[Arquivado] Pc está cheio de virus

[thiago alecrim 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:36:16, on 19/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSync2.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\cmpe.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Puxa Rápido\PuxaRapido.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Atualizador - Puxa Rápido] C:\Arquivos de programas\Puxa Rápido\Atualiza.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1134585022109

O17 - HKLM\System\CCS\Services\Tcpip\..\{00AA6D4D-8E59-4BC8-A6D2-6D6076ACD582}: NameServer = 200.165.132.154 200.149.55.142

O17 - HKLM\System\CS1\Services\Tcpip\..\{00AA6D4D-8E59-4BC8-A6D2-6D6076ACD582}: NameServer = 200.165.132.154 200.149.55.142

O17 - HKLM\System\CS2\Services\Tcpip\..\{00AA6D4D-8E59-4BC8-A6D2-6D6076ACD582}: NameServer = 200.165.132.154 200.149.55.142

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 6329 bytes

 

 

ComboFix 08-06-19.1 - thiago boot 2008-06-19 22:39:11.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.200 [GMT -3:00]

Executando de: C:\Documents and Settings\thiago boot\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))))

.

 

2008-06-19 17:54 . 2008-06-19 18:22 <DIR> d----c--- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-06-19 17:48 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-06-19 17:48 . 2008-06-19 17:48 421 --a------ C:\WINDOWS\ODBC.INI

2008-06-19 17:46 . 2008-06-19 17:47 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-06-19 17:46 . 2008-06-19 17:46 <DIR> d----c--- C:\Arquivos de programas\Microsoft.NET

2008-06-19 17:43 . 2008-06-19 17:43 <DIR> dr-h-c--- C:\MSOCache

2008-06-19 14:37 . 2008-06-19 14:37 <DIR> d----c--- C:\Arquivos de programas\MSXML 6.0

2008-06-18 19:38 . 2008-06-18 19:38 <DIR> d----c--- C:\Arquivos de programas\MSBuild

2008-06-18 19:32 . 2008-06-18 19:32 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-06-18 19:31 . 2008-06-18 19:31 <DIR> d----c--- C:\Arquivos de programas\Reference Assemblies

2008-06-18 19:30 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-06-17 21:34 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2008-06-17 21:34 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

2008-06-17 21:16 . 2008-06-17 21:16 <DIR> d-------- C:\WINDOWS\Nova pasta

2008-06-17 20:29 . 2008-06-17 20:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-06-17 20:29 . 2008-06-17 20:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-06-17 19:39 . 2008-06-17 19:39 <DIR> d----c--- C:\Arquivos de programas\Arquivos comuns\PCSuite

2008-06-17 19:39 . 2008-06-17 19:39 <DIR> d----c--- C:\Arquivos de programas\Arquivos comuns\Nokia

2008-06-17 19:38 . 2008-06-17 19:38 <DIR> d----c--- C:\Arquivos de programas\PC Connectivity Solution

2008-06-17 19:38 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-06-17 19:37 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-06-17 19:37 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-06-17 19:37 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys

2008-06-17 19:37 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys

2008-06-17 19:37 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2008-06-17 19:37 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2008-06-17 19:35 . 2008-06-17 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Installations

2008-06-16 23:01 . 2008-06-16 23:01 <DIR> d-------- C:\Documents and Settings\thiago boot\Dados de aplicativos\Sony

2008-06-14 18:27 . 2008-06-14 18:27 1,004 --a------ C:\Documents and Settings\THIAGO~1.INI

2008-06-14 18:26 . 2008-06-14 18:26 <DIR> d--h----- C:\WINDOWS\PIF

2008-06-14 18:26 . 2008-06-14 18:26 2,855 --a--c--- C:\DBI.PIF

2008-06-14 18:26 . 2008-06-14 18:27 1,004 --a--c--- C:\BIOSLOCK.INI

2008-06-14 18:15 . 2008-06-18 19:42 <DIR> d-------- C:\Documents and Settings\thiago boot\Dados de aplicativos\Nokia

2008-06-14 18:09 . 2008-06-17 21:35 <DIR> d--hs---- C:\Documents and Settings\thiago boot\Phone Browser

2008-06-14 17:15 . 2008-06-17 18:17 <DIR> d-------- C:\Documents and Settings\thiago boot\Dados de aplicativos\Nokia Multimedia Player

2008-06-14 17:09 . 2008-06-17 19:38 <DIR> d----c--- C:\Arquivos de programas\DIFX

2008-06-14 17:08 . 2008-06-17 21:35 <DIR> d-------- C:\Documents and Settings\thiago boot\Dados de aplicativos\PC Suite

2008-06-14 17:08 . 2008-06-17 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2008-06-14 17:08 . 2008-06-18 19:40 <DIR> d----c--- C:\Arquivos de programas\Nokia

