cmicnfg.cpl" []

"WinampAgent"="C:\Programas\Winamp\winampa.exe" [2005-10-20 19:32 33792]

"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2007-06-29 07:24 286720]

"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"RegistryMechanic"="" []

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Arranque\

Diciop‚dia 2008 DVD Tray.lnk - C:\Programas\Porto Editora Multimedia\Diciopedia 2008 DVD\TaskIconD2008.exe [2007-08-29 16:55:36 676528]

InterVideo WinCinema Manager.lnk - C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-03-31 19:07:49 278528]

Microsoft Office.lnk - C:\Programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04 83360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"bokpkov"= {A1A147ED-D845-4F4B-9BEB-016CACB533C4} - blank [ ]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programas\\BT Next Evolution\\btnext.exe"=

"C:\\Programas\\SopCast\\adv\\SopAdver.exe"=

"C:\\Programas\\SopCast\\SopCast.exe"=

"C:\\Programas\\TVUPlayer\\TVUPlayer.exe"=

"C:\\Programas\\InterVideo\\DVD7\\WinDVD.exe"=

"C:\\Programas\\Porto Editora Multimedia\\Diciopedia 2008 DVD\\diciop.exe"=

"C:\\Programas\\Windows Media Player\\wmplayer.exe"=

"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"=

 

R3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 22:38]

R3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 12:58]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-27 16:51:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-03 14:38:57

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-04-03 14:39:27

ComboFix-quarantined-files.txt 2008-04-03 13:39:25

ComboFix2.txt 2008-04-03 13:34:22

Pre-Run: 50,044,116,992 bytes livres

Post-Run: 50,036,772,864 bytes livres

.

2008-03-27 18:56:35 --- E O F ---

 

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 14:40:37, on 03-04-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programas\Winamp\winampa.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programas\DAEMON Tools Lite\daemon.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Programas\Porto Editora Multimedia\Diciopedia 2008 DVD\TaskIconD2008.exe

C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Programas\HijackThis\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O1 - Hosts: 212.150.54.250 dv-networks.com

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [spyShredder] C:\Program Files\SpyShredder\SpyShredder.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Diciopédia 2008 DVD Tray.lnk = C:\Programas\Porto Editora Multimedia\Diciopedia 2008 DVD\TaskIconD2008.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} (WebInstall Class) - http://xscanner.spyshredderscanner.com/setup/webinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O21 - SSODL: bokpkov - {A1A147ED-D845-4F4B-9BEB-016CACB533C4} - blank (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 7147 bytes

[DigRam 144]

Boa Tarde! Calquito

 

Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\Program Files\SpyShredder\SpyShredder.exe

C:\sqmdata19.sqm

C:\sqmnoopt19.sqm

C:\sqmdata18.sqm

C:\sqmnoopt18.sqm

C:\sqmdata17.sqm

C:\sqmnoopt17.sqm

C:\sqmdata16.sqm

C:\sqmnoopt16.sqm

C:\sqmdata15.sqm

C:\sqmnoopt15.sqm

C:\sqmdata14.sqm

C:\sqmnoopt14.sqm

C:\sqmdata13.sqm

C:\sqmnoopt13.sqm

C:\sqmdata12.sqm

C:\sqmnoopt12.sqm

C:\sqmdata11.sqm

C:\sqmnoopt11.sqm

C:\sqmdata10.sqm

C:\sqmnoopt10.sqm

C:\sqmdata09.sqm

C:\sqmnoopt09.sqm

C:\sqmdata08.sqm

C:\sqmnoopt08.sqm

C:\sqmdata07.sqm

C:\sqmnoopt07.sqm

C:\sqmdata06.sqm

C:\sqmnoopt06.sqm

C:\sqmdata05.sqm

C:\sqmnoopt05.sqm

C:\sqmdata04.sqm

C:\sqmnoopt04.sqm

C:\sqmdata03.sqm

C:\sqmnoopt03.sqm

C:\sqmdata02.sqm

C:\sqmnoopt02.sqm

C:\sqmdata01.sqm

C:\sqmnoopt01.sqm

C:\sqmdata00.sqm

C:\sqmnoopt00.sqm

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpyShredder"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"bokpkov"=-

Folder::

C:\Program Files\SpyShredder

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

 

 

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Caso não reinicie,faça-o manualmente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[Calquito 0]

Olá DigRam!

Depois dos procedimentos realizados, seguem os logs pedidos.

Um abraço!

