[Arquivado] Algo no internet explorer

[cassiano óliver 1]

Desde ontem que meu IE7 abri sites de jogos sozinho...

tem como resolver isso???

[DigRam 144]

<!> Boa Noite! cassiano óliver

 

>@< Faça o download do HijackThis.

>@< Baixe-o para o Disco Local-C e estabeleça uma pasta própria para o programa.

>@< Temos como exemplo: < C:\HijackThis.exe > ou < C:\HijackThis\HijackThis.exe >

>@< Mas,não execute-o ainda!

>@< Para que o Log do HijackThis saia completo,vá em Iniciar >> Executar.

>@< Digite: msconfig >> Ok.

>@< Na guia Inicializar,marque tôdos os ítens e confirme!

>@< Reinicie o computador!

>@< Abra o HijackThis e clique em Do a system scan and save a logfile.

>@< Abrir-se-á um Bloco de Notas!

>@< Selecione e copie o seu conteúdo,para este Tópico. Não crie outro!

 

Abraços!

[Pablo RD 5]

será que isso não é simplesmentes as propagandas irritantes dos sites?

[cassiano óliver 1]

será que isso não é simplesmentes as propagandas irritantes dos sites?

Acho que não, a cada hora abri um site diferente, de jogo, de anti-virus, de casino...

aff..

<!> Boa Noite! cassiano óliver

 

>@< Faça o download do HijackThis.

>@< Baixe-o para o Disco Local-C e estabeleça uma pasta própria para o programa.

>@< Temos como exemplo: < C:\HijackThis.exe > ou < C:\HijackThis\HijackThis.exe >

>@< Mas,não execute-o ainda!

>@< Para que o Log do HijackThis saia completo,vá em Iniciar >> Executar.

>@< Digite: msconfig >> Ok.

>@< Na guia Inicializar,marque tôdos os ítens e confirme!

>@< Reinicie o computador!

>@< Abra o HijackThis e clique em Do a system scan and save a logfile.

>@< Abrir-se-á um Bloco de Notas!

>@< Selecione e copie o seu conteúdo,para este Tópico. Não crie outro!

vou fazer isso!

[cassiano óliver 1]

segue o log...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:48:05, on 6/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Apache Group\Apache\Apache.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\Apache Group\Apache\Apache.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\DOCUME~1\CASSIA~1\CONFIG~1\Temp\UIUCU.EXE

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Pilot Group LLC\Save Flash 2.4.20\SaveFlash.dll

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\CASSIA~1\CONFIG~1\Temp\UIUCU.EXE -CLEAN_UP -S

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [e44c7b79] rundll32.exe "C:\WINDOWS\system32\degphvcn.dll",b

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [bMe77f48e5] Rundll32.exe "C:\WINDOWS\system32\lbwbghvu.dll",s

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O4 - Global Startup: Register Mask Pro 3.0.lnk = ?

O4 - Global Startup: Register Mask Pro 4.lnk = C:\Arquivos de programas\onOne Software\Mask Pro 4.1\Register Mask Pro 4.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: Apache - Unknown owner - C:\Arquivos de programas\Apache Group\Apache\Apache.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe

 

--

End of file - 6011 bytes

[DigRam 144]

Boa Noite! cassiano óliver

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

---------------------------------

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[cassiano óliver 1]

log hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:24:29, on 7/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Apache Group\Apache\Apache.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\mysql\bin\mysqld-nt.exe

C:\Arquivos de programas\Apache Group\Apache\Apache.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Arquivos de programas\Pilot Group LLC\Save Flash 2.4.20\SaveFlash.dll

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7BBE3B9E-AB3F-4DB1-B64C-FA0CFC742A5D}: NameServer = 200.202.193.75 200.222.0.34

O20 - Winlogon Notify: awtSmJAS - awtSmJAS.dll (file missing)

O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\

O23 - Service: Apache - Unknown owner - C:\Arquivos de programas\Apache Group\Apache\Apache.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe

 

