[Resolvido!] ANALISEM O MEU LOG AI !

[negodico 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:13:36, on 21/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Hj\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - C:\ARQUIV~1\GBPLUG~1\gbiehdst.dll (file missing)

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [zzGBK] D:\setup.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [systemDriverDll] c:\windows\system\pnagent563.dll.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AdVantage Setup] C:\Arquivos de programas\Webteh\BSplayer\AdVantageSetup.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Dvdnoun] C:\DOCUME~1\Leandro\DADOSD~1\DOWNLO~1\você time site.exe

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [AdVantage] "C:\Arquivos de programas\AdVantage\AdVantage.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.ssaabb.com

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205517036281

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1003575-3725-445F-9E0E-459A95BFD9A8}: NameServer = 200.165.132.154 200.165.132.148

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 8597 bytes

----------------------------------------------------------------

 

VALEW RAPAZIADA :thumbsup:

[DigRam 144]

Bom Dia! negodico

 

<@> Faça o download do ComboFix.exe.

<@> Baixe-o para o Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar! >> Enter

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

----------------------

<@> Poste os relatórios: C:\ComboFix.txt + Log do HJT,atualizado.

 

Abraços!

[negodico 0]

Valew cara como você pediu ai vai !!! :grin:

o primeiro é o combo o segundo é o hijackthis !!

 

 

ComboFix 08-08-19.06 - Leandro 2008-08-21 11:36:31.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.179 [GMT -3:00]

Executando de: C:\Documents and Settings\Leandro\Desktop\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\Uninstall.exe

C:\Arquivos de programas\GbPluggin\svchost

C:\Documents and Settings\Leandro\Cookies\leandro@ads.pointroll[1].txt

C:\Documents and Settings\Leandro\Cookies\leandro@serving-sys[1].txt

C:\WINDOWS\ponto.DLL

C:\WINDOWS\system32\MEGATRON.ini

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))

.

 

2008-08-21 11:35 . 2008-08-21 11:36 <DIR> d-------- C:\327882R2FWJFW

2008-08-21 00:11 . 2008-08-21 00:13 <DIR> d-------- C:\Hj

2008-08-20 14:33 . 2008-08-20 14:33 19 --a------ C:\WINDOWS\wp.ini

2008-08-20 14:12 . 2008-08-20 14:12 2,059 --a------ C:\WINDOWS\guess.ini

2008-08-20 14:08 . 2008-08-20 14:29 2,059 --a------ C:\WINDOWS\wp2.ini

2008-08-20 14:02 . 2008-08-20 14:02 2,059 --a------ C:\WINDOWS\wp3.ini

2008-08-16 22:43 . 2008-08-16 22:43 <DIR> d-------- C:\Sounds

2008-07-26 13:31 . 2008-07-26 13:31 3 --a------ C:\MSDOS.INF

2008-07-25 22:17 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-07-25 22:15 . 2008-08-16 22:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-07-25 22:13 . 2007-07-09 00:24 23,680 --a------ C:\WINDOWS\system32\drivers\lgusbsmodem.sys

2008-07-25 22:11 . 2008-08-16 23:01 <DIR> d-------- C:\Documents and Settings\Leandro\Dados de aplicativos\LG Electronics

2008-07-25 22:11 . 2008-08-16 23:01 <DIR> d-------- C:\Arquivos de programas\LG PC Suite

2008-07-25 22:11 . 2008-01-14 17:48 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-07-25 22:11 . 2007-11-08 16:26 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll

2008-07-25 22:11 . 2007-11-21 14:27 591,872 --a------ C:\WINDOWS\system32\AlbumDisplay.ocx

2008-07-25 22:11 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx

2008-07-25 22:11 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx

2008-07-23 23:43 . 2006-05-04 08:33 53,248 --a------ C:\WINDOWS\system32\CommonDL.dll

2008-07-23 23:43 . 2005-10-04 01:39 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-07-23 23:43 . 2008-07-23 23:45 2,412 --a------ C:\WINDOWS\system32\lgAxconfig.ini

2008-07-23 23:30 . 2008-07-25 22:13 <DIR> d-------- C:\Arquivos de programas\LG Electronics

