[Resolvido!]6A.tmp (aparece este aviso constantemente)

[lumis 0]

Logfile of HijackThis v1.99.1

Scan saved at 23:51:13, on 16-08-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SupportAppPT\ztemon.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\Programas\Apoint2K\Apoint.exe

C:\Programas\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programas\TOSHIBA\E-KEY\CeEKey.exe

C:\Programas\TOSHIBA\TouchPad\TPTray.exe

C:\Programas\TOSHIBA\Accessibility\FnKeyHook.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Programas\TOSHIBA\Controlos TOSHIBA\TFncKy.exe

C:\Programas\TOSHIBA\Tvs\TvsTray.exe

C:\Programas\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Programas\Windows Defender\MSASCui.exe

C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\DOCUME~1\Toshiba\DEFINI~1\Temp\setup1020.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Programas\Apoint2K\Apntex.exe

C:\DOCUME~1\Toshiba\DEFINI~1\Temp\6A.tmp

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\dwwin.exe

C:\Programas\MODEM MF620\Modem.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Toshiba\DEFINI~1\Temp\Rar$EX01.188\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Apoint] C:\Programas\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PadTouch] C:\Programas\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Programas\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Programas\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programas\TOSHIBA\Accessibility\FnKeyHook.exe

O4 - HKLM\..\Run: [HWSetup] C:\Programas\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Programas\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Tvs] C:\Programas\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [upgConfVer] "C:\Programas\Panda Software\Panda Platinum 2006 Internet Security\UpgConf.exe" /v:10.02.01

O4 - HKLM\..\Run: [PPFW] c:\programas\panda software\panda platinum 2006 internet security\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:platinum /mod:3 /flg:2 /ver:10.2.1

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Mobile Phonetools] C:\Documents and Settings\Toshiba\Ambiente de trabalho\mphonetools.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [TOSCDSPD] C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [somefox] C:\DOCUME~1\Toshiba\DEFINI~1\Temp\setup1020.exe

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programas\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: CD do software adicional.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{215ACA7A-BF22-41D5-B114-948F353DBD40}: NameServer = 212.55.154.174 10.11.12.14

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

[DigRam 144]

Bom Dia! lumis

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\lopR.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[lumis 0]

Bom Dia! lumis

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\lopR.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

 

 

Conforme vossas instruções aqui ficam os dois relatorios.

 

 

--------------------\\ Lop S&D 4.2.3-0 XP/Vista

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Toshiba ] [ "C:\Lop SD" ] [ Selection : 2 ]

[ 17-08-2008 | 15:13:05 ] [ PC : LUIS (Proc:x86) ]

[ MAJ : 17-08-2008 | 01:58 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\DOCUME~1\Toshiba\Cookies\toshiba@adultfriendfinder[1].txt

Deletado! - C:\DOCUME~1\Toshiba\Cookies\toshiba@partypoker[2].txt

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em APPLIC~1

 

[17-09-2007|01:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[29-03-2005|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini

[13-02-2008|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[15-06-2006|22:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[29-10-2005|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MobilityManager

[31-10-2005|01:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[15-11-2005|18:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[17-02-2007|12:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

[02-03-2008|23:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

[30-03-2005|08:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe

[30-03-2005|08:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeUM

[29-03-2005|12:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini

[29-03-2005|10:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[31-03-2005|10:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[30-03-2005|08:46] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic

[30-03-2005|08:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[30-03-2005|08:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\toshiba

 

[29-03-2005|12:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[25-10-2005|23:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Bytemobile

