[Arquivado] virus protejaseudrive

[rfsm 0]

Prezados,

estou com o virus protejaseudrive e já tentei várias ferramentas sem sucesso, inclusive meu antivirus: mcafee. Se alguém puder me ajudar, eu agradeço. Tenho sistema Vista. coloco abaixo o log que recebi do aplicativo hijackthis.

 

Muito obrigado,

Ricardo

 

Logfile of HijackThis v1.99.1

Scan saved at 17:18:23, on 05/07/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

 

Running processes:

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\taskeng.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\sprscore.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\wpcumi.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\BitComet\BitComet.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\rundys32.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

C:\Windows\system32\rundll32.exe

C:\Windows\System32\mobsync.exe

C:\Windows\explorer.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Windows\system32\rundll32.exe

C:\Downloads\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [stezinit] C:\Windows\sprscore.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [bM5d8c7c2a] Rundll32.exe "C:\Users\ADMINI~1\AppData\Local\Temp\lqykkvrs.dll",s

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\xxyxWMeF.dll,c

O4 - HKCU\..\Run: [5ebf4fb6] rundll32.exe "C:\Users\ADMINI~1\AppData\Local\Temp\vemcbmjt.dll",b

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: McAfee Application Installer Cleanup (0284201214096102) (0284201214096102mcinstcleanup) - - (no file)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[Silas Martins 0]

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

[rfsm 0]

Prezado Sr. Silas,

 

Executei o procedimento conforme sua orientação. Segue abaixo a listagem de hijackthis.txt e combofix.txt.

 

Aguardo instruções.

 

atenciosamente,

Ricardo

 

ComboFix 08-07-05.1 - administrador 2008-07-05 23:35:01.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1932 [GMT -3:00]

Running from: C:\Users\administrador\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Users\administrador\AppData\Roaming\inst.exe

C:\Windows\system32\x64

 

.

((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))

.

 

2008-07-02 12:59 . 2008-07-02 12:59 <DIR> d-------- C:\Users\Ana Cecilia\AppData\Roaming\Talkback

2008-06-28 06:45 . 2008-06-28 09:24 <DIR> d-------- C:\SDAT

2008-06-27 17:49 . 2006-12-12 10:04 163,840 --a------ C:\Windows\System32\igfxres.dll

2008-06-23 15:07 . 2008-07-02 10:48 <DIR> dr------- C:\Users\Ana Cecilia\Documents

2008-06-22 22:05 . 2008-06-22 22:23 <DIR> d-------- C:\VundoFix Backups

2008-06-22 21:24 . 2008-06-22 21:24 524,288 --ahs---- C:\ntuser.dat{9cd7b3c0-4086-11dd-ba02-00188bdef1c0}.TMContainer00000000000000000002.regtrans-ms

2008-06-22 21:24 . 2008-06-22 22:51 524,288 --ahs---- C:\ntuser.dat{9cd7b3c0-4086-11dd-ba02-00188bdef1c0}.TMContainer00000000000000000001.regtrans-ms

2008-06-22 21:24 . 2008-06-22 21:24 524,288 --ahs---- C:\ntuser.dat{9cd7b3bc-4086-11dd-ba02-00188bdef1c0}.TMContainer00000000000000000002.regtrans-ms

2008-06-22 21:24 . 2008-06-22 21:24 524,288 --ahs---- C:\ntuser.dat{9cd7b3bc-4086-11dd-ba02-00188bdef1c0}.TMContainer00000000000000000001.regtrans-ms

2008-06-22 21:24 . 2008-06-22 22:42 262,144 --a------ C:\ntuser.dat

2008-06-22 21:24 . 2008-06-22 22:51 65,536 --ahs---- C:\ntuser.dat{9cd7b3c0-4086-11dd-ba02-00188bdef1c0}.TM.blf

2008-06-22 21:24 . 2008-06-22 21:24 65,536 --ahs---- C:\ntuser.dat{9cd7b3bc-4086-11dd-ba02-00188bdef1c0}.TM.blf

2008-06-22 21:24 . 2008-06-22 22:42 5,120 --ah----- C:\ntuser.dat.LOG1

2008-06-22 21:24 . 2008-06-22 21:24 0 --ah----- C:\ntuser.dat.LOG2

2008-06-21 23:42 . 2008-06-21 23:42 <DIR> d-------- C:\Users\All Users\WindowsSearch

2008-06-21 23:42 . 2008-06-21 23:42 <DIR> d-------- C:\ProgramData\WindowsSearch

2008-06-21 23:03 . 2008-06-21 23:03 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-06-21 22:33 . 2008-06-27 15:38 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-06-21 22:33 . 2008-06-27 15:38 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-06-21 22:33 . 2008-06-27 15:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-21 20:39 . 2008-06-21 20:39 <DIR> d-------- C:\PerfLogs