--

End of file - 4296 bytes

 

logo combofix

ComboFix 08-05-01.3 - Cassiano Designer 2008-05-06 22:15:05.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1660 [GMT -3:00]

Executando de: C:\Documents and Settings\Cassiano Designer\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\awtSmJAS.dll

C:\WINDOWS\system32\degphvcn.dll

C:\WINDOWS\system32\gqktvvhw.ini

C:\WINDOWS\system32\kneeslwb.ini

C:\WINDOWS\system32\KTBKlUtv.ini

C:\WINDOWS\system32\KTBKlUtv.ini2

C:\WINDOWS\system32\ncvhpged.ini

C:\WINDOWS\system32\vtUlKBTK.dll

C:\WINDOWS\system32\yaywvuUM.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))))

.

 

2008-05-06 21:59 . 2008-05-06 21:59 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-06 18:11 . 2008-05-06 18:11 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-05-06 17:45 . 2008-05-06 17:45 2,112 --a------ C:\WINDOWS\system32\rluyyuoj.exe

2008-05-05 11:32 . 2008-05-05 11:32 38 --a------ C:\WINDOWS\AviSplitter.INI

2008-05-05 09:47 . 2008-05-06 18:09 109,796 --a------ C:\WINDOWS\BMe77f48e5.xml

2008-05-05 09:42 . 2008-05-05 15:31 <DIR> d-------- C:\Arquivos de programas\Apollo 3GP Video Converter

2008-05-04 23:42 . 2008-05-04 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-05-04 22:13 . 2008-05-05 00:45 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-05-04 10:05 . 2004-01-27 20:50 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll

2008-05-04 10:05 . 2004-01-27 20:51 290,816 --a------ C:\WINDOWS\system32\3ivxDSDecoder.ax

2008-04-25 09:35 . 2008-04-25 09:35 6,656 --ahs---- C:\WINDOWS\Thumbs.db

2008-04-25 09:35 . 2008-04-25 09:35 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db

2008-04-13 11:45 . 2008-04-13 11:45 <DIR> d-------- C:\Documents and Settings\Visitantes\Dados de aplicativos\Corel

2008-04-07 10:12 . 2008-04-07 10:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Corel

2008-04-07 10:12 . 2008-04-07 10:12 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Protexis

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-07 01:16 26,553,888 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-07 01:16 2,223,392 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-07 01:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-05-07 01:07 361,544 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-07 01:07 213,524 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-05-05 02:38 --------- d-----w C:\Arquivos de programas\eMule

2008-05-02 13:26 2,516 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-04-24 00:02 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-04-07 13:09 --------- d-----w C:\Arquivos de programas\Corel

2008-04-02 12:29 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat

2008-03-23 22:33 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-03-21 01:19 --------- d-----w C:\Documents and Settings\Cassiano Designer\Dados de aplicativos\PHP Designer 2007

2008-03-21 01:10 --------- d-----w C:\Arquivos de programas\phpDesigner 2007 Professional

2008-03-21 00:54 8 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\AD37252DE5.sys

2008-03-21 00:54 --------- d-----w C:\Documents and Settings\Cassiano Designer\Dados de aplicativos\Corel

2008-03-19 19:33 --------- d-----w C:\Documents and Settings\Cassiano Designer\Dados de aplicativos\Thinstall

2008-03-10 13:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\{A850D4D9-871B-4234-908D-21C457767270}

2008-03-10 13:49 --------- d-----w C:\Arquivos de programas\WinFlip

2008-03-10 13:49 --------- d-----w C:\Arquivos de programas\VisualTaskTips

2008-03-10 13:49 --------- d-----w C:\Arquivos de programas\VistaDriveIcon

2008-03-10 13:49 --------- d-----w C:\Arquivos de programas\TrueTransparency

2008-03-10 13:49 --------- d-----w C:\Arquivos de programas\Thoosje Sidebar V2.3

2008-03-10 13:49 --------- d-----w C:\Arquivos de programas\Styler

2008-03-10 13:49 --------- d-----w C:\Arquivos de programas\Blaero Start Orb

2008-01-07 01:34 56 --sh--r C:\WINDOWS\system32\E52D2537AD.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 19:50 200768]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 23:45 159744]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:45 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtSmJAS]