2008-07-23 23:23 . 2008-07-23 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX

2008-07-22 22:06 . 2008-07-22 22:06 <DIR> d-------- C:\Documents and Settings\Leandro\Dados de aplicativos\KC Softwares

2008-07-22 22:06 . 2008-07-22 22:06 <DIR> d-------- C:\Arquivos de programas\KC Softwares

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-21 12:28 --------- d-----w C:\Arquivos de programas\GbPluggin

2008-08-21 00:47 --------- d-----w C:\Arquivos de programas\DreMule

2008-08-18 19:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NFS Underground

2008-07-30 20:20 --------- d-----w C:\Documents and Settings\Leandro\Dados de aplicativos\Image Zone Express

2008-07-26 01:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-23 01:33 --------- d-----w C:\Arquivos de programas\Image-Line

2008-07-21 01:52 --------- d-----w C:\Arquivos de programas\MP3 Splitter & Joiner

2008-07-21 01:26 --------- d-----w C:\Arquivos de programas\MP3JOINER

2008-07-17 12:01 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-17 12:01 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-07-04 23:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\DirectX

2008-06-22 07:05 --------- d-----w C:\Arquivos de programas\DAEMON Tools Lite

2008-06-14 17:31 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll

2008-06-09 17:51 1,196,544 --sh--w C:\WINDOWS\Help\helpsystem.exe

2008-04-12 14:53 30,280 ----a-w C:\Documents and Settings\Leandro\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2004-07-22 13:51 3,432,656 ----a-w C:\Arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 1,156,363 ----a-w C:\Arquivos de programas\BDANT.cab

2004-07-20 01:53 976,020 ----a-w C:\Arquivos de programas\BDAXP.cab

2004-07-09 17:17 13,265,040 ----a-w C:\Arquivos de programas\dxnt.cab

2004-07-09 12:13 703,080 ----a-w C:\Arquivos de programas\BDA.cab

2004-07-09 12:13 15,493,481 ----a-w C:\Arquivos de programas\DirectX.cab

2004-07-09 07:08 472,576 ----a-w C:\Arquivos de programas\dxsetup.exe

2004-07-09 07:08 2,242,560 ----a-w C:\Arquivos de programas\dsetup32.dll

2004-07-09 06:03 62,976 ----a-w C:\Arquivos de programas\DSETUP.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-02-13 20:09 486856]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]

"Dvdnoun"="C:\DOCUME~1\Leandro\DADOSD~1\DOWNLO~1\você time site.exe" [bU]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"AdVantage"="C:\Arquivos de programas\AdVantage\AdVantage.exe" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"zzGBK"="D:\setup.exe" [bU]

"PRONoMgr.exe"="C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24 86016]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-03-30 15:45 500224]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SystemDriverDll"="c:\windows\system\pnagent563.dll.exe" [bU]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-04-14 11:56 185896]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-07-17 09:01 1232152]

"AdVantage Setup"="C:\Arquivos de programas\Webteh\BSplayer\AdVantageSetup.exe" [bU]

"SMSERIAL"="sm56hlpr.exe" [2005-07-05 17:47 544768 C:\WINDOWS\sm56hlpr.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 577536 C:\WINDOWS\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"VIDC.FFDS"= ffdshow.ax

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d55f63d-08e3-11dd-bf2c-000fea279b6a}]

\Shell\Auto\command - boot.pif

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.pif

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a71faf-f1dc-11dc-bf0b-000fea279b6a}]

\Shell\AutoRun\command - E:\82r9.cmd

\Shell\explore\Command - E:\82r9.cmd

\Shell\open\Command - E:\82r9.cmd

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-08-21 C:\WINDOWS\Tasks\B15A79149499F694.job

- c:\docume~1\leandro\dadosd~1\downlo~1\1ownsblah.exe []

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Leandro\Dados de aplicativos\Mozilla\Firefox\Profiles\g9n673yw.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.terra.com.br/capa

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-21 12:55:52

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-21 12:59:34

ComboFix-quarantined-files.txt 2008-08-21 15:59:13

 