2008-06-21 10:43 . 2008-06-21 10:44 <DIR> d-------- C:\Users\Public\fotos ana 21.06.08

2008-06-17 17:35 . 2008-06-17 17:35 <DIR> d-------- C:\Meus documentos WebEx

2008-06-17 17:17 . 2008-06-17 17:17 <DIR> d-------- C:\Users\Ana Cecilia\WebEx

2008-06-17 17:17 . 2008-06-17 17:18 <DIR> d-------- C:\Users\Ana Cecilia\AppData\Roaming\webex

2008-06-17 17:17 . 2008-06-17 17:17 <DIR> d-------- C:\Users\All Users\WebEx

2008-06-17 17:17 . 2008-06-17 17:17 <DIR> d-------- C:\ProgramData\WebEx

2008-06-15 19:05 . 2008-06-15 19:05 <DIR> d-------- C:\Users\Ana Cecilia\AppData\Roaming\Nero

2008-06-15 14:05 . 2008-06-15 14:05 <DIR> d-------- C:\Users\administrador\AppData\Roaming\Talkback

2008-06-15 12:12 . 2008-06-15 12:12 <DIR> d-------- C:\Users\Eduardo\AppData\Roaming\Nero

2008-06-15 10:40 . 2008-06-15 10:40 <DIR> d-------- C:\Users\Pedro\AppData\Roaming\Talkback

2008-06-15 10:34 . 2008-06-15 10:34 <DIR> d-------- C:\Users\Pedro\AppData\Roaming\Nero

2008-06-15 08:53 . 2008-06-15 08:53 <DIR> d-------- C:\Users\Carolina\AppData\Roaming\Talkback

2008-06-15 08:51 . 2008-06-15 08:51 <DIR> d-------- C:\Users\Carolina\AppData\Roaming\Nero

2008-06-14 22:05 . 2008-06-14 22:05 <DIR> d-------- C:\Program Files\NeroInstall.bak

2008-06-14 21:54 . 2008-06-14 21:54 <DIR> d-------- C:\Users\administrador\AppData\Roaming\Nero

2008-06-14 21:52 . 2008-04-23 01:42 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-06-14 21:52 . 2008-04-23 01:42 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-06-14 21:52 . 2008-04-23 01:41 218,624 --a------ C:\Windows\System32\psisrndr.ax

2008-06-14 21:52 . 2008-01-19 04:33 80,896 --a------ C:\Windows\System32\MSNP.ax

2008-06-14 21:52 . 2008-01-19 04:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax

2008-06-14 21:52 . 2008-04-23 01:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax

2008-06-14 21:39 . 2008-06-14 21:39 <DIR> d-------- C:\Users\All Users\Nero

2008-06-14 21:39 . 2008-06-14 21:39 <DIR> d-------- C:\ProgramData\Nero

2008-06-14 21:39 . 2008-06-14 21:39 <DIR> d-------- C:\Program Files\Nero

2008-06-14 21:39 . 2008-06-14 21:47 <DIR> d-------- C:\Program Files\Common Files\Nero

2008-06-14 21:16 . 2008-06-14 21:16 <DIR> d-------- C:\Windows\Mozilla

2008-06-14 21:16 . 2008-06-14 21:16 0 --a------ C:\Windows\nsreg.dat

2008-06-14 21:05 . 2008-06-14 21:05 <DIR> d-------- C:\Program Files\MediaCoder

2008-06-10 21:10 . 2008-04-24 23:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-06-10 21:10 . 2008-04-25 01:35 826,880 --a------ C:\Windows\System32\wininet.dll

2008-06-10 19:39 . 2008-04-26 05:08 1,314,816 --a------ C:\Windows\System32\quartz.dll

2008-06-10 19:27 . 2008-05-09 22:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys

2008-06-08 22:59 . 2008-06-08 23:48 <DIR> d-------- C:\Users\administrador\AppData\Roaming\Vso

2008-06-08 22:59 . 2008-06-08 22:59 <DIR> d-------- C:\Program Files\DVDFab 5

2008-06-08 22:59 . 2008-06-08 22:59 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys

2008-06-08 22:59 . 2008-06-08 22:59 47,360 --a------ C:\Users\administrador\AppData\Roaming\pcouffin.sys

2008-06-08 22:32 . 2008-06-08 22:32 <DIR> d-------- C:\Program Files\Common Files\SWF Studio

2008-06-08 22:31 . 2000-06-22 13:49 842,240 --a------ C:\Windows\System32\ir414422.rra

2008-06-08 22:31 . 2000-06-23 10:36 745,984 --a------ C:\Windows\System32\ir504931.rra

2008-06-08 22:31 . 2000-06-26 11:57 202,240 --a------ C:\Windows\System32\ir324615.rra