 

ComboFix 08-04-02.1 - Ricardo Freitas 2008-04-04 0:31:38.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.2070.18.299 [GMT 1:00]

Executando de: C:\Documents and Settings\Ricardo Freitas\Ambiente de trabalho\ComboFix.exe

Command switches used :: C:\Documents and Settings\Ricardo Freitas\Ambiente de trabalho\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\Program Files\SpyShredder\SpyShredder.exe

C:\sqmdata00.sqm

C:\sqmdata01.sqm

C:\sqmdata02.sqm

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmdata05.sqm

C:\sqmdata06.sqm

C:\sqmdata07.sqm

C:\sqmdata08.sqm

C:\sqmdata09.sqm

C:\sqmdata10.sqm

C:\sqmdata11.sqm

C:\sqmdata12.sqm

C:\sqmdata13.sqm

C:\sqmdata14.sqm

C:\sqmdata15.sqm

C:\sqmdata16.sqm

C:\sqmdata17.sqm

C:\sqmdata18.sqm

C:\sqmdata19.sqm

C:\sqmnoopt00.sqm

C:\sqmnoopt01.sqm

C:\sqmnoopt02.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\sqmnoopt05.sqm

C:\sqmnoopt06.sqm

C:\sqmnoopt07.sqm

C:\sqmnoopt08.sqm

C:\sqmnoopt09.sqm

C:\sqmnoopt10.sqm

C:\sqmnoopt11.sqm

C:\sqmnoopt12.sqm

C:\sqmnoopt13.sqm

C:\sqmnoopt14.sqm

C:\sqmnoopt15.sqm

C:\sqmnoopt16.sqm

C:\sqmnoopt17.sqm

C:\sqmnoopt18.sqm

C:\sqmnoopt19.sqm

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\SpyShredder

C:\Program Files\SpyShredder\SpyShredder.lic

C:\Program Files\SpyShredder\SpyShredder0.ss

C:\Program Files\SpyShredder\SpyShredder1.ss

C:\sqmdata00.sqm

C:\sqmdata01.sqm

C:\sqmdata02.sqm

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmdata05.sqm

C:\sqmdata06.sqm

C:\sqmdata07.sqm

C:\sqmdata08.sqm

C:\sqmdata09.sqm

C:\sqmdata10.sqm

C:\sqmdata11.sqm

C:\sqmdata12.sqm

C:\sqmdata13.sqm

C:\sqmdata14.sqm

C:\sqmdata15.sqm

C:\sqmdata16.sqm

C:\sqmdata17.sqm

C:\sqmdata18.sqm

C:\sqmdata19.sqm

C:\sqmnoopt00.sqm

C:\sqmnoopt01.sqm

C:\sqmnoopt02.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\sqmnoopt05.sqm

C:\sqmnoopt06.sqm

C:\sqmnoopt07.sqm

C:\sqmnoopt08.sqm

C:\sqmnoopt09.sqm

C:\sqmnoopt10.sqm

C:\sqmnoopt11.sqm

C:\sqmnoopt12.sqm

C:\sqmnoopt13.sqm

C:\sqmnoopt14.sqm

C:\sqmnoopt15.sqm

C:\sqmnoopt16.sqm

C:\sqmnoopt17.sqm

C:\sqmnoopt18.sqm

C:\sqmnoopt19.sqm

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))

.

 

2008-04-03 17:12 . 2008-04-03 17:13 <DIR> d-------- C:\Programas\Crazy Machines

2008-04-01 20:47 . 2008-04-01 20:47 2,496 --a------ C:\WINDOWS\system32\tmp.reg

2008-04-01 20:37 . 2008-04-01 20:49 <DIR> d-------- C:\SmitfraudFix

2008-04-01 20:35 . 2008-04-01 20:35 1,242,972 --a------ C:\SmitfraudFix.zip

2008-04-01 02:12 . 2008-04-01 02:12 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\Application Data\dvdcss

2008-04-01 02:10 . 2008-04-01 02:10 0 --a------ C:\WINDOWS\iPlayer.INI

2008-03-31 19:07 . 2002-11-21 10:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll

2008-03-31 19:07 . 2002-11-21 10:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll

2008-03-31 19:07 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll

2008-03-31 19:07 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll

2008-03-31 19:07 . 2002-11-21 10:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll

2008-03-31 19:07 . 2003-07-14 16:49 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll

2008-03-31 19:07 . 2002-11-21 10:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll

2008-03-29 18:26 . 2008-03-29 18:26 <DIR> d-------- C:\Documents and Settings\Administrador.RICARDOFREITAS\Application Data\Talkback

2008-03-29 18:25 . 2008-03-06 14:24 <DIR> d-------- C:\Documents and Settings\Administrador.RICARDOFREITAS\Os meus documentos

2008-03-29 18:25 . 2008-03-06 14:34 <DIR> d--h----- C:\Documents and Settings\Administrador.RICARDOFREITAS\Modelos

2008-03-29 18:25 . 2008-03-06 14:24 <DIR> dr------- C:\Documents and Settings\Administrador.RICARDOFREITAS\Menu Iniciar

2008-03-29 18:25 . 2008-03-06 14:24 <DIR> d-------- C:\Documents and Settings\Administrador.RICARDOFREITAS\Favoritos

2008-03-29 18:25 . 2008-04-03 14:39 <DIR> d--h----- C:\Documents and Settings\Administrador.RICARDOFREITAS\Definições locais

2008-03-29 18:25 . 2008-03-06 14:24 <DIR> d-------- C:\Documents and Settings\Administrador.RICARDOFREITAS\Ambiente de trabalho

2008-03-27 18:13 . 2008-03-27 18:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft

2008-03-27 17:58 . 2008-03-27 19:34 1,552 --a------ C:\Uninstall.lnk

2008-03-27 17:53 . 2008-03-27 17:54 31,232 --a------ C:\a

2008-03-25 13:16 . 2008-03-25 13:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HipSoft

2008-03-25 13:15 . 2008-03-25 13:15 <DIR> d-------- C:\Programas\MumboJumbo

2008-03-24 13:45 . 2004-08-30 15:25 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll

2008-03-24 13:45 . 2004-12-10 11:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax

2008-03-24 13:45 . 2007-04-12 16:01 118,832 --a------ C:\WINDOWS\system32\SHW32.DLL

2008-03-24 13:19 . 2008-03-24 13:20 <DIR> d-------- C:\Programas\EA SPORTS

2008-03-23 02:24 . 2005-06-15 04:00 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll

2008-03-23 02:23 . 2008-03-23 02:24 <DIR> d-------- C:\Programas\eXtreme Movie Manager

2008-03-23 02:23 . 2000-05-22 00:00 1,009,336 --a------ C:\WINDOWS\system32\Mschrt20.ocx

2008-03-21 01:20 . 2008-03-21 01:20 <DIR> d-------- C:\Programas\BT Next Evolution

2008-03-21 00:44 . 2008-03-21 00:44 1,142 --a------ C:\WINDOWS\mozver.dat

2008-03-21 00:42 . 2008-03-21 00:42 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\Application Data\Talkback

2008-03-21 00:42 . 2008-03-21 00:42 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-20 13:40 . 2008-03-21 04:01 <DIR> d-------- C:\Programas\Uplink

2008-03-20 13:40 . 2008-03-20 13:40 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\WINDOWS

2008-03-20 13:40 . 1997-11-19 16:49 303,616 --a------ C:\WINDOWS\IsUninst.exe

2008-03-19 19:51 . 2008-03-19 19:51 <DIR> d-------- C:\Programas\Apple Software Update

2008-03-19 19:51 . 2008-03-19 19:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple

2008-03-14 14:50 . 2008-03-14 14:50 85 --a------ C:\WINDOWS\wininit.ini

2008-03-14 13:28 . 2008-03-14 13:28 <DIR> d-------- C:\Programas\Lavasoft

2008-03-14 13:28 . 2008-03-14 13:28 <DIR> d-------- C:\Programas\Ficheiros comuns\Wise Installation Wizard

2008-03-14 13:28 . 2008-03-14 13:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-03-14 13:27 . 2008-03-14 13:27 <DIR> d-------- C:\Programas\Spybot - Search & Destroy

2008-03-14 13:27 . 2008-03-14 14:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2008-03-14 01:00 . 2008-03-14 01:00 <DIR> d-------- C:\Programas\CCleaner

2008-03-14 00:27 . 2008-03-13 17:34 266,240 --a------ C:\WINDOWS\drnpfdxrqv.dll

2008-03-14 00:27 . 2008-03-13 17:34 249,856 --a------ C:\WINDOWS\altvxvm.dll

2008-03-13 23:27 . 2008-03-13 23:27 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\Application Data\AVSMedia

2008-03-13 23:27 . 2008-03-13 23:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU

2008-03-13 23:25 . 2008-03-14 00:39 <DIR> d-------- C:\Programas\Ficheiros comuns\AVSMedia

2008-03-13 23:22 . 2008-04-01 02:11 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-12 11:56 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-12 11:56 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-12 11:56 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-11 23:53 . 2008-03-11 23:53 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\Contacts

2008-03-11 23:46 . 2008-03-11 23:52 <DIR> d-------- C:\Programas\Windows Live

2008-03-11 23:27 . 2008-03-11 23:51 <DIR> d--hsc--- C:\Programas\Ficheiros comuns\WindowsLiveInstaller

2008-03-11 23:26 . 2008-03-11 23:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller

2008-03-11 23:12 . 2008-03-11 23:12 20,752 --a------ C:\Documents and Settings\Ricardo Freitas\Application Data\GDIPFONTCACHEV1.DAT

2008-03-11 23:03 . 2008-03-11 23:07 359 --a------ C:\WINDOWS\CDPLAYER.INI

2008-03-11 22:50 . 2008-03-11 22:51 <DIR> d-------- C:\Programas\Easy CD-DA Extractor 8

2008-03-11 13:30 . 2008-03-11 13:30 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\Application Data\Ahead

2008-03-11 13:28 . 2008-03-11 13:28 <DIR> d-------- C:\Programas\Nero

2008-03-11 13:22 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-11 01:59 . 2008-03-11 01:59 <DIR> d-------- C:\Programas\Declarações Electrónicas

2008-03-10 23:50 . 2008-03-11 13:22 <DIR> d-------- C:\Programas\Java

2008-03-10 02:10 . 2008-03-10 02:10 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2008-03-08 17:00 . 2008-03-10 19:51 <DIR> d-------- C:\Programas\WinImage

2008-03-08 14:24 . 2008-03-08 14:24 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\Application Data\Porto Editora

2008-03-08 14:24 . 2008-03-08 14:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Porto Editora

2008-03-08 14:23 . 2008-03-08 14:23 <DIR> dr-h----- C:\Documents and Settings\Ricardo Freitas\Application Data\SecuROM

2008-03-08 14:23 . 2008-03-08 14:23 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-03-08 14:10 . 2008-03-08 14:10 <DIR> d-------- C:\Programas\Porto Editora Multimedia

2008-03-08 14:01 . 2008-03-08 14:01 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\Application Data\InterVideo

2008-03-08 13:57 . 2008-03-08 13:57 <DIR> d-------- C:\Programas\MSXML 4.0

2008-03-08 13:48 . 2008-03-08 13:48 <DIR> d-------- C:\Programas\InterVideo

2008-03-08 13:48 . 2008-03-08 13:48 <DIR> d-------- C:\Programas\Creative

2008-03-08 13:48 . 2003-01-27 17:32 831,600 --a------ C:\WINDOWS\system32\Ctaa1.dat

2008-03-08 13:48 . 2003-11-11 11:44 333,600 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys

2008-03-08 13:48 . 2003-11-11 11:43 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll

2008-03-07 15:05 . 2008-03-07 15:06 <DIR> d-------- C:\Programas\QuickTime

2008-03-07 15:05 . 2008-03-07 15:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer

2008-03-07 14:55 . 2008-03-07 14:55 <DIR> d-------- C:\Programas\Alcohol Soft

2008-03-07 14:17 . 2008-03-07 14:24 276 --a------ C:\WINDOWS\system\cmicnfg.ini

2008-03-07 03:24 . 2005-09-14 20:17 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys

2008-03-07 03:23 . 2008-03-07 03:26 <DIR> d-------- C:\Programas\Winamp

2008-03-07 02:36 . 2004-08-04 00:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys

2008-03-07 02:36 . 2004-08-04 00:15 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys

2008-03-07 02:36 . 2004-08-04 01:57 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax

2008-03-07 02:36 . 2004-08-04 01:57 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax

2008-03-07 02:36 . 2004-08-04 00:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2008-03-07 02:36 . 2004-08-04 00:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys

2008-03-07 02:36 . 2004-08-04 01:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

2008-03-07 02:36 . 2004-08-04 01:56 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll

2008-03-07 01:32 . 2008-03-07 01:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles

2008-03-07 01:30 . 2001-12-31 17:04 5,099,520 -ra------ C:\WINDOWS\system32\nvoglnt.dll