[29-03-2005|12:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

[17-09-2007|01:33] C:\DOCUME~1\Toshiba\APPLIC~1\Adobe

[05-08-2008|13:07] C:\DOCUME~1\Toshiba\APPLIC~1\AdobeUM

[29-03-2005|12:07] C:\DOCUME~1\Toshiba\APPLIC~1\desktop.ini

[16-03-2008|21:13] C:\DOCUME~1\Toshiba\APPLIC~1\Google

[17-10-2005|20:38] C:\DOCUME~1\Toshiba\APPLIC~1\Help

[25-10-2005|23:16] C:\DOCUME~1\Toshiba\APPLIC~1\ICS

[29-03-2005|10:29] C:\DOCUME~1\Toshiba\APPLIC~1\Identities

[19-10-2005|22:46] C:\DOCUME~1\Toshiba\APPLIC~1\InterVideo

[17-09-2007|01:39] C:\DOCUME~1\Toshiba\APPLIC~1\Leadertech

[25-10-2005|22:37] C:\DOCUME~1\Toshiba\APPLIC~1\Macromedia

[25-04-2007|16:10] C:\DOCUME~1\Toshiba\APPLIC~1\Microsoft

[17-10-2005|20:30] C:\DOCUME~1\Toshiba\APPLIC~1\Microsoft Web Folders

[26-07-2008|15:36] C:\DOCUME~1\Toshiba\APPLIC~1\Mozilla

[30-03-2005|08:46] C:\DOCUME~1\Toshiba\APPLIC~1\Sonic

[28-10-2005|21:49] C:\DOCUME~1\Toshiba\APPLIC~1\Sun

[20-10-2005|15:42] C:\DOCUME~1\Toshiba\APPLIC~1\Symantec

[25-10-2005|22:58] C:\DOCUME~1\Toshiba\APPLIC~1\toshiba

[25-10-2005|23:20] C:\DOCUME~1\Toshiba\APPLIC~1\Vodafone Mobile Connect

[08-06-2006|10:53] C:\DOCUME~1\Toshiba\APPLIC~1\Windows Live Safety Center

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[17-08-2008 13:21][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job

[16-10-2005 20:50][--a------] C:\WINDOWS\tasks\Lembrete do registo 3.job

[09-10-2005 23:50][--a------] C:\WINDOWS\tasks\Lembrete do registo 2.job

[02-10-2005 23:05][--a------] C:\WINDOWS\tasks\Lembrete do registo 1.job

[17-08-2008 13:18][--ah-----] C:\WINDOWS\tasks\SA.DAT

[04-08-2004 11:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Programas

 

