[Arquivado] Infestação de Pop up's ,PC lento , anti virus e anti s

[decapitated_blond 0]

estou um bocado desesperado, abrem pop ups de 5 em5 segudos, o meu pc está EXTREMAMENTE lento,

um amigo recomendou-me o forum :clap:

será que alguem pode dar uma ajudinha ? :rolleyes:

 

log do hijack

 

Logfile of HijackThis v1.99.1

Scan saved at 05:46:48, on 29-04-2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\autoclk.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [autoclk] autoclk.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\vtUkKDSl.dll,#1

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Marco\AppData\Local\Temp\fccbYoNF.dll,c

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Marco\AppData\Local\Temp\yayxyvwx.dll,#1

O4 - HKCU\..\Run: [1c879655] rundll32.exe "C:\Users\Marco\AppData\Local\Temp\heetlvyy.dll",b

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bM1fb4a5c9] Rundll32.exe "C:\Users\Marco\AppData\Local\Temp\ucrryunh.dll",s

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{25AC8041-0A06-4745-A339-5F09FC9953D4}: NameServer = 212.55.154.174

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

 

 

o hijack ao iniciar deu dois erros nao sei se é normal =X

ESTE :

 

E ESTE :

An unexpected error has occurred at procedure: modMain_CheckOther1Item()

Error #75 - Path/File access error

 

Please email me at merijn@spywareinfo.com, reporting the following:

* What you were trying to fix when the error occurred, if applicable

* How you can reproduce the error

* A complete HijackThis scan log, if possible

 

Windows version: Windows NT 6.00.1904

MSIE version: 7.0.6000.16643

HijackThis version: 1.99.1

 

This message has been copied to your clipboard.

Click OK to continue the rest of the scan.

 

Eu nao percebo nada disto, sera que alguem me "salva" a "vida" ? :unsure:

 

ja agora o meu SO é o windows vista ultimate ^^

[DigRam 144]

Bom Dia! decapitated_blond

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,procure rodar o ComboFix,em Modo de Segurança

.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

---------------------------

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[decapitated_blond 0]

Antes de mais nada obrigado DigRam ^^

 

ComboFix 08-04-29.3 - Marco 2008-04-30 1:01:06.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.419 [GMT 1:00]

Executando de: C:\Users\Marco\Desktop\combo.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))))

.

 

2008-04-30 00:57 . 2008-04-30 00:59 <DIR> d-------- C:\327882R2FWJFW

2008-04-29 10:15 . 2008-04-29 10:15 <DIR> d-------- C:\Users\All Users\Apple Computer

2008-04-29 10:15 . 2008-04-29 10:15 <DIR> d-------- C:\ProgramData\Apple Computer

2008-04-29 10:15 . 2008-04-29 10:17 <DIR> d-------- C:\Program Files\QuickTime

2008-04-29 10:13 . 2008-04-29 10:13 <DIR> d-------- C:\Users\All Users\Apple

2008-04-29 10:13 . 2008-04-29 10:13 <DIR> d-------- C:\ProgramData\Apple

2008-04-29 10:13 . 2008-04-29 10:13 <DIR> d-------- C:\Program Files\Apple Software Update

2008-04-29 05:25 . 2008-04-29 05:29 <DIR> d-------- C:\hijackthis

2008-04-29 04:12 . 2008-04-29 04:22 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-04-29 04:12 . 2008-04-29 04:22 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-04-29 04:12 . 2008-04-29 04:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-04-29 04:11 . 2008-04-29 04:11 9,722,720 --a------ C:\Users\Marco\spybotsd152.exe

2008-04-29 04:10 . 2008-04-29 04:10 <DIR> d-------- C:\Program Files\Safer Networking

2008-04-29 04:00 . 2008-04-29 04:03 <DIR> d-------- C:\Users\Marco\SmitfraudFix

2008-04-29 04:00 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe

2008-04-29 04:00 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe

2008-04-29 04:00 . 2008-04-24 08:10 86,528 --a------ C:\Windows\System32\VACFix.exe

2008-04-29 04:00 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\IEDFix.exe

2008-04-29 04:00 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\404Fix.exe

2008-04-29 04:00 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe

2008-04-29 04:00 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe

2008-04-29 04:00 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe

2008-04-29 04:00 . 2008-04-29 04:02 1,398 --a------ C:\Windows\System32\tmp.reg

2008-04-28 00:23 . 2008-04-28 00:23 <DIR> d-------- C:\Users\Marco\AppData\Roaming\Grisoft