awtSmJAS.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk

backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Register Mask Pro 3.0.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Register Mask Pro 3.0.lnk

backup=C:\WINDOWS\pss\Register Mask Pro 3.0.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Register Mask Pro 4.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Register Mask Pro 4.lnk

backup=C:\WINDOWS\pss\Register Mask Pro 4.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-ra------ 2005-05-03 07:43 69632 C:\WINDOWS\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe77f48e5]

C:\WINDOWS\system32\lbwbghvu.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

--a------ 2005-05-19 10:47 57344 C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-03 23:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]

--a------ 2006-10-26 18:48 434528 C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e44c7b79]

C:\WINDOWS\system32\degphvcn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 15:30 249856 c:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 15:30 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2007-02-07 15:21 54832 C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-03 23:56 1667584 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2008-02-26 17:03 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-01-23 22:38 7700480 C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-01-23 22:38 86016 C:\WINDOWS\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-01-23 22:38 1622016 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2007-02-07 15:24 71216 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-ra------ 2006-04-17 04:34 16143872 C:\WINDOWS\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]

--a------ 2004-06-10 12:48 286720 C:\WINDOWS\vsnpstd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU]

C:\DOCUME~1\CASSIA~1\CONFIG~1\Temp\UIUCU.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"odserv"=3 (0x3)

"ose"=3 (0x3)

"RichVideo"=2 (0x2)

"usnjsvc"=3 (0x3)

"WLSetupSvc"=3 (0x3)

"NVSvc"=2 (0x2)

"FLEXnet Licensing Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"Autodesk Licensing Service"=3 (0x3)

"PSI_SVC_2"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Arquivos de programas\\NetMeeting\\conf.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Documents and Settings\\Cassiano Designer\\Dados de aplicativos\\Thinstall\\{BF06C1DB-62A4-4504-B2E9-3AFC754752F5}\\40000096200002i\\phpDesigner2008.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

 

R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-05-18 10:34]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Arquivos de programas\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]

S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_2k.sys [2006-05-12 04:15]

S4 PSI_SVC_2;Protexis Licensing V2;"c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]

 

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-06 22:16:51

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySQL]

"ImagePath"="C:\mysql\bin\mysqld-nt MySQL"

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\C:\Arquivos de programas\CyberLink\PowerDVD\000.fcl"

.

Tempo para conclusão: 2008-05-06 22:19:22

ComboFix-quarantined-files.txt 2008-05-07 01:18:20

 

Pre-Run: 24,488,046,592 bytes disponíveis

Post-Run: 24,475,242,496 bytes disponíveis

 

179 --- E O F --- 2008-02-22 12:59:41

[DigRam 144]

Bom Dia! cassiano óliver

 

>@< DELETE: C:\QooBox << Pertence ao ComboFix!

-----------------------------------

>@< Faça o download da EliStarA.

>@< Na página,clique no botão: Descargar EliStarA v xx.xx,que fica situado ao pé da página.

>@< Salve a ferramenta no Disco Local-C,em uma pasta própria.

>@< Faça o download do ELINOTIF.DLL.

>@< Salve-o,no interior da pasta criada para EliStarA! << Importante!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpyware.

>@< Reinicie o computador em Modo de Segurança.

>@< Vá ao ícone de EliStarA e execute-a!

>@< Aguarde,com paciência,o término do scan,e aceite o exploratório.

>@< Terminando,será gerado um relatório ( infoSat.txt ),no Disco Local-C.

>@< A ferramenta deletará,a sua página inicial,posteriormente voçê à configurará novamente.

>@< Reinicie,normalmente,o computador!

>@< Faça e poste,na sua resposta: infoSat.txt + HJT,atualizado.

 

Abraços!

[cassiano óliver 1]

ok, farei isso...

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.