2008-06-08 22:31 . 2000-06-23 14:06 192,000 --a------ C:\Windows\System32\iac2470f.rra

2008-06-08 22:31 . 2000-06-22 18:11 145,408 --a------ C:\Windows\System32\Ivfs4a2a.rra

2008-06-08 22:27 . 2008-06-08 22:27 <DIR> d-------- C:\Program Files\LucasArts

2008-06-07 19:32 . 2008-06-30 22:10 <DIR> d-------- C:\Users\administrador\AppData\Roaming\skypePM

2008-06-07 19:32 . 2008-06-07 19:32 32 --a------ C:\Users\All Users\ezsid.dat

2008-06-07 19:32 . 2008-06-07 19:32 32 --a------ C:\ProgramData\ezsid.dat

2008-06-07 19:12 . 2008-06-07 19:12 <DIR> d-------- C:\Program Files\Common Files\Skype

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-05 11:07 --------- d-----w C:\Program Files\McAfee

2008-07-01 02:34 --------- d-----w C:\Users\administrador\AppData\Roaming\Skype

2008-06-26 14:46 --------- d-----w C:\Users\administrador\AppData\Roaming\SiteAdvisor

2008-06-22 10:08 --------- d-----w C:\Users\administrador\AppData\Roaming\D-Link Media Server

2008-06-22 01:08 --------- d-----w C:\ProgramData\McAfee

2008-06-22 01:01 --------- d-----w C:\Program Files\SiteAdvisor

2008-06-21 23:56 174 --sha-w C:\Program Files\desktop.ini

2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Sidebar

2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Mail

2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Journal

2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Defender

2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Collaboration

2008-06-21 23:44 --------- d-----w C:\Program Files\Windows Calendar

2008-06-21 23:01 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-06-21 23:01 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-06-19 22:51 --------- d-----w C:\Users\Pedro\AppData\Roaming\SiteAdvisor

2008-06-09 01:28 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-07 22:37 --------- d-----w C:\ProgramData\DVD Shrink

2008-06-07 22:12 --------- d-----w C:\ProgramData\Skype

2008-06-07 22:12 --------- d-----w C:\Program Files\Skype

2008-05-27 23:19 --------- d-----w C:\Users\Carolina\AppData\Roaming\SiteAdvisor

2008-05-26 01:21 --------- d-----w C:\Program Files\BitLocker

2008-05-26 01:18 --------- d-----w C:\Program Files\Microsoft Games

2008-05-26 01:17 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-21 18:07 --------- d-----w C:\Users\Ana Cecilia\AppData\Roaming\SiteAdvisor

2008-05-15 06:07 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-11 20:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe

2008-02-27 15:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-02-27 15:22 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-02-27 15:22 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 04:33 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 04:33 125952]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 04:33 202240]

"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-03-27 04:06 7092024]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-12 10:02 98304]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-12 10:03 106496]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-12-12 10:02 81920]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"stezinit"="C:\Windows\sprscore.exe" [2007-04-22 12:38 724992]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 09:33 176128]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-03-13 15:42 73728]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-03-13 15:42 8425472]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-03-13 15:42 81920]

 

C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM 101784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]

backup=C:\Windows\pss\Event Planner Reminders Tray Icon.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^administrador^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^D-Link Media Server.lnk]

backup=C:\Windows\pss\D-Link Media Server.lnk.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5ebf4fb6

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5d8c7c2a

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2008-03-27 04:06 7092024 C:\Program Files\BitComet\BitComet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2008-02-28 17:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]

--a------ 2007-08-03 22:33 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]

--a------ 2007-11-30 05:42 1164576 C:\PROGRA~1\McAfee\MHN\McENUI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]

--a------ 2007-02-09 14:18 36904 C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{509CDB8A-E5C5-4417-B030-5D4F77F649DA}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{C916445A-A2E1-485F-9B3F-FA79E6344074}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{F8A21B42-5653-4AE6-9798-407DF8B97686}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{FA1320AA-C7A9-4FD4-A723-45CF7DAB2B93}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{97B09293-C71A-4D38-836F-E2285D69B10C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{79E8AE58-C6C1-4959-8F5E-83C79569A954}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{E4C3E3C2-1E6F-4A98-B5B3-855D5208C33C}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{8477D68D-E84B-4D13-A323-FCBA534D928A}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{491436DF-45C0-49B7-8670-5039A9F2878B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{77D8212F-05E9-4274-B985-650ECCC27804}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{2C3306B6-DCF7-4055-94C3-A5E7110A6CC3}"= UDP:18444:BitComet 18444 TCP

"{06708002-746F-4DF8-9C8F-E6D2FF12FC82}"= TCP:18444:BitComet 18444 UDP

"{FA16A787-E957-460B-8EE1-9AE9FF8B79F7}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{6E5F5096-8658-4DF1-A0BB-7C8BBDDEEAD4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

R3 b57nd60x;%SvcDispName%;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 01:25]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

GPSvcGroup REG_MULTI_SZ GPSvc

 

*Newly Created Service* - CATCHME

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

.