Pre-Run: 17 pasta(s) 21,001,019,392 bytes disponíveis

Post-Run: 21 pasta(s) 20,952,428,544 bytes disponíveis

 

170

 

-----------------------------------------------------------------------------------------------------------------------------------------------

Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:21:37, on 21/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Hj\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [zzGBK] D:\setup.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [systemDriverDll] c:\windows\system\pnagent563.dll.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AdVantage Setup] C:\Arquivos de programas\Webteh\BSplayer\AdVantageSetup.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Dvdnoun] C:\DOCUME~1\Leandro\DADOSD~1\DOWNLO~1\você time site.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [AdVantage] "C:\Arquivos de programas\AdVantage\AdVantage.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.ssaabb.com

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205517036281

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1003575-3725-445F-9E0E-459A95BFD9A8}: NameServer = 200.165.132.154 200.165.132.148

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 8768 bytes

-------------------------------------------------------------------------------------------------------------------------------------------

 

 

Valew irmão da uma olhada ai :thumbsup:

[DigRam 144]

Bom Dia! negodico

 

"SpybotSD TeaTimer" <-- Desabilite esta proteção!

<!> Para que não bloqueie,as remoções do ComboFix.

 

C:\Arquivos de programas\AdVantage <-- Link

<!> Se não lhe for importante,pode desinstalar!

 

Insira sua(s) unidade(s) removíveis,na entrada USB. ( pendrive,mp3,mp4,ipods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\DOCUME~1\Leandro\DADOSD~1\DOWNLO~1\você time site.exe

c:\docume~1\leandro\dadosd~1\downlo~1\1ownsblah.exe

C:\WINDOWS\Tasks\B15A79149499F694.job

C:\WINDOWS\wp.ini

C:\WINDOWS\guess.ini

C:\WINDOWS\wp2.ini

C:\WINDOWS\wp3.ini

E:\82r9.cmd

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d55f63d-08e3-11dd-bf2c-000fea279b6a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a71faf-f1dc-11dc-bf0b-000fea279b6a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dvdnoun"=-

Folder::

c:\docume~1\leandro\dadosd~1\downlo~1

C:\Arquivos de programas\GbPluggin

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[negodico 0]

atualizando!!!

 

ComboFix 08-08-19.06 - Leandro 2008-08-22 10:27:30.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.209 [GMT -3:00]

Executando de: C:\Documents and Settings\Leandro\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Leandro\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

c:\docume~1\leandro\dadosd~1\downlo~1\1ownsblah.exe

C:\DOCUME~1\Leandro\DADOSD~1\DOWNLO~1\você time site.exe

C:\WINDOWS\guess.ini

C:\WINDOWS\Tasks\B15A79149499F694.job

C:\WINDOWS\wp.ini

C:\WINDOWS\wp2.ini

C:\WINDOWS\wp3.ini

E:\82r9.cmd

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Arquivos de programas\GbPluggin

C:\Arquivos de programas\GbPluggin\gbiehdst.gmd

C:\Arquivos de programas\GbPluggin\gbiehdt.gpc

c:\docume~1\leandro\dadosd~1\downlo~1

c:\docume~1\leandro\dadosd~1\downlo~1\0

C:\WINDOWS\guess.ini

C:\WINDOWS\Tasks\B15A79149499F694.job

C:\WINDOWS\wp.ini

C:\WINDOWS\wp2.ini

C:\WINDOWS\wp3.ini

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))))

.

 

2008-08-21 00:11 . 2008-08-21 21:21 <DIR> d-------- C:\Hj

2008-08-16 22:43 . 2008-08-16 22:43 <DIR> d-------- C:\Sounds

2008-07-26 13:31 . 2008-07-26 13:31 3 --a------ C:\MSDOS.INF

2008-07-25 22:17 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-07-25 22:15 . 2008-08-16 22:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-07-25 22:13 . 2007-07-09 00:24 23,680 --a------ C:\WINDOWS\system32\drivers\lgusbsmodem.sys

2008-07-25 22:11 . 2008-08-16 23:01 <DIR> d-------- C:\Documents and Settings\Leandro\Dados de aplicativos\LG Electronics