2008-04-28 00:23 . 2008-04-28 00:23 <DIR> d-------- C:\Users\All Users\Grisoft

2008-04-28 00:23 . 2008-04-28 00:23 <DIR> d-------- C:\ProgramData\Grisoft

2008-04-28 00:23 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys

2008-04-28 00:08 . 2008-04-28 00:08 <DIR> d-------- C:\Windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP

2008-04-28 00:08 . 2008-04-28 00:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-27 23:56 . 2008-04-27 23:57 <DIR> d-------- C:\Users\Marco\AppData\Roaming\Simply Super Software

2008-04-27 23:56 . 2008-04-27 23:56 <DIR> d-------- C:\Users\All Users\Simply Super Software

2008-04-27 23:56 . 2008-04-27 23:56 <DIR> d-------- C:\ProgramData\Simply Super Software

2008-04-27 23:56 . 2006-05-25 15:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll

2008-04-27 23:56 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\unrar3.dll

2008-04-27 23:56 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll

2008-04-27 23:56 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll

2008-04-27 23:56 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll

2008-04-26 22:31 . 2008-04-26 22:31 <DIR> d-------- C:\Users\All Users\FLEXnet

2008-04-26 22:31 . 2008-04-26 22:31 <DIR> d-------- C:\ProgramData\FLEXnet

2008-04-26 22:24 . 2008-04-26 23:00 <DIR> d-------- C:\Users\Marco\AppData\Roaming\BSplayer PRO

2008-04-26 22:24 . 2008-04-26 22:24 <DIR> d-------- C:\Program Files\Webteh

2008-04-26 21:29 . 2008-04-26 21:29 <DIR> d-------- C:\Program Files\MSN BackUp

2008-04-25 13:12 . 2007-06-22 23:11 8,888 --a------ C:\Windows\System32\RacUR.xml

2008-04-25 13:12 . 2007-06-27 23:19 150 --a------ C:\Windows\System32\RacUREx.xml

2008-04-24 01:58 . 2008-04-29 03:33 <DIR> d-------- C:\Users\Marco\AppData\Roaming\Azureus

2008-04-24 01:58 . 2008-04-24 01:58 <DIR> d-------- C:\Users\All Users\Azureus

2008-04-24 01:58 . 2008-04-24 01:58 <DIR> d-------- C:\ProgramData\Azureus

2008-04-24 00:54 . 2008-04-24 00:56 <DIR> d-------- C:\Program Files\Azureus

2008-04-23 07:42 . 2008-04-23 09:18 <DIR> d-------- C:\Program Files\coolpro2

2008-04-23 07:35 . 2008-04-23 07:35 <DIR> d-------- C:\Users\All Users\Adobe Systems

2008-04-23 07:35 . 2008-04-23 07:35 <DIR> d-------- C:\ProgramData\Adobe Systems

2008-04-23 07:33 . 2008-04-23 07:33 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared

2008-04-23 04:53 . 2008-04-23 04:53 <DIR> d-------- C:\Users\All Users\eMule

2008-04-23 04:53 . 2008-04-23 04:53 <DIR> d-------- C:\ProgramData\eMule

2008-04-23 04:53 . 2008-04-23 04:53 <DIR> d-------- C:\Program Files\DreMule

2008-04-23 02:26 . 2008-04-30 00:50 <DIR> d-------- C:\Users\Marco\AppData\Roaming\skypePM

2008-04-23 02:26 . 2008-04-23 02:26 32 --a------ C:\Users\All Users\ezsid.dat

2008-04-23 02:26 . 2008-04-23 02:26 32 --a------ C:\ProgramData\ezsid.dat

2008-04-23 02:24 . 2008-04-30 00:50 <DIR> d-------- C:\Users\Marco\AppData\Roaming\Skype

2008-04-23 02:22 . 2008-04-23 02:22 <DIR> d-------- C:\Users\All Users\Skype

2008-04-23 02:22 . 2008-04-23 02:22 <DIR> d-------- C:\ProgramData\Skype

2008-04-23 02:22 . 2008-04-23 02:22 <DIR> d-------- C:\Program Files\Skype

2008-04-23 02:22 . 2008-04-23 02:22 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-04-23 01:27 . 2008-04-23 07:31 <DIR> d-------- C:\Users\All Users\Adobe

2008-04-23 01:24 . 2008-04-29 10:18 <DIR> d-------- C:\Program Files\Bonjour

2008-04-23 01:00 . 2008-04-23 01:00 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-04-23 00:58 . 2008-04-23 07:31 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-04-22 12:54 . 2008-04-22 15:10 132,943,536 --a------ C:\Windows\MEMORY.DMP

2008-04-22 05:55 . 2008-04-22 05:55 <DIR> d-------- C:\Program Files\Creative Labs