Contents of the 'Scheduled Tasks' folder

"2008-05-15 13:09:59 C:\Windows\Tasks\McDefragTask.job"

- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'

"2008-06-01 04:00:55 C:\Windows\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

"2008-07-05 19:26:36 C:\Windows\Tasks\User_Feed_Synchronization-{FF3AAD01-EFCD-43F8-B8EE-C6FC21507060}.job"

- C:\Windows\system32\msfeedssync.exe

.

- - - - ORPHANS REMOVED - - - -

 

ShellIconOverlayIdentifiers-{b75ab0c8-03d5-4592-9821-a48d54d66b14} - MssShellExt.dll

MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-05 23:39:34

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-07-05 23:42:04

ComboFix-quarantined-files.txt 2008-07-06 02:42:01

 

Pre-Run: 99,092,213,760 bytes free

Post-Run: 99,244,834,816 bytes free

 

230 --- E O F --- 2008-06-25 06:00:35

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 23:45:36, on 05/07/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

 

Running processes:

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\mobsync.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\sprscore.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\rundys32.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\Windows\Explorer.exe

C:\Downloads\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [stezinit] C:\Windows\sprscore.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: McAfee Application Installer Cleanup (0284201214096102) (0284201214096102mcinstcleanup) - - (no file)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[Silas Martins 0]

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

 

Processo elaborado e formatado por :Jgarcia

[rfsm 0]

Prezado Silas,

 

Segue o log do programa active scan panda.

 

at.,

 

Ricardo

 

;*******************************************************************************

*********************************************************************************

*******************

ANALYSIS: 2008-07-13 17:29:33

PROTECTIONS: 3

MALWARE: 90

SUSPECTS: 1

;*******************************************************************************

*********************************************************************************

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

=================================================================================

===================

Windows Defender 1.1.2503.0 No Yes

McAfee Internet Security Suite 2007 8.1 No No

McAfee VirusScan Plus 12.1 No No

;===============================================================================

=================================================================================

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

=================================================================================

===================

00013919 W97M/Ethan.BE Virus No 0 Yes No rm2004-2\curricula & resumes1\cv\curricprop.doc

00013919 W97M/Ethan.BE Virus No 0 Yes No rm2004-2\curricula & resumes\cv\curricprop.doc

00013919 W97M/Ethan.BE Virus No 0 Yes No rm2004-2\curricula & resumes1\cv\curricprop.doc

00013919 W97M/Ethan.BE Virus No 0 Yes No rm2004-2\curricula & resumes\cv\curricprop.doc

00024266 VBS/Help Virus/Worm No 1 Yes No rm2004-2\rmenezes\FELIZ NATAL E UM PROSPERO ANO NOVO - FLT SPORTS BOLLETTIERI

00024266 VBS/Help Virus/Worm No 1 Yes No rm2004-2\rmenezes\FELIZ NATAL E UM PROSPERO ANO NOVO - FLT SPORTS BOLLETTIERI

00024266 VBS/Help Virus/Worm No 1 Yes No rm2004-2\rmenezes\FELIZ NATAL E UM PROSPERO ANO NOVO - FLT SPORTS BOLLETTIERI

00024266 VBS/Help Virus/Worm No 1 Yes No rm2004-2\rmenezes\FELIZ NATAL E UM PROSPERO ANO NOVO - FLT SPORTS BOLLETTIERI

00024402 Exploit/iFrame HackTools No 0 Yes No archive folders\deleted items\re: [britishschool-pta] lembrete - pta meeting\att00000.html

00047758 W32/Bagle.AW.worm Virus/Worm No 0 Yes No personal folders\inbox\foto\fotos.zip[foto.htm]

00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI789F.tmp

00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI6556.tmp

00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PIE2BA.tmp

00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PIE492.tmp

00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PIEA6E.tmp

00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI601C.tmp

00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI5CEC.tmp

00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI5014.tmp

00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI4D38.tmp

00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PIF372.tmp

00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PIFC69.tmp

00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PI6960.tmp

00047896 Exploit/MS04-028.gen HackTools No 0 Yes No C:\Users\Pedro\AppData\Local\Temp\~PID75F.tmp

00048371 Trj/Citifraud.A Virus/Trojan No 1 Yes No rm2004-2\caixa de entrada\0fficiaI Information For CIient Of CitiBank [sat, 18 Sep 2004 18:22:54 -0500]

00048371 Trj/Citifraud.A Virus/Trojan No 1 Yes No rm2004-2\caixa de entrada\0fficiaI Information For CIient Of CitiBank [sat, 18 Sep 2004 18:22:54 -0500]