2008-03-07 00:56 . 2008-03-07 00:56 <DIR> d-------- C:\Documents and Settings\Ricardo Freitas\Application Data\vlc

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-03 16:12 --------- d--h--w C:\Programas\InstallShield Installation Information

2008-03-31 18:07 --------- d-----w C:\Programas\Ficheiros comuns\InterVideo

2008-03-21 13:16 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS

2008-03-11 12:28 --------- d-----w C:\Programas\Ficheiros comuns\Ahead

2008-03-10 18:48 --------- d-----w C:\Programas\Ficheiros comuns\Adobe

2008-03-05 14:19 --------- d-----w C:\Documents and Settings\DJ Freitas\Application Data\Skype

2008-02-25 15:55 --------- d-----w C:\Documents and Settings\DJ Freitas\Application Data\uTorrent

2008-02-24 17:36 --------- d-----w C:\Programas\Ficheiros comuns\InstallShield

2008-02-18 12:54 --------- d-----w C:\Programas\ratDVD

2007-02-08 17:21 20,904 -c--a-w C:\Documents and Settings\DJ Freitas\Application Data\GDIPFONTCACHEV1.DAT

2005-05-23 14:27 4,187 -c--a-w C:\Programas\0x0409.ini

2003-05-14 22:10 308,278 ----a-w C:\Programas\00000000.256

2003-05-14 22:10 153,718 ----a-w C:\Programas\00000000.016

.

 

------- Sigcheck -------

 

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2008-03-21 14:16 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\dllcache\TCPIP.SYS

2008-03-21 14:16 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\TCPIP.SYS

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"swg"="C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-07 00:12 171448]

"DAEMON Tools Lite"="C:\Programas\DAEMON Tools Lite\daemon.exe" [2008-02-14 00:09 486856]

"MsnMsgr"="C:\Programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"SpybotSD TeaTimer"="C:\Programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2001-12-31 17:04 3756032]

"nwiz"="nwiz.exe" [2001-12-31 17:04 831488 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2001-12-31 17:04 46080]

"Cmaudio"="cmicnfg.cpl" []

"WinampAgent"="C:\Programas\Winamp\winampa.exe" [2005-10-20 19:32 33792]

"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2007-06-29 07:24 286720]

"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"RegistryMechanic"="" []

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

 

C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Arranque\

Diciop‚dia 2008 DVD Tray.lnk - C:\Programas\Porto Editora Multimedia\Diciopedia 2008 DVD\TaskIconD2008.exe [2007-08-29 16:55:36 676528]

InterVideo WinCinema Manager.lnk - C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-03-31 19:07:49 278528]

Microsoft Office.lnk - C:\Programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04 83360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programas\\BT Next Evolution\\btnext.exe"=

"C:\\Programas\\SopCast\\adv\\SopAdver.exe"=

"C:\\Programas\\SopCast\\SopCast.exe"=

"C:\\Programas\\TVUPlayer\\TVUPlayer.exe"=

"C:\\Programas\\InterVideo\\DVD7\\WinDVD.exe"=

"C:\\Programas\\Porto Editora Multimedia\\Diciopedia 2008 DVD\\diciop.exe"=

"C:\\Programas\\Windows Media Player\\wmplayer.exe"=

"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"=

 

R3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 22:38]

R3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 12:58]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-03 15:51:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-04 00:34:04

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-04-04 0:34:39

ComboFix-quarantined-files.txt 2008-04-03 23:34:36

Pre-Run: 49,729,159,168 bytes livres

Post-Run: 49,720,418,304 bytes livres

.

2008-03-27 18:56:35 --- E O F ---

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 0:39:41, on 04-04-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Programas\Winamp\winampa.exe

C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programas\DAEMON Tools Lite\daemon.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Programas\Porto Editora Multimedia\Diciopedia 2008 DVD\TaskIconD2008.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\HijackThis\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O1 - Hosts: 212.150.54.250 dv-networks.com

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Diciopédia 2008 DVD Tray.lnk = C:\Programas\Porto Editora Multimedia\Diciopedia 2008 DVD\TaskIconD2008.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} (WebInstall Class) - http://xscanner.spyshredderscanner.com/setup/webinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 7200 bytes

[DigRam 144]

Boa Noite! Calquito

 

>@< Faça o download da EliStarA.

>@< Na página,clique no botão: Descargar EliStarA v xx.xx,que fica situado ao pé da página.

>@< Salve a ferramenta no Desktop!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpyware.