[17-09-2007|01:42] C:\Programas\Adobe

[29-10-2005|19:34] C:\Programas\Alwil Software

[31-07-2006|15:31] C:\Programas\Apoint2K

[29-03-2005|13:11] C:\Programas\Atheros

[29-03-2005|12:13] C:\Programas\ComPlus Applications

[16-03-2008|10:51] C:\Programas\Declara‡äes Electr¢nicas

[20-10-2005|15:47] C:\Programas\DVD-RAM

[27-06-2008|19:16] C:\Programas\Ficheiros comuns

[19-10-2006|18:12] C:\Programas\FunWebProducts

[16-03-2008|21:12] C:\Programas\Google

[28-07-2006|20:44] C:\Programas\ICOO Loader

[27-06-2008|19:22] C:\Programas\InstallShield Installation Information

[29-03-2005|12:58] C:\Programas\Intel

[13-08-2008|22:12] C:\Programas\Internet Explorer

[30-03-2005|08:45] C:\Programas\InterVideo

[13-08-2008|20:16] C:\Programas\Java

[29-03-2005|13:08] C:\Programas\ltmoh

[13-08-2008|22:14] C:\Programas\Messenger

[12-05-2007|13:11] C:\Programas\Microsoft CAPICOM 2.1.0.2

[17-10-2005|20:30] C:\Programas\microsoft frontpage

[17-10-2005|20:30] C:\Programas\Microsoft Office

[30-03-2005|08:52] C:\Programas\Microsoft.NET

[17-08-2008|02:28] C:\Programas\MODEM MF620

[29-03-2005|12:13] C:\Programas\Movie Maker

[26-07-2008|15:42] C:\Programas\Mozilla Firefox

[29-03-2005|12:12] C:\Programas\MSN Gaming Zone

[31-10-2006|08:04] C:\Programas\MyWebSearch

[04-08-2006|09:31] C:\Programas\NetMeeting

[27-06-2008|19:16] C:\Programas\Option

[13-06-2007|08:55] C:\Programas\Outlook Express

[31-07-2006|14:49] C:\Programas\p2pnetworks

[28-07-2006|20:58] C:\Programas\Panda Software

[15-08-2008|14:34] C:\Programas\QuoteTracker

[22-10-2005|17:50] C:\Programas\Servi‡os online

[30-03-2005|08:41] C:\Programas\Sonic

[15-04-2006|18:58] C:\Programas\Symantec

[14-04-2006|23:05] C:\Programas\TOSHIBA

[13-02-2008|21:46] C:\Programas\Uninst.isu

[31-03-2005|10:29] C:\Programas\Uninstall Information

[16-03-2008|22:15] C:\Programas\Virtual Earth 3D

[29-02-2008|23:04] C:\Programas\Windows Defender

[02-03-2008|23:39] C:\Programas\Windows Live

[20-06-2006|20:22] C:\Programas\Windows Live Safety Center

[17-02-2007|13:33] C:\Programas\Windows Live Toolbar

[31-07-2006|15:31] C:\Programas\Windows Media Player

[29-03-2005|12:12] C:\Programas\Windows NT

[29-03-2005|12:14] C:\Programas\WindowsUpdate

[14-04-2007|20:08] C:\Programas\WinRAR

[29-03-2005|12:16] C:\Programas\xerox

[06-12-2007|23:49] C:\Programas\Zero G Registry

 

--------------------\\ Lista de pastas em C:\Programas\Ficheiros comuns

 

[17-09-2007|01:42] C:\Programas\Ficheiros comuns\Adobe

[17-10-2005|20:33] C:\Programas\Ficheiros comuns\Designer

[29-03-2005|13:14] C:\Programas\Ficheiros comuns\InstallShield

[29-03-2005|10:23] C:\Programas\Ficheiros comuns\Java

[02-06-2008|18:16] C:\Programas\Ficheiros comuns\Microsoft Shared

[29-03-2005|12:13] C:\Programas\Ficheiros comuns\MSSoap

[29-03-2005|12:07] C:\Programas\Ficheiros comuns\ODBC

[31-07-2006|15:16] C:\Programas\Ficheiros comuns\Panda Software

[29-03-2005|12:13] C:\Programas\Ficheiros comuns\Services

[29-03-2005|12:07] C:\Programas\Ficheiros comuns\SpeechEngines

[14-04-2006|23:49] C:\Programas\Ficheiros comuns\Symantec Shared

[13-06-2007|08:55] C:\Programas\Ficheiros comuns\System

[02-03-2008|23:38] C:\Programas\Ficheiros comuns\WindowsLiveInstaller

 

--------------------\\ Process

 

( 51 Processus )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-17 15:14:42

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 128

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:8241][D:103]-> C:\DOCUME~1\Toshiba\DEFINI~1\Temp

[F:101][D:0]-> C:\DOCUME~1\Toshiba\Cookies

[F:1478][D:7]-> C:\DOCUME~1\Toshiba\DEFINI~1\TEMPOR~1\content.IE5

 

--------------------\\ Verificação completa em 15:16:12,79

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:19:11, on 17-08-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\Programas\Apoint2K\Apoint.exe

C:\Programas\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programas\TOSHIBA\E-KEY\CeEKey.exe

C:\Programas\TOSHIBA\TouchPad\TPTray.exe

C:\Programas\TOSHIBA\Accessibility\FnKeyHook.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Programas\TOSHIBA\Controlos TOSHIBA\TFncKy.exe

C:\Programas\TOSHIBA\Tvs\TvsTray.exe

C:\Programas\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Programas\Windows Defender\MSASCui.exe

C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Programas\Apoint2K\Apntex.exe

C:\WINDOWS\system32\ctfmon.exe

C:\DOCUME~1\Toshiba\DEFINI~1\Temp\setup1020.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SupportAppPT\ztemon.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programas\MODEM MF620\Modem.exe

C:\WINDOWS\explorer.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Toshiba\DEFINI~1\Temp\Rar$EX00.219\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Apoint] C:\Programas\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PadTouch] C:\Programas\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Programas\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Programas\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programas\TOSHIBA\Accessibility\FnKeyHook.exe

O4 - HKLM\..\Run: [HWSetup] C:\Programas\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Programas\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Tvs] C:\Programas\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [upgConfVer] "C:\Programas\Panda Software\Panda Platinum 2006 Internet Security\UpgConf.exe" /v:10.02.01

O4 - HKLM\..\Run: [PPFW] c:\programas\panda software\panda platinum 2006 internet security\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:platinum /mod:3 /flg:2 /ver:10.2.1

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Mobile Phonetools] C:\Documents and Settings\Toshiba\Ambiente de trabalho\mphonetools.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [TOSCDSPD] C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [somefox] C:\DOCUME~1\Toshiba\DEFINI~1\Temp\setup1020.exe

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programas\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: CD do software adicional.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{215ACA7A-BF22-41D5-B114-948F353DBD40}: NameServer = 212.55.154.174 10.11.12.14

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

[DigRam 144]

Boa Tarde! lumis

 

<@> Vá a este Link,e baixe:

 

< Malwarebytes >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo! ( Full Scan )

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens,detectados,para a quarentena.