00049305 Joke/Jepruss Jokes No 0 Yes No ana cecilia\pedro\this is the best get well present!\operation flashpoint,age of empires 2,cossacks,+most other games.exe

00049305 Joke/Jepruss Jokes No 0 Yes No ana cecilia\pedro\espetacular\operation flashpoint,age of empires 2,cossacks,+most other games.exe

00049305 Joke/Jepruss Jokes No 0 Yes No ana cecilia\pedro\enc: this is the best get well present!\operation flashpoint,age of empires 2,cossacks,+most other games.exe

00049305 Joke/Jepruss Jokes No 0 Yes No ana cecilia\pedro\this is the best christmas present!\operation flashpoint,age of empires 2,cossacks,+most other games.exe

00116976 W32/Bagle.AW.worm Virus/Worm No 0 Yes No personal folders\inbox\foto\fotos.zip[1/calc.exe]

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.trafficmp.com/]

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.trafficmp.com/]

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.trafficmp.com/]

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@trafficmp[1].txt

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.trafficmp.com/]

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.trafficmp.com/]

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@casalemedia[2].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@casalemedia[1].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@casalemedia[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\Low\administrador@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.doubleclick.net/]

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\administrador@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Eduardo\AppData\Roaming\Microsoft\Windows\Cookies\eduardo@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\Low\administrador@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.atdmt.com/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\pedro@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.atdmt.com/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Cookies\Low\ricardo@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@atdmt[2].txt

00139535 Application/Processor HackTools No 0 No No C:\Downloads\VirtumundoBeGone.exe[²ƒÇ]

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@tradedoubler[2].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@tradedoubler[2].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@tradedoubler[2].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@247realmedia[1].txt

00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@bfast[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@fastclick[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@fastclick[1].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@fastclick[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@fastclick[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@tribalfusion[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@tribalfusion[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@mediaplex[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@mediaplex[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@mediaplex[1].txt

00145792 Cookie/SexList TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@sexlist[1].txt

00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@linksynergy[2].txt

00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@ccbill[1].txt

00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@revenue[2].txt

00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@revenue[2].txt

00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@www.myaffiliateprogram[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@com[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@com[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@com[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@yadro[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@yadro[1].txt

00167681 Cookie/Dbbsrv TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@dbbsrv[1].txt

00167681 Cookie/Dbbsrv TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@dbbsrv[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.xiti.com/]

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@xiti[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@xiti[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@xiti[1].txt

00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@gostats[2].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@azjmp[2].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@azjmp[2].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.toplist.cz/]

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@toplist[2].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@toplist[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@statcounter[2].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@statcounter[2].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@statcounter[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@statcounter[2].txt

00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@counter.hitslink[1].txt

00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@counter.hitslink[1].txt

00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@counter1.sextracker[1].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@perf.overture[1].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@perf.overture[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Mozilla\Firefox\Profiles\mwmc9gsm.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Mozilla\Firefox\Profiles\mwmc9gsm.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-4.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-4.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-4.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-4.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-1.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-1.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Mozilla\Firefox\Profiles\mwmc9gsm.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\Low\administrador@ad.yieldmanager[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-1.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-1.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-1.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Local\VirtualStore\Program Files\MediaCoder\xulapp\AppData\Roaming\Mozilla\Firefox\Profiles\p7ijz2on.default\cookies-4.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Mozilla\Firefox\Profiles\mwmc9gsm.default\cookies.txt[ad.yieldmanager.com/]

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\administrador@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[ad.yieldmanager.com/]

00168057 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@counter10.sextracker[2].txt

00168058 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@counter4.sextracker[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@apmebf[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@apmebf[1].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@burstnet[1].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@burstnet[1].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@burstnet[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@serving-sys[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@serving-sys[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.serving-sys.com/]

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\pedro@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@bs.serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@bs.serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@bs.serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@bs.serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\pedro@bs.serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.bs.serving-sys.com/]

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@bs.serving-sys[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@www.burstbeacon[2].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@weborama[2].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@weborama[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@adtech[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@adtech[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@adtech[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@server.iad.liveperson[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@server.iad.liveperson[1].txt

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@stat.onestat[2].txt

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@stat.onestat[1].txt

00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@fl01.ct2.comclick[1].txt

00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@fl01.ct2.comclick[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Cookies\Low\ricardo@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@advertising[1].txt

00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@sextracker[2].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@media.adrevolver[3].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@statse.webtrendslive[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@statse.webtrendslive[2].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@statse.webtrendslive[3].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@statse.webtrendslive[4].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@ads.pointroll[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@ads.pointroll[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@ads.pointroll[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@ads.pointroll[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\pedro@ads.pointroll[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@ads.pointroll[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.ads.pointroll.com/]