2008-07-25 22:11 . 2008-08-16 23:01 <DIR> d-------- C:\Arquivos de programas\LG PC Suite

2008-07-25 22:11 . 2008-01-14 17:48 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-07-25 22:11 . 2007-11-08 16:26 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll

2008-07-25 22:11 . 2007-11-21 14:27 591,872 --a------ C:\WINDOWS\system32\AlbumDisplay.ocx

2008-07-25 22:11 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx

2008-07-25 22:11 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx

2008-07-23 23:43 . 2006-05-04 08:33 53,248 --a------ C:\WINDOWS\system32\CommonDL.dll

2008-07-23 23:43 . 2005-10-04 01:39 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-07-23 23:43 . 2008-07-23 23:45 2,412 --a------ C:\WINDOWS\system32\lgAxconfig.ini

2008-07-23 23:30 . 2008-07-25 22:13 <DIR> d-------- C:\Arquivos de programas\LG Electronics

2008-07-23 23:23 . 2008-07-23 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX

2008-07-22 22:06 . 2008-07-22 22:06 <DIR> d-------- C:\Documents and Settings\Leandro\Dados de aplicativos\KC Softwares

2008-07-22 22:06 . 2008-07-22 22:06 <DIR> d-------- C:\Arquivos de programas\KC Softwares

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-21 00:47 --------- d-----w C:\Arquivos de programas\DreMule

2008-08-18 19:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NFS Underground

2008-07-30 20:20 --------- d-----w C:\Documents and Settings\Leandro\Dados de aplicativos\Image Zone Express

2008-07-26 01:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-23 01:33 --------- d-----w C:\Arquivos de programas\Image-Line

2008-07-21 01:52 --------- d-----w C:\Arquivos de programas\MP3 Splitter & Joiner

2008-07-21 01:26 --------- d-----w C:\Arquivos de programas\MP3JOINER

2008-07-17 12:01 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-17 12:01 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-07-04 23:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\DirectX

2008-06-22 07:05 --------- d-----w C:\Arquivos de programas\DAEMON Tools Lite

2008-06-14 17:31 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll

2008-06-09 17:51 1,196,544 --sh--w C:\WINDOWS\Help\helpsystem.exe

2008-04-12 14:53 30,280 ----a-w C:\Documents and Settings\Leandro\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2004-07-22 13:51 3,432,656 ----a-w C:\Arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 1,156,363 ----a-w C:\Arquivos de programas\BDANT.cab

2004-07-20 01:53 976,020 ----a-w C:\Arquivos de programas\BDAXP.cab

2004-07-09 17:17 13,265,040 ----a-w C:\Arquivos de programas\dxnt.cab

2004-07-09 12:13 703,080 ----a-w C:\Arquivos de programas\BDA.cab

2004-07-09 12:13 15,493,481 ----a-w C:\Arquivos de programas\DirectX.cab

2004-07-09 07:08 472,576 ----a-w C:\Arquivos de programas\dxsetup.exe

2004-07-09 07:08 2,242,560 ----a-w C:\Arquivos de programas\dsetup32.dll

2004-07-09 06:03 62,976 ----a-w C:\Arquivos de programas\DSETUP.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-02-13 20:09 486856]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"AdVantage"="C:\Arquivos de programas\AdVantage\AdVantage.exe" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"zzGBK"="D:\setup.exe" [bU]

"PRONoMgr.exe"="C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24 86016]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-03-30 15:45 500224]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SystemDriverDll"="c:\windows\system\pnagent563.dll.exe" [bU]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-04-14 11:56 185896]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-07-17 09:01 1232152]

"AdVantage Setup"="C:\Arquivos de programas\Webteh\BSplayer\AdVantageSetup.exe" [bU]

"SMSERIAL"="sm56hlpr.exe" [2005-07-05 17:47 544768 C:\WINDOWS\sm56hlpr.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 577536 C:\WINDOWS\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"VIDC.FFDS"= ffdshow.ax

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-17 09:01]

R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-07-17 09:01]