2008-06-14 17:08 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-06-14 17:07 . 2008-06-17 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Downloaded Installations

2008-06-14 16:42 . 2008-06-14 16:43 <DIR> d----c--- C:\Arquivos de programas\ACD Systems

2008-06-14 16:42 . 2000-05-17 09:40 317,952 --a------ C:\WINDOWS\system32\Roboex32.dll

2008-06-14 16:42 . 1998-10-30 14:02 144,896 --a------ C:\WINDOWS\system32\Jgdw500.dll

2008-06-14 16:42 . 1998-10-30 14:03 15,872 --a------ C:\WINDOWS\system32\Jgpl500.dll

2008-06-14 16:42 . 1998-10-30 14:03 13,312 --a------ C:\WINDOWS\system32\Jgst500.dll

2008-06-14 16:42 . 1998-10-30 14:02 11,264 --a------ C:\WINDOWS\system32\Jgid500.dll

2008-06-14 16:42 . 1998-10-30 14:02 11,264 --a------ C:\WINDOWS\system32\Jgar500.dll

2008-06-14 16:42 . 1998-10-30 14:02 7,168 --a------ C:\WINDOWS\system32\Jgme500.dll

2008-06-13 23:39 . 2008-06-13 23:39 1,028 --a--c--- C:\so alegria.rar

2008-06-13 23:29 . 2008-04-23 04:14 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-06-13 23:29 . 2007-04-17 06:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-06-13 23:29 . 2007-03-08 02:12 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-06-13 23:29 . 2008-04-23 04:14 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-06-13 23:29 . 2008-04-23 04:14 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-06-13 23:29 . 2008-04-23 04:14 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-06-13 23:29 . 2008-04-23 04:14 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-06-13 23:29 . 2008-04-23 04:14 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-06-13 23:29 . 2008-04-22 04:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-13 23:28 . 2008-06-13 23:30 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-06-13 23:09 . 2008-06-13 23:09 <DIR> d----c--- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-06-13 23:07 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll

2008-06-13 22:11 . 2008-06-13 22:11 <DIR> d----c--- C:\Arquivos de programas\NSIS

2008-06-13 20:45 . 2008-04-14 12:52 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-13 20:45 . 2008-04-14 12:52 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-13 20:03 . 2008-06-13 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-06-13 17:45 . 2008-06-13 17:45 <DIR> d----c--- C:\Arquivos de programas\Sony

2008-06-13 17:45 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll

2008-06-13 17:45 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll

2008-06-13 17:45 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll

2008-06-13 17:45 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll

2008-06-13 17:45 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx

2008-06-13 17:45 . 2008-06-13 17:45 156,910 --a------ C:\WINDOWS\WMSysPr8.prx

2008-06-13 17:44 . 2008-06-13 17:44 <DIR> d----c--- C:\Arquivos de programas\Sony Setup

2008-06-13 17:41 . 2008-06-16 20:01 <DIR> d-------- C:\Documents and Settings\thiago boot\Dados de aplicativos\Hamachi

2008-06-13 17:41 . 2008-06-13 17:41 <DIR> d----c--- C:\Arquivos de programas\Hamachi

2008-06-13 17:41 . 2008-06-13 17:41 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2008-06-13 17:39 . 2008-06-19 14:31 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-06-13 17:33 . 2008-06-13 17:32 74,454 --a------ C:\WINDOWS\system32\Oemlogo.bmp

2008-06-13 17:33 . 2008-06-13 17:22 69 --a------ C:\WINDOWS\system32\Oeminfo.ini

2008-06-13 17:15 . 2008-06-13 17:15 <DIR> d----c--- C:\Arquivos de programas\Yahoo!

2008-06-13 17:14 . 2008-06-13 17:15 <DIR> d----c--- C:\Arquivos de programas\CCleaner

2008-06-13 16:58 . 2008-06-18 01:31 <DIR> d-------- C:\Documents and Settings\thiago boot\Contacts

2008-06-13 16:57 . 2008-06-17 19:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-06-13 16:47 . 2008-06-13 16:47 <DIR> d----c--- C:\Arquivos de programas\Windows Media Connect 2

2008-06-13 16:45 . 2008-06-13 16:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-06-13 16:45 . 2008-06-17 21:36 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-06-13 16:45 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-06-13 16:42 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-06-13 16:42 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-06-13 16:42 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-06-13 16:41 . 2008-06-13 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-06-13 16:41 . 2008-06-13 16:57 <DIR> d----c--- C:\Arquivos de programas\Windows Live

2008-06-13 16:41 . 2008-06-13 16:46 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-19 23:55 --------- d-----w C:\Documents and Settings\thiago boot\Dados de aplicativos\Lightcomm