00170540 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Cookies\Low\ricardo@de.uol.com[1].txt

00170540 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@de.uol.com[1].txt

00170540 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@de.uol.com[1].txt

00170540 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@de.uol.com[1].txt

00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@fortunecity[2].txt

00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\Low\administrador@ig.com[2].txt

00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@ig.com[1].txt

00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@ig.com[1].txt

00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@ig.com[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@overture[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.overture.com/]

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@overture[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@overture[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@realmedia[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@realmedia[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@realmedia[1].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\Low\administrador@terra.com[1].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@terra.com[1].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Cookies\Low\ricardo@terra.com[2].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@terra.com[2].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@terra.com[1].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.terra.com.br/]

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Cookies\Low\ricardo@uol.com[1].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\pedro@uol.com[1].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\ana_cecilia@uol.com[1].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\administrador@uol.com[1].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.uol.com.br/]

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@uol.com[2].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@uol.com[2].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\administrador\AppData\Roaming\Microsoft\Windows\Cookies\Low\administrador@uol.com[1].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.uol.com.br/]

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@uol.com[1].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@uol.com[2].txt

00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@www5.addfreestats[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@questionmarket[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.questionmarket.com/]

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@questionmarket[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@questionmarket[2].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@zedo[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@zedo[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@zedo[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@zedo[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@bluestreak[2].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@bluestreak[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@bluestreak[1].txt

00173992 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@c5.zedo[1].txt

00180153 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@counter2.sextracker[1].txt

00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@xxxcounter[1].txt

00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@phg.hitbox[2].txt

00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@phg.hitbox[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@adrevolver[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@adrevolver[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@adrevolver[1].txt

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@bravenet[1].txt

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@bravenet[1].txt

00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@bravenet[1].txt

00188043 Cookie/adstat TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@ad.stat.4u[1].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@adultfriendfinder[2].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.adultfriendfinder.com/]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\eyuiyjce.default\cookies.txt[.adultfriendfinder.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@go[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@go[2].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@searchportal.information[1].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@searchportal.information[1].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@target[1].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@did-it[1].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@adviva[2].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@adviva[2].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@adviva[2].txt

00209833 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@acesso.uol.com[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@atwola[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@atwola[2].txt

00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@www1.addfreestats[1].txt

00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@www1.addfreestats[1].txt

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@ehg-dig.hitbox[2].txt

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Ana Cecilia\AppData\Roaming\Microsoft\Windows\Cookies\Low\ana_cecilia@ehg-dig.hitbox[2].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@ads.addynamix[1].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\Low\carolina@citi.bridgetrack[2].txt

00519333 Application/Processor HackTools No 0 Yes No C:\Downloads\VirtumundoBeGone.exe

01298745 W32/Badtrans.B.worm Virus/Worm No 0 Yes No archive folders\deleted items\re: [britishschool-pta] lembrete - pta meeting\readme.mp3.scr

01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Mozilla\Firefox\Profiles\pg37djdi.default\cookies.txt[.adserver.easyad.info/]

01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@adserver.easyad[1].txt

01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Carolina\AppData\Roaming\Microsoft\Windows\Cookies\carolina@adserver.easyad[1].txt

02261869 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@counter12.sextracker[1].txt

02513660 Adware/VideoAddon Adware No 0 No No C:\Users\Pedro\Documents\Favorites\Links\setup.exe[²ÜÇ\refr.dll]

02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Cookies\Low\pedro@advancedcleaner[1].txt

02901703 Application/DriveProteccion HackTools No 0 No No C:\Downloads\xmoto-0.3.4-win32-setup.exe[sqlite3.dll]

;===============================================================================

=================================================================================

===================

SUSPECTS

Sent Location %)J@s5

;===============================================================================

=================================================================================

===================

No C:\VundoFix Backups\nnnMFVoL.dll.bad %)J@s5

;===============================================================================

=================================================================================

===================

VULNERABILITIES

Id Severity Description %)J@s5

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

[Silas Martins 0]

Estarei em breve retornando com uma resposta para você saber como agir

[rfsm 0]

muito obrigado.

 

boa noite.

 

Ricardo

[Silas Martins 0]

Baixe o SDFix e e arquive na sua área de trabalho.

 

*Execute o SDFix.exe[/b] clicando duas vezes sobre ele.

* Permitam-lo para instalar na localização padrão, que é normalmente c: \ SDFix

* Agora, por favor, reinicie o computador em modo de segurança (Reinicie o computador e segure a tecla F8 sem solta-la até que seja disponibilizada a tela onde você opte por modo de segurança)

* Depois de ter arrancado em modo seguro, abra o C: \ SDFix pasta e dê um duplo clique em RunThis.bat para iniciar o script.

* Aperte Y para iniciar a limpeza do processo.