2008-04-22 05:55 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe

2008-04-22 05:55 . 1999-07-06 14:13 40,960 --a------ C:\Windows\System32\eax.dll

2008-04-22 05:54 . 2008-04-22 05:54 <DIR> d-------- C:\Program Files\Eidos Interactive

2008-04-22 05:54 . 1998-10-06 18:34 327,168 --a------ C:\Windows\IsUn040a.exe

2008-04-22 05:36 . 2008-04-28 08:41 <DIR> d-------- C:\Program Files\Auto Click Link Buddy

2008-04-22 05:36 . 2008-04-22 05:39 249,856 --------- C:\Windows\Setup1.exe

2008-04-22 05:36 . 2008-04-22 05:39 73,216 --a------ C:\Windows\ST6UNST.EXE

2008-04-22 01:58 . 2008-04-22 01:58 1,152,000 --a------ C:\Windows\System32\themecpl.dll

2008-04-22 01:58 . 2008-04-22 01:58 233,888 --a------ C:\Windows\System32\DreamScene.dll

2008-04-22 01:53 . 2008-04-29 23:57 520,574 --a------ C:\Windows\System32\prfh0816.dat

2008-04-22 01:53 . 2008-04-22 01:49 332,682 --a------ C:\Windows\System32\prfi0816.dat

2008-04-22 01:53 . 2008-04-29 23:57 85,898 --a------ C:\Windows\System32\prfc0816.dat

2008-04-22 01:53 . 2008-04-22 01:49 39,514 --a------ C:\Windows\System32\prfd0816.dat

2008-04-22 01:50 . 2008-04-22 01:50 <DIR> d-------- C:\Windows\System32\pt

2008-04-22 01:50 . 2008-04-22 01:50 <DIR> d-------- C:\Windows\System32\drivers\pt-PT

2008-04-22 01:50 . 2008-04-22 01:50 <DIR> d-------- C:\Windows\System32\0816

2008-04-22 01:50 . 2008-04-22 01:50 <DIR> d-------- C:\Windows\pt-PT

2008-04-22 01:28 . 2008-04-22 01:28 <DIR> d-------- C:\Program Files\BitLocker

2008-04-22 01:17 . 2008-04-23 03:25 <DIR> d-------- C:\Users\All Users\Messenger Plus!

2008-04-22 01:17 . 2008-04-23 03:25 <DIR> d-------- C:\ProgramData\Messenger Plus!

2008-04-22 00:27 . 2008-04-22 00:17 355 -rahs---- C:\Boot.ini.saved

2008-04-22 00:22 . 2008-04-22 00:22 0 --a------ C:\Windows\System32\atiicdxx.dat

2008-04-22 00:20 . 2008-04-22 23:46 <DIR> d-------- C:\Windows\System32\catroot2

2008-04-22 00:20 . 2008-04-21 21:52 <DIR> d-------- C:\Windows\Debug

2008-04-22 00:18 . 2008-04-22 00:18 524,288 --ahs---- C:\Windows\System32\config\systemprofile\ntuser.dat{347e9b52-0ff9-11dd-9d70-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms

2008-04-22 00:18 . 2008-04-22 00:18 524,288 --ahs---- C:\Windows\System32\config\systemprofile\ntuser.dat{347e9b52-0ff9-11dd-9d70-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms

2008-04-22 00:18 . 2008-04-22 00:18 65,536 --ahs---- C:\Windows\System32\config\systemprofile\ntuser.dat{347e9b52-0ff9-11dd-9d70-806e6f6e6963}.TM.blf

2008-04-22 00:17 . 2008-04-22 00:27 <DIR> d-------- C:\Windows\Panther

2008-04-21 23:51 . 2008-04-21 23:51 <DIR> d-------- C:\Program Files\Messenger Plus! Live

2008-04-21 23:42 . 2008-04-21 23:42 <DIR> d-------- C:\Windows\USB Vibration

2008-04-21 23:41 . 2008-04-21 23:41 <DIR> d-------- C:\Program Files\USB Vibration

2008-04-21 22:56 . 2008-04-21 22:56 376,320 --a------ C:\Windows\System32\winsrv.dll

2008-04-21 22:56 . 2008-04-21 22:56 49,664 --a------ C:\Windows\System32\csrsrv.dll

2008-04-21 22:54 . 2008-04-21 22:54 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-04-21 22:54 . 2008-04-21 22:54 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

2008-04-21 22:53 . 2008-04-21 22:53 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll

2008-04-21 22:52 . 2008-04-21 22:52 8,147,968 --a------ C:\Windows\System32\wmploc.DLL