S3 lgusbsmodem;LGE Mobile USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys [2007-07-09 00:24]

S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys []

 

*Newly Created Service* - CATCHME

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-22 11:35:09

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-22 11:37:16

ComboFix-quarantined-files.txt 2008-08-22 14:36:57

ComboFix2.txt 2008-08-21 15:59:35

 

Pre-Run: 16 pasta(s) 24,716,189,696 bytes disponíveis

Post-Run: 19 pasta(s) 24,677,601,280 bytes disponíveis

 

158

-----------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:03:38, on 22/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\DreMule\emule.exe

C:\Arquivos de programas\Webteh\BSplayer\bsplayer.exe

C:\Hj\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [zzGBK] D:\setup.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [systemDriverDll] c:\windows\system\pnagent563.dll.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AdVantage Setup] C:\Arquivos de programas\Webteh\BSplayer\AdVantageSetup.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [AdVantage] "C:\Arquivos de programas\AdVantage\AdVantage.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.ssaabb.com

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205517036281

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1003575-3725-445F-9E0E-459A95BFD9A8}: NameServer = 200.165.132.154 200.165.132.148

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 8250 bytes

----------------------------------------

 

Ai cara !! PAz

[negodico 0]

atualizando!!!

 

ComboFix 08-08-19.06 - Leandro 2008-08-22 10:27:30.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.209 [GMT -3:00]

Executando de: C:\Documents and Settings\Leandro\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Leandro\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

c:\docume~1\leandro\dadosd~1\downlo~1\1ownsblah.exe

C:\DOCUME~1\Leandro\DADOSD~1\DOWNLO~1\você time site.exe

C:\WINDOWS\guess.ini

C:\WINDOWS\Tasks\B15A79149499F694.job

C:\WINDOWS\wp.ini

C:\WINDOWS\wp2.ini

C:\WINDOWS\wp3.ini

E:\82r9.cmd

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Arquivos de programas\GbPluggin

C:\Arquivos de programas\GbPluggin\gbiehdst.gmd

C:\Arquivos de programas\GbPluggin\gbiehdt.gpc

c:\docume~1\leandro\dadosd~1\downlo~1

c:\docume~1\leandro\dadosd~1\downlo~1\0

C:\WINDOWS\guess.ini

C:\WINDOWS\Tasks\B15A79149499F694.job

C:\WINDOWS\wp.ini

C:\WINDOWS\wp2.ini

C:\WINDOWS\wp3.ini

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))))

.

 

2008-08-21 00:11 . 2008-08-21 21:21 <DIR> d-------- C:\Hj

2008-08-16 22:43 . 2008-08-16 22:43 <DIR> d-------- C:\Sounds

2008-07-26 13:31 . 2008-07-26 13:31 3 --a------ C:\MSDOS.INF

2008-07-25 22:17 . 2004-08-04 00:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-07-25 22:15 . 2008-08-16 22:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-07-25 22:13 . 2007-07-09 00:24 23,680 --a------ C:\WINDOWS\system32\drivers\lgusbsmodem.sys

2008-07-25 22:11 . 2008-08-16 23:01 <DIR> d-------- C:\Documents and Settings\Leandro\Dados de aplicativos\LG Electronics

2008-07-25 22:11 . 2008-08-16 23:01 <DIR> d-------- C:\Arquivos de programas\LG PC Suite

2008-07-25 22:11 . 2008-01-14 17:48 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-07-25 22:11 . 2007-11-08 16:26 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll

2008-07-25 22:11 . 2007-11-21 14:27 591,872 --a------ C:\WINDOWS\system32\AlbumDisplay.ocx

2008-07-25 22:11 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx

2008-07-25 22:11 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx

2008-07-23 23:43 . 2006-05-04 08:33 53,248 --a------ C:\WINDOWS\system32\CommonDL.dll

2008-07-23 23:43 . 2005-10-04 01:39 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

2008-07-23 23:43 . 2008-07-23 23:45 2,412 --a------ C:\WINDOWS\system32\lgAxconfig.ini

2008-07-23 23:30 . 2008-07-25 22:13 <DIR> d-------- C:\Arquivos de programas\LG Electronics