* Ele irá remover qualquer Tróia ou Serviços Secretaria entradas encontradas e, em seguida, pedir-lhe para pressione qualquer tecla para reiniciar.

* Pressione qualquer tecla e ele irá reiniciar o PC.

* Quando o PC reinicia a Fixtool irá correr de novo e completar o processo de remoção exibição terminados em seguida, pressione qualquer tecla para terminar o script e carregar seu desktop ícones.

* Depois de a carregar os ícones desktop SDFix relatório será aberta a tela e também em salvar a pasta SDFix como Report.txt.

*Poste o Report.txt juntamente com novo log do hijackthis gerado em modo normal.

[rfsm 0]

Prezado Silas,

 

boa tarde.

 

Infelizmente este último procedimento não funcionou. Baixei o SDFIX, reiniciei p WINDOWS VISTA em modo seguro e cliquei duas vezes em RunThis.bat, porém o programa não executa (abre a tela de prompt por 1 segundo, ela fecha e nada acontece). O que devo fazer ?

 

atenciosamente,

 

Ricardo

[Silas Martins 0]

Peço que realize o download do Ad-aware versão 2007 e scaneie o compoutador, tal software (Ad-aware pode ser encontrado no www.baixaki.com.br) Feito isso:

 

Siga as Instruções:

Baixe o MSNfix.

Salve na área de trabalho, e descompacte ele, após isto, clique duas vezes em MSNFix.bat

Vai se abrir a tela MSN_Fix-menu nela aperte a opçãp R, será dado inicio ao scaneamento.

Caso o scan detecte algo irá aparecer a seguinte informação: Infection Presente, aperte enter, e prossiga.

Caso queira interromper o processo aperte a tecla Q

Na finalização vai se abrir o bloco de notas com um log, selecione todo ele e copie, que se encontra na pasta msnfix.txt.

Poste juntamente um novo log do Hijackthis

 

Aguardo o retorno.

[rfsm 0]

Prezado Silas,

 

Bom dia.

 

segue abaixo o log do MSNFIX e do Hijackthis. Aguardo sua orientação. Desde já muito obrigado.

 

Atenciosamente,

 

Ricardo

 

MSNFix 1.737

 

C:\Downloads\MSNFix\MSNFix

Scan done at 10/08/2008 - 7:36:36,56 By administrador

normal mode

 

************************ Checking Files

 

No files found

 

************************ Checking Folders

 

No Folders Found

 

 

************************ Suspect Files

 

No files found

 

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\Windows\system32\userinit.exe,

 

------------------------------------------------------------------------

Author : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 11:33:15, on 10/08/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\PROGRA~1\Maxtor\MANAGE~1\msssort.exe

C:\PROGRA~1\Maxtor\MSSBAC~1\MaxBackService.exe

C:\PROGRA~1\Maxtor\ONETOU~1\MaxMenuMgr.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\sprscore.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\wpcumi.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\BitComet\BitComet.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\rundll32.exe

C:\Windows\rundys32.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Windows\explorer.exe

C:\Windows\system32\conime.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\Windows\system32\wuauclt.exe

C:\Downloads\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [stezinit] C:\Windows\sprscore.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: McAfee Application Installer Cleanup (0284201214096102) (0284201214096102mcinstcleanup) - - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[Silas Martins 0]

Baixe o Malwarebytes Anti-Malware

 

 

* Inicie a instalação clique em "mbam-setup.exe";

* Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir.

* Marque "Verificação Rápida" e depois clique em Verificar.

* Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

* Se algo for detectado, veja se tudo está marcado e clique em "Remover";

* O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

* Copie e cole esse log, juntamente com o novo log do hijacktihis .

Aguado o retorno.

 

Off-topic: Delete os arquivos temporários

[rfsm 0]

Prezado Silas,

 

bom dia.

 

Segue o log do Malwarebytes e do Hijackthis.

 

Deletei os arquivos temporários através da tela "propriedades" do disco C. Está correto ?

 

Aguardo sua orientação.

 

atenciosamente,

 

Ricardo

 

 

 

Malwarebytes' Anti-Malware 1.24

Database version: 1040

Windows 6.0.6001 Service Pack 1

 

08:26:15 11/08/2008

mbam-log-8-11-2008 (08-26-11).txt

 

Scan type: Quick Scan

Objects scanned: 57169

Time elapsed: 6 minute(s), 56 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

Logfile of HijackThis v1.99.1

Scan saved at 08:43:07, on 11/08/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

 

Running processes:

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRA~1\Maxtor\MANAGE~1\msssort.exe

C:\PROGRA~1\Maxtor\MSSBAC~1\MaxBackService.exe

C:\PROGRA~1\Maxtor\ONETOU~1\MaxMenuMgr.exe

C:\Windows\sprscore.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\wpcumi.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\D-Link Media Server\MediaGUI.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\D-Link Media Server\MediaServer.exe

C:\Windows\rundys32.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Downloads\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [stezinit] C:\Windows\sprscore.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: D-Link Media Server.lnk = C:\Program Files\D-Link Media Server\MediaGUI.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: McAfee Application Installer Cleanup (0284201214096102) (0284201214096102mcinstcleanup) - - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[Silas Martins 0]

Sim esta correto.