-----------------------

<@> Poste,os relatórios: mbam-log-8-17-2008 (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[lumis 0]

Creio que ficou resolvido...espantoso..

 

Aqui ficam os dois relatórios:

 

 

Malwarebytes' Anti-Malware 1.24

Versão do banco de dados: 1061

Windows 5.1.2600 Service Pack 2

 

18:51:15 17-08-2008

mbam-log-8-17-2008 (18-50-48).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 46965

Tempo decorrido: 5 minute(s), 59 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registo infectadas: 22

Valores do Registo infectados: 2

Ítens do Registo infectados: 0

Pastas infectadas: 9

Ficheiros infectados: 12

 

Processos da Memória infectados:

(Nenhum item malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum item malicioso foi detectado)

 

Chaves do Registo infectadas:

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.

 

Valores do Registo infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

 

Ítens do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Pastas infectadas:

C:\Programas\MyWebSearch (Adware.MyWebSearch) -> No action taken.

C:\Programas\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.

C:\Programas\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.

C:\Programas\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

C:\Programas\FunWebProducts (Adware.MyWebSearch) -> No action taken.

C:\Programas\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.

C:\Programas\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.

C:\Programas\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.

C:\Programas\p2pnetworks (Fake.Dropped.Malware) -> No action taken.

 

Ficheiros infectados:

C:\Documents and Settings\Toshiba\Definições locais\Temp\6A.tmp (Trojan.FakeAlert) -> No action taken.

C:\Programas\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.

C:\Programas\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.

C:\Programas\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.

C:\Programas\p2pnetworks\AlConfig.xml (Fake.Dropped.Malware) -> No action taken.

C:\Programas\p2pnetworks\alp2plib.log (Fake.Dropped.Malware) -> No action taken.

C:\Programas\p2pnetworks\alp2plib.log.bak (Fake.Dropped.Malware) -> No action taken.

C:\Programas\p2pnetworks\install.log (Fake.Dropped.Malware) -> No action taken.

C:\Programas\p2pnetworks\mpp2pl.exe (Fake.Dropped.Malware) -> No action taken.

C:\Programas\p2pnetworks\sp2p.cache (Fake.Dropped.Malware) -> No action taken.

C:\Programas\p2pnetworks\uninst.exe (Fake.Dropped.Malware) -> No action taken.

C:\Documents and Settings\Toshiba\Definições locais\Temp\setup1020.exe (Trojan.FakeAlert) -> No action taken.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:56:58, on 17-08-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Programas\Alwil Software\Avast4\ashServ.exe

C:\Programas\Apoint2K\Apoint.exe

C:\Programas\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Programas\TOSHIBA\E-KEY\CeEKey.exe

C:\Programas\TOSHIBA\TouchPad\TPTray.exe

C:\Programas\TOSHIBA\Accessibility\FnKeyHook.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Programas\TOSHIBA\Controlos TOSHIBA\TFncKy.exe

C:\Programas\TOSHIBA\Tvs\TvsTray.exe

C:\Programas\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Programas\Windows Defender\MSASCui.exe

C:\Programas\Apoint2K\Apntex.exe

C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SupportAppPT\ztemon.exe

C:\Programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\MODEM MF620\Modem.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programas\Alwil Software\Avast4\setup\avast.setup

C:\Programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Toshiba\DEFINI~1\Temp\Rar$EX00.484\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Apoint] C:\Programas\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PadTouch] C:\Programas\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [CeEKEY] C:\Programas\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPNF] C:\Programas\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programas\TOSHIBA\Accessibility\FnKeyHook.exe

O4 - HKLM\..\Run: [HWSetup] C:\Programas\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Programas\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [Tvs] C:\Programas\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [upgConfVer] "C:\Programas\Panda Software\Panda Platinum 2006 Internet Security\UpgConf.exe" /v:10.02.01

O4 - HKLM\..\Run: [PPFW] c:\programas\panda software\panda platinum 2006 internet security\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:platinum /mod:3 /flg:2 /ver:10.2.1

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Mobile Phonetools] C:\Documents and Settings\Toshiba\Ambiente de trabalho\mphonetools.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [TOSCDSPD] C:\Programas\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programas\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: CD do software adicional.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{215ACA7A-BF22-41D5-B114-948F353DBD40}: NameServer = 212.55.154.174 10.11.12.14

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programas\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

[lumis 0]

Peço perdão mas acho que fiz o scan rápido,vejoque o problema desapareceu, porém se achar que é melhor voltar a fazer o completo, eu faço e volto a postar os relatórios....pelo sucedido peço desculpa....