2008-04-21 22:52 . 2008-04-21 22:52 414,208 --a------ C:\Windows\System32\msscp.dll

2008-04-21 22:52 . 2008-04-21 22:52 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll

2008-04-21 22:52 . 2008-04-21 22:52 7,680 --a------ C:\Windows\System32\spwmp.dll

2008-04-21 22:52 . 2008-04-21 22:52 4,096 --a------ C:\Windows\System32\msdxm.ocx

2008-04-21 22:52 . 2008-04-21 22:52 4,096 --a------ C:\Windows\System32\dxmasf.dll

2008-04-21 22:50 . 2008-04-21 22:50 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-04-21 22:50 . 2008-04-21 22:50 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe

2008-04-21 22:50 . 2008-04-21 22:50 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys

2008-04-21 22:50 . 2008-04-21 22:50 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-04-21 22:50 . 2008-04-21 22:50 109,624 --a------ C:\Windows\System32\drivers\ataport.sys

2008-04-21 22:50 . 2008-04-21 22:50 104,448 --a------ C:\Windows\System32\DWWIN.EXE

2008-04-21 22:50 . 2008-04-21 22:50 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys

2008-04-21 22:50 . 2008-04-21 22:50 21,560 --a------ C:\Windows\System32\drivers\atapi.sys

2008-04-21 22:50 . 2008-04-21 22:50 17,464 --a------ C:\Windows\System32\drivers\intelide.sys

2008-04-21 22:49 . 2008-04-21 22:49 1,191,936 --a------ C:\Windows\System32\msxml3.dll

2008-04-21 22:49 . 2008-04-21 22:49 2,048 --a------ C:\Windows\System32\msxml3r.dll

2008-04-21 22:48 . 2008-04-21 22:48 296,448 --a------ C:\Windows\System32\gdi32.dll

2008-04-21 22:19 . 2008-04-24 01:05 <DIR> d-------- C:\Users\Marco\AppData\Roaming\App Launcher Gadget

2008-04-21 22:17 . 2008-04-21 22:17 205,824 --a------ C:\Windows\System32\msoeacct.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-22 00:50 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-22 00:50 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-04-22 00:50 --------- d-----w C:\Program Files\Windows Mail

2008-04-22 00:50 --------- d-----w C:\Program Files\Windows Journal

2008-04-22 00:50 --------- d-----w C:\Program Files\Windows Defender

2008-04-22 00:50 --------- d-----w C:\Program Files\Windows Collaboration

2008-04-22 00:50 --------- d-----w C:\Program Files\Windows Calendar

2008-04-22 00:15 174 --sha-w C:\Program Files\desktop.ini

2008-04-21 22:02 --------- d-----w C:\Program Files\Microsoft Games

2008-04-21 21:16 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2008-04-21 21:16 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2008-04-21 21:16 542,720 ----a-w C:\Windows\System32\sysmain.dll

2008-04-21 21:16 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2008-04-21 21:16 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2008-04-21 21:16 297,984 ----a-w C:\Windows\System32\wlansec.dll

2008-04-21 21:16 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2008-04-21 21:16 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys

2008-04-21 21:16 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2008-04-21 21:16 2,923,520 ----a-w C:\Windows\explorer.exe

2008-04-21 21:01 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-04-21 21:01 57,856 ----a-w C:\Windows\System32\SLUINotify.dll

2008-04-21 21:01 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll

2008-04-21 21:01 39,936 ----a-w C:\Windows\System32\slcinst.dll

2008-04-21 21:01 351,232 ----a-w C:\Windows\System32\SLUI.exe

2008-04-21 21:01 33,280 ----a-w C:\Windows\System32\slwmi.dll

2008-04-21 21:01 268,288 ----a-w C:\Windows\System32\mcbuilder.exe

2008-04-21 21:01 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2008-04-21 21:01 223,232 ----a-w C:\Windows\System32\SLC.dll

2008-04-21 21:01 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe

2008-04-21 21:01 2,048 ----a-w C:\Windows\System32\asferror.dll

2008-04-21 21:01 186,368 ----a-w C:\Windows\System32\SLLUA.exe

2008-04-21 20:56 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-04-21 20:56 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-04-21 20:56 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-04-21 20:56 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-04-21 20:56 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-04-21 20:49 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-04-21 20:49 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-04-21 20:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-04-21 20:49 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-04-21 19:32 --------- d-sh--w C:\ProgramData\Modelos