Siga as instruções abaixo:

 

Faça o download do VundoFix no link : http://www.atribune.org/ccount/click.php?id=4

 

Clique duas vezes em VundoFix.exee ele ira iniciar.

 

Ao abrir o VundoFix clique em scan for Vundo. Espere acabar o scan. Terminado o scan clique em Remove Vundo

 

Irá aparecer um alerta khe indagando se deseja remover os arquivos. Clique em YES. Suaárea de trabalho irá sumir, mas não se preocupe isto é padrão. Reinicie o pc para que se complete o scan, clique em [OK

 

Retorne com o log do VundoFix que se encontra em C:\vundofix.txt juntamente com um novo log do hijackthis

 

 

Aguardo Retorno

[rfsm 0]

Prezado Silas,

 

boa noite.

 

o programa fixvundo não acusou a presença de nenhum virus. segue o log do fixvundo e do hijackthis.

 

aguardo orientação.

 

atenciosamente,

 

Ricardo

 

 

VundoFix V7.0.6

 

 

VundoFix V7.0.6

 

Scan started at 23:19:13 11/08/2008

 

Listing files found while scanning....

 

No infected files were found.

 

Logfile of HijackThis v1.99.1

Scan saved at 23:44:12, on 11/08/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

 

Running processes:

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRA~1\Maxtor\MANAGE~1\msssort.exe

C:\Windows\sprscore.exe

C:\PROGRA~1\Maxtor\MSSBAC~1\MaxBackService.exe

C:\PROGRA~1\Maxtor\ONETOU~1\MaxMenuMgr.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\wpcumi.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\D-Link Media Server\MediaGUI.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\rundys32.exe

C:\Program Files\D-Link Media Server\MediaServer.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe

C:\Windows\explorer.exe

C:\Downloads\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [stezinit] C:\Windows\sprscore.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: D-Link Media Server.lnk = C:\Program Files\D-Link Media Server\MediaGUI.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: McAfee Application Installer Cleanup (0284201214096102) (0284201214096102mcinstcleanup) - - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[Silas Martins 0]

Baixe o PenClean

siga as instruções abaixo para eliminar as ameaças.

Selecione a opção verificar computador e clique no botão Verificar.

O exame é bem rápido e caso o programa encontre algum programa malicioso surgirá uma janela pedindo para reiniciar o computador, clique em Sim.

O relatório do PenClean, ou log, é salvo na pasta C:\PenClean\PenClean.txt, poste também um novo log do hijackthis

[rfsm 0]

Prezado Silas,

 

boa noite.

 

segue os logs do programa penclean e hijackthis.

 

aguardo novas instruções.

 

atenciosamente,

 

Ricardo

 

Iniciando relatório do PenClean 2.0.3

Por Renato Victor Mejias

renatomejias@yahoo.com.br

15/08/2008 20:28:46

-----------------------------------------------------------

Arquivos e chaves excluídos do computador:

 

Malware não detectado no computador!

 

-----------------------------------------------------------

Fim da análise no computador.

 

-----------------------------------------------------------

Arquivos e chaves excluídos do computador:

 

Malware não detectado no computador!

 

-----------------------------------------------------------

Fim da análise no computador.

 

-----------------------------------------------------------

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:32:58, on 15/08/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

 

Running processes:

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\PROGRA~1\Maxtor\MANAGE~1\msssort.exe

C:\PROGRA~1\Maxtor\MSSBAC~1\MaxBackService.exe

C:\PROGRA~1\Maxtor\ONETOU~1\MaxMenuMgr.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\sprscore.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\wpcumi.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\D-Link Media Server\MediaGUI.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\D-Link Media Server\MediaServer.exe

C:\Windows\rundys32.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\Windows\system32\conime.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Windows\System32\mobsync.exe

C:\Windows\Explorer.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Downloads\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [stezinit] C:\Windows\sprscore.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: D-Link Media Server.lnk = C:\Program Files\D-Link Media Server\MediaGUI.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: McAfee Application Installer Cleanup (0284201214096102) (0284201214096102mcinstcleanup) - - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[rfsm 0]

Prezado Silas,

 

boa tarde.

 

Como devo proceder após o envio do último diagnóstico ?

 

atenciosamente,

 

Ricardo

[Silas Martins 0]

Delete o combofix, e siga as instruções abaixo:

Baixe o ComboFix e salve na área de trabalho.

 

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

 

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.