Cordialmente..

lumis

[DigRam 144]

Peço perdão mas acho que fiz o scan rápido,vejoque o problema desapareceu, porém se achar que é melhor voltar a fazer o completo, eu faço e volto a postar os relatórios....pelo sucedido peço desculpa....

Cordialmente..

lumis

------------------------

Opa! lumis

 

<!> Pelo malwarebytes,nada foi removido e,consequentemente,quarantinados.

<!> Ao concluir a verificação,será exibida essa mensagem:

 

O resultado da verificação será exibido, com o nome dos arquivos e malwares encontrados.

Para efetivar a limpeza,clique em Remover selecionados:

<!> Portanto,repita o scan com o malwarebytes e faça o que está no quote.

<!> Para maiores detalhes: < Link >

-----------------------

<!> Poste,somente,o relatório do malwarebytes.

<!> Ps: Pode executar o escaneamento rápido!

 

Abraços!

[lumis 0]

Peço perdão mas acho que fiz o scan rápido,vejoque o problema desapareceu, porém se achar que é melhor voltar a fazer o completo, eu faço e volto a postar os relatórios....pelo sucedido peço desculpa....

Cordialmente..

lumis

------------------------

Opa! lumis

 

<!> Pelo malwarebytes,nada foi removido e,consequentemente,quarantinados.

<!> Ao concluir a verificação,será exibida essa mensagem:

 

O resultado da verificação será exibido, com o nome dos arquivos e malwares encontrados.

Para efetivar a limpeza,clique em Remover selecionados:

<!> Portanto,repita o scan com o malwarebytes e faça o que está no quote.

<!> Para maiores detalhes: < Link >

-----------------------

<!> Poste,somente,o relatório do malwarebytes.

<!> Ps: Pode executar o escaneamento rápido!

 

Abraços!

 

 

 

Conforme instruções aqui está relatório...

 

Malwarebytes' Anti-Malware 1.24

Versão do banco de dados: 1061

Windows 5.1.2600 Service Pack 2

 

20:41:55 17-08-2008

mbam-log-8-17-2008 (20-41-55).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 47016

Tempo decorrido: 7 minute(s), 48 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registo infectadas: 0

Valores do Registo infectados: 0

Ítens do Registo infectados: 0

Pastas infectadas: 0

Ficheiros infectados: 0

 

Processos da Memória infectados:

(Nenhum item malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum item malicioso foi detectado)

 

Chaves do Registo infectadas:

(Nenhum item malicioso foi detectado)

 

Valores do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Ítens do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Pastas infectadas:

(Nenhum item malicioso foi detectado)

 

Ficheiros infectados:

(Nenhum item malicioso foi detectado)

[DigRam 144]

Boa Noite! lumis

 

<@> Baixe: < CCleaner >

<@> Salve-o no Desktop!

<@> Com a opção < Limpador >,já selecionada,clique em Analisar.

<@> Aguarde o progresso!

<@> Terminando,clique em Executar Cleaner.

<@> Na janela que surgir,dê o Ok.

<@> Aguarde o progresso!

<@> Selecionando a opção Registro,clique em Procurar erros.

<@> Terminando,clique em Corrigir erros selecionados...

<@> Na pergunta,clique em Sim!

<@> Nomeie os backups e clique em Salvar.

<@> Na janela que aparecer,clique em: Corrigir todos os erros selecionados

<@> Clique em Ok --> Fechar.

@@@@@@@@@@@@@@@@

Estando tudo Ok,crie um ponto limpo de Restauração do Sistema.

Clique com o botão direito do mouse,em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em: < Docs >

<@> O log está limpo! :thumbsup:

<@> Tudo Ok?

 

Abraços!

[lumis 0]

Tudo OK ...mesmo....

Conforme instruçoes tudo foi efectuado, muito agradecido, e cumprimentos de Portugal....

Vocês são excepcionais....

Cordialmente e com abraço de agradecimento.......

Lumis

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.