>@< Reinicie o computador em Modo de Segurança. << Importante!

>@< Vá ao ícone de EliStarA e execute-a!

>@< Aguarde! Aceite,quando solicitado,o scan exploratório da ferramenta.

>@< Terminando,será gerado um relatório ( infoSat.txt ),no Disco Local-C.

>@< A ferramenta deletará,a sua página inicial,posteriormente voçê à configurará novamente.

>@< Reinicie,normalmente,o computador!

>@< Faça e poste,na sua resposta: infoSat.txt + HJT,atualizado.

 

Abraços!

[Calquito 0]

Boa noite DigRam!

Seguem os logs pedidos.

Um abraço!

 

 

Fri Apr 04 02:18:42 2008

EliStartPage v15.98 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\Downloaded Program Files\SETUP.INF --> Eliminado, DownLoader.Adload.PI(inf)

 

Nº Total de Directorios: 5740

Nº Total de Ficheros: 47084

Nº de Ficheros Analizados: 13098

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 2:41:41, on 04-04-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Programas\Winamp\winampa.exe

C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programas\DAEMON Tools Lite\daemon.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\HijackThis\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O1 - Hosts: 212.150.54.250 dv-networks.com

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} (WebInstall Class) - http://xscanner.spyshredderscanner.com/setup/webinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 6682 bytes

[DigRam 144]

Bom Dia! Calquito

 

>@< Faça o download do HostsXpert.

>@< Descompacte-o e mova o executável ( HostsXpert.exe ),para o Desktop.( Atalho )

>@< Feche todas as janelas e o navegador!

>@< Clique em Restore Microsoft's Hosts file >> Ok.

>@< Finalize o programa!

>@< Reinicie,o computador!

____________________________

 

>@< Em Modo de Segurança,execute novamente,o SmitfraudFix,e poste o relatório. ( rapport.txt )

>@< Creio que para este relatório,podemos dispensar o servidor.

 

Poste:

 

rapport.txt

HijackThis,atualizado.

 

Abraços!

[Calquito 0]

Bom dia DigRam!.

Depois de ter feito o que me pediu, deixo aqui os relatórios.

Um abraço!

 

SmitFraudFix v2.309

 

Scan done at 11:30:27,35, 04-04-2008

Run from C:\SmitfraudFix

OS: Microsoft Windows XP [VersÆo 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ricardo Freitas

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ricardo Freitas\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RICARD~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programas

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E94CFB7F-1B65-4A38-8D71-26130C451147}: DhcpNameServer=212.113.164.57 212.113.164.56 212.113.164.49 212.113.164.48

HKLM\SYSTEM\CS1\Services\Tcpip\..\{E94CFB7F-1B65-4A38-8D71-26130C451147}: DhcpNameServer=212.113.164.57 212.113.164.56 212.113.164.49 212.113.164.48

HKLM\SYSTEM\CS2\Services\Tcpip\..\{E94CFB7F-1B65-4A38-8D71-26130C451147}: DhcpNameServer=212.113.164.57 212.113.164.56 212.113.164.49 212.113.164.48

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.113.164.57 212.113.164.56 212.113.164.49 212.113.164.48

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.113.164.57 212.113.164.56 212.113.164.49 212.113.164.48

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.113.164.57 212.113.164.56 212.113.164.49 212.113.164.48

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:36:37, on 04-04-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Programas\Winamp\winampa.exe

C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programas\DAEMON Tools Lite\daemon.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\Programas\HijackThis\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [WinampAgent] C:\Programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} (WebInstall Class) - http://xscanner.spyshredderscanner.com/setup/webinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 6564 bytes

[DigRam 144]

Bom Dia! Calquito

 

>@< Abra o HijackThis,e dê Fix nesas entradas:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

 

>@< Estabeleça a sua página inicial!

__________________________

 

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Analisar >> Executar Limpeza.

>@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros selecionados.

__________________________

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< O seu Log está limpo!

>@< O Internet Explorer,ainda,abre espontaneamente?

 

Abraços!

[Calquito 0]

Bom dia DigRam!

Fiz tudo como você explicou, e o IE já não abre espontaneamente!!!

Penso que o problema ficou resolvido!!!

Muito obrigado pela atenção que teve para comigo e pelo tempo gasto por você na resolução do meu problema.

Parabens pelo vosso trabalho e pela vossa dedicação!!!

DigRam, Um grande abraço aqui de Portugal!!!

Obrigado por tudo!!!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.