2008-06-19 19:14 --------- dc----w C:\Arquivos de programas\Puxa Rápido

2008-06-13 02:49 --------- dc----w C:\Arquivos de programas\S3

2008-06-13 02:47 --------- dc----w C:\Arquivos de programas\VIA

2008-06-13 02:46 --------- dc----w C:\Arquivos de programas\On-line Help Console

2008-06-13 02:35 --------- dc----w C:\Arquivos de programas\microsoft frontpage

2008-06-13 02:33 --------- dc----w C:\Arquivos de programas\Serviços on-line

2008-06-13 02:32 --------- dc----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 07:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:49 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-14 18:09 68856]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

"PC Suite Tray"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Atualizador - Puxa Rápido"="C:\Arquivos de programas\Puxa Rápido\Atualiza.exe" [ ]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^thiago boot^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

path=C:\Documents and Settings\thiago boot\Menu Iniciar\Programas\Inicializar\hamachi.lnk

backup=C:\WINDOWS\pss\hamachi.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

--a--c--- 2008-02-12 09:06 262401 C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conexão Oi Velox]

C:\Arquivos de programas\Oi Velox\Conexão\pppoe.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\desp2k]

--a--c--- 2006-08-03 15:05 65536 C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

--a--c--- 2008-03-26 18:41 1232896 C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

C:\Arquivos de programas\VIA\RAID\raid_t

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

-ra------ 2005-06-20 10:42 77824 C:\WINDOWS\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a--c--- 2008-06-14 18:09 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]

--a------ 2004-08-04 00:45 143872 C:\WINDOWS\system32\mobsync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

C:\ARQUIV~1\SYMANT~1\VPTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

-ra------ 2005-03-07 16:33 53248 C:\WINDOWS\system32\VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

-ra------ 2005-03-11 06:33 147456 C:\WINDOWS\system32\VTTrayp.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 10:11]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-09 23:09]

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-19 22:42:40

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

C:\WINDOWS\0.log 0 bytes

 

Varredura completada com sucesso

Ficheiros ocultos: 1

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-06-19 22:46:07 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-20 01:46:01

 

Pre-Run: 72,759,754,752 bytes disponíveis

Post-Run: 72,817,254,400 bytes dispon¡veis

 

212 --- E O F --- 2008-06-19 17:37:50

 

 

MSNFix 1.725

 

C:\Documents and Settings\thiago boot\Desktop\MSNFix

Fix lançado dia --- 20/06/2008 - 0:11:18,43 By thiago boot

modo normal

 

************************ Procurando os arquivos presentes

 

... C:\??????.exe

... C:\WINDOWS\WinLogT.exe

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

 

 

************************ Apagando os arquivos

 

.. OK ... C:\??????.exe

.. OK ... C:\WINDOWS\WinLogT.exe

 

 

 

************************ Limpeza do registro

 

 

 

Os arquivos ainda presentes serão apagado no proximo boot

 

 

Nenhum arquivo encontrado

 

 

 

************************ Arquivos suspeitos

 

/!\ Estes arquivos necessitam de uma opiniao de alguem competente antes de qualquer intervencao

 

[C:\DBI.PIF] 0EFA6498C735FFCF70D9D3814C4DB3F3

 

==> Por favor não esqueça de mandar o arquivo C:\DOCUME~1\THIAGO~1\Desktop\Upload_Me.zip no http://upload.changelog.fr

 

 

 

Os arquivos e as chaves do registro apagados foram salvos no arquivo --- 20062008_ 0170340.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

 

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 19/6/2008 - 23:26

-------------------------------------------------------

Lista de Definição: 2008-05-10-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

[Silas Martins 0]

Baixe o SDFix e e arquive na sua área de trabalho.

 

*Execute o SDFix.exe[/b] clicando duas vezes sobre ele.

* Permitam-lo para instalar na localização padrão, que é normalmente c: \ SDFix

* Agora, por favor, reinicie o computador em modo de segurança (Reinicie o computador e segure a tecla F8 sem solta-la até que seja disponibilizada a tela onde você opte por modo de segurança)

* Depois de ter arrancado em modo seguro, abra o C: \ SDFix pasta e dê um duplo clique em RunThis.bat para iniciar o script.

* Aperte Y para iniciar a limpeza do processo.

* Ele irá remover qualquer Tróia ou Serviços Secretaria entradas encontradas e, em seguida, pedir-lhe para pressione qualquer tecla para reiniciar.

* Pressione qualquer tecla e ele irá reiniciar o PC.

* Quando o PC reinicia a Fixtool irá correr de novo e completar o processo de remoção exibição terminados em seguida, pressione qualquer tecla para terminar o script e carregar seu desktop ícones.

* Depois de a carregar os ícones desktop SDFix relatório será aberta a tela e também em salvar a pasta SDFix como Report.txt.

*Poste o Report.txt juntamente com novo log do hijackthis gerado em modo normal.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.