2008-04-21 19:32 --------- d-sh--w C:\ProgramData\Menu Iniciar

2008-04-21 19:32 --------- d-sh--w C:\ProgramData\Favoritos

2008-04-21 19:32 --------- d-sh--w C:\ProgramData\Documentos

2008-04-21 19:32 --------- d-sh--w C:\ProgramData\Dados de aplicativos

2008-04-21 19:32 --------- d-sh--w C:\Program Files\Common Files\Sistema

2008-04-21 19:32 --------- d-sh--w C:\Program Files\Arquivos Comuns

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-21 21:54 1232896]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-04-24 00:27 5724184]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:33 201728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-04-21 22:55 1006264]

"autoclk"="autoclk.exe" [2005-07-21 10:34 143360 C:\Windows\autoclk.exe]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37 79224]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{892F3445-F21B-4D1E-8059-9BF3D953EF6A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{BE25B750-3FDD-4A38-8739-E3418ED57A2F}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{FBF202DA-FD12-428A-B43B-8FB237BAF9B8}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"TCP Query User{3AD56562-9061-4059-8996-887CB0D1C684}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{0D6E7D90-A37C-4AD6-81F9-B23B1E174A4C}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"TCP Query User{C32547F3-CE3F-495C-92E8-289084947674}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{10F13C87-EDF0-44C9-AEF0-50D753D2258A}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{057E3C2E-B32E-44B2-BA67-01BFB89E6F40}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{8F91D345-401C-4B9F-9A46-E3C1FBC76640}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{8474412F-2A76-4CE2-9613-6A6C17E56B6B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{65BECB5B-3BD0-4934-AF59-109E85B33FC1}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{F664AF02-B90F-44D2-BBFE-C25DA2F50152}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{64F8422E-3992-4A44-A7FC-33797548A1F9}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"TCP Query User{6DE800BC-CE57-418E-BE12-7075E8DE6BF0}C:\\program files\\msn backup\\msnbackup.exe"= UDP:C:\program files\msn backup\msnbackup.exe:MSN BackUp

"UDP Query User{F56EB67D-6E82-4DED-91CF-A51E9F0971FF}C:\\program files\\msn backup\\msnbackup.exe"= TCP:C:\program files\msn backup\msnbackup.exe:MSN BackUp

"{9811F3E0-B368-4CD1-AD10-DC1689EDE4B0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{D0053B25-751F-448C-8AF0-D7461C9F1CA8}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{6C44F481-4455-45AD-912B-6950944F9F58}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"{9A51F1FA-CAE8-4375-878C-7C705CA22F6C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{996F218E-ABF3-431A-AD33-7C9C496803AE}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 18:31]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 18:35]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 18:32]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-04-21 21:03]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

GPSvcGroup REG_MULTI_SZ GPSvc

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-30 01:04:34

Windows 6.0.6000 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 2

 

**************************************************************************

.

Tempo para conclusão: 2008-04-30 1:06:03

ComboFix-quarantined-files.txt 2008-04-30 00:05:23

 

Pre-Run: 7,827,365,888 bytes disponíveis

Post-Run: 7,711,911,936 bytes disponíveis

 

249 --- E O F --- 2008-04-26 02:01:14

 

 

 

 

________________________________________________________________________________

____

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:10:19, on 30-04-2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\autoclk.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\Explorer.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\rundll32.exe

C:\hijackthis\HijackThis.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [autoclk] autoclk.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Marco\AppData\Local\Temp\fccbYoNF.dll,c

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Marco\AppData\Local\Temp\yayxyvwx.dll,#1

O4 - HKCU\..\Run: [1c879655] rundll32.exe "C:\Users\Marco\AppData\Local\Temp\heetlvyy.dll",b

O4 - HKCU\..\Run: [bM1fb4a5c9] Rundll32.exe "C:\Users\Marco\AppData\Local\Temp\xuehxlvj.dll",s

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{25AC8041-0A06-4745-A339-5F09FC9953D4}: NameServer = 212.55.154.174

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

 

--

End of file - 5262 bytes

 

 

:grin:

[DigRam 144]

Bom Dia! decapitated_blond

 

Abra o Spybot.

No menu superior, vá em Modo e selecione a opção Avançado.Confirme!

Clique no botão Ferramentas e depois em Residente.

Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

Saia do Programa e reinicie o computador!

---------------------------------

>@< Faça o download do LopS&D.

>@< Salve-o no Disco Local-C.

>@< Instale o programa e clique em: LopSD.cmd

>@< Na janela que abrir,aperte o "p" >> Aperte Enter.

>@< Em outra janela,aperte a opção 2 >> Aperte Enter >> Aguarde!

>@< Fique atento(a) às indicações do Avast e,tudo que encontrar,pode deletar.

>@< Terminando,salve e poste o relatório. ( C:\lopR.txt )

>@< Poste,também,HJT atualizado.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.