2008-07-23 23:23 . 2008-07-23 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX

2008-07-22 22:06 . 2008-07-22 22:06 <DIR> d-------- C:\Documents and Settings\Leandro\Dados de aplicativos\KC Softwares

2008-07-22 22:06 . 2008-07-22 22:06 <DIR> d-------- C:\Arquivos de programas\KC Softwares

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-21 00:47 --------- d-----w C:\Arquivos de programas\DreMule

2008-08-18 19:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NFS Underground

2008-07-30 20:20 --------- d-----w C:\Documents and Settings\Leandro\Dados de aplicativos\Image Zone Express

2008-07-26 01:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-23 01:33 --------- d-----w C:\Arquivos de programas\Image-Line

2008-07-21 01:52 --------- d-----w C:\Arquivos de programas\MP3 Splitter & Joiner

2008-07-21 01:26 --------- d-----w C:\Arquivos de programas\MP3JOINER

2008-07-17 12:01 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-17 12:01 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-07-04 23:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\DirectX

2008-06-22 07:05 --------- d-----w C:\Arquivos de programas\DAEMON Tools Lite

2008-06-14 17:31 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll

2008-06-09 17:51 1,196,544 --sh--w C:\WINDOWS\Help\helpsystem.exe

2008-04-12 14:53 30,280 ----a-w C:\Documents and Settings\Leandro\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2004-07-22 13:51 3,432,656 ----a-w C:\Arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 1,156,363 ----a-w C:\Arquivos de programas\BDANT.cab

2004-07-20 01:53 976,020 ----a-w C:\Arquivos de programas\BDAXP.cab

2004-07-09 17:17 13,265,040 ----a-w C:\Arquivos de programas\dxnt.cab

2004-07-09 12:13 703,080 ----a-w C:\Arquivos de programas\BDA.cab

2004-07-09 12:13 15,493,481 ----a-w C:\Arquivos de programas\DirectX.cab

2004-07-09 07:08 472,576 ----a-w C:\Arquivos de programas\dxsetup.exe

2004-07-09 07:08 2,242,560 ----a-w C:\Arquivos de programas\dsetup32.dll

2004-07-09 06:03 62,976 ----a-w C:\Arquivos de programas\DSETUP.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-02-13 20:09 486856]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"AdVantage"="C:\Arquivos de programas\AdVantage\AdVantage.exe" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"zzGBK"="D:\setup.exe" [bU]

"PRONoMgr.exe"="C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24 86016]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-03-30 15:45 500224]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"SystemDriverDll"="c:\windows\system\pnagent563.dll.exe" [bU]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-04-14 11:56 185896]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-07-17 09:01 1232152]

"AdVantage Setup"="C:\Arquivos de programas\Webteh\BSplayer\AdVantageSetup.exe" [bU]

"SMSERIAL"="sm56hlpr.exe" [2005-07-05 17:47 544768 C:\WINDOWS\sm56hlpr.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 577536 C:\WINDOWS\soundman.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"VIDC.FFDS"= ffdshow.ax

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-17 09:01]

R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-07-17 09:01]

S3 lgusbsmodem;LGE Mobile USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys [2007-07-09 00:24]

S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys []

 

*Newly Created Service* - CATCHME

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-22 11:35:09

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-08-22 11:37:16

ComboFix-quarantined-files.txt 2008-08-22 14:36:57

ComboFix2.txt 2008-08-21 15:59:35

 

Pre-Run: 16 pasta(s) 24,716,189,696 bytes disponíveis

Post-Run: 19 pasta(s) 24,677,601,280 bytes disponíveis

 

158

-----------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:03:38, on 22/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\DreMule\emule.exe

C:\Arquivos de programas\Webteh\BSplayer\bsplayer.exe

C:\Hj\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [zzGBK] D:\setup.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [systemDriverDll] c:\windows\system\pnagent563.dll.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AdVantage Setup] C:\Arquivos de programas\Webteh\BSplayer\AdVantageSetup.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [AdVantage] "C:\Arquivos de programas\AdVantage\AdVantage.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.ssaabb.com

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205517036281

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1003575-3725-445F-9E0E-459A95BFD9A8}: NameServer = 200.165.132.154 200.165.132.148

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 8250 bytes

----------------------------------------

 

Ai cara !! PAz

[DigRam 144]

Bom Dia! negodico

 

O15 - Trusted Zone: *.ssaabb.com <--

<!> É de seu conhecimento,este site,estar como preferencial?

------------------------

<@> Vá a este Link,e baixe:

 

< Malwarebytes >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo! ( Full Scan )

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens,detectados,para a quarentena.

<@> Para maiores detalhes: < Link >

-----------------------

<@> Poste,os relatórios: mbam-log-8-23-2008 (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[negodico 0]

Ai !!

 

Malwarebytes' Anti-Malware 1.25

Versão do banco de dados: 1078

Windows 5.1.2600 Service Pack 2

 

20:56:05 23/8/2008

mbam-log-08-23-2008 (20-56-05).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 105477

Tempo decorrido: 48 minute(s), 20 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 12

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 4

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\aosmtp.fastsender (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{ff14b02b-6ee4-400f-a729-b0ea35f921c2} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1ecc44fb-970d-4bc8-90e3-002da4dd21b8} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63bd4ee4-660b-434d-a54b-7c1f53e2fedd} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6d2c09c4-ec95-4251-81fd-1cd01fd8ae44} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d622e87a-35f9-4fb2-afee-4f5bf8407c7a} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{69620165-77dd-44ee-995c-3632e525a22b} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f8d07b72-b4b4-46a0-acc0-c771d4614b82} (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\aosmtp.fastsender.1 (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\aosmtp.mail (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\aosmtp.mail.1 (Spyware.Banker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaaac14-bc46-40ca-9cb2-cbb12c6739eb} (Spyware.Banker) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

c:\WINDOWS\system\AOSMTP.dll (Spyware.Banker) -> Quarantined and deleted successfully.

C:\WINDOWS\Help\helpsystem.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SnEngine.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SnAgOS.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:57:19, on 23/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Nero\Nero 7\Nero ShowTime\ShowTime.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Hj\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [zzGBK] D:\setup.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [systemDriverDll] c:\windows\system\pnagent563.dll.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AdVantage Setup] C:\Arquivos de programas\Webteh\BSplayer\AdVantageSetup.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [AdVantage] "C:\Arquivos de programas\AdVantage\AdVantage.exe"

O4 - HKCU\..\Run: [Dvdnoun] C:\DOCUME~1\Leandro\DADOSD~1\DOWNLO~1\você time site.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: *.ssaabb.com

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205517036281

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1003575-3725-445F-9E0E-459A95BFD9A8}: NameServer = 200.165.132.154 200.165.132.148

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 8653 bytes

[DigRam 144]

Boa Noite! negodico

 

<@> Baixe: < DelDomains >

<@> Extraia o DelDomains.inf,no Desktop.

<@> Clique com o botão direito do mouse,e escolha Instalar.

<@> Aparentemente,parece que nada aconteceu,pois a ação é imperceptível.

--------------------------

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\lopR.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[negodico 0]

Boa Noite! negodico

 

<@> Baixe: < DelDomains >

<@> Extraia o DelDomains.inf,no Desktop.

<@> Clique com o botão direito do mouse,e escolha Instalar.

<@> Aparentemente,parece que nada aconteceu,pois a ação é imperceptível.

--------------------------

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\lopR.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

 

--------------------\\ Lop S&D 4.2.3-4 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.06GHz )

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.06GHz )

Award Modular BIOS v6.00PG

BOOT : Normal boot

 

"C:\Lop SD" ( MAJ : 23-08-2008|10:35 )

Option : [2] ( s b 23/08/2008|22:40 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\WINDOWS\system32\drivers\etc\hosts.txt

Deletado! - C:\DOCUME~1\Leandro\Cookies\leandro@www.adserver5[1].txt

Deletado! - C:\DOCUME~1\Leandro\Cookies\leandro@adultfriendfinder[2].txt

Deletado! - C:\DOCUME~1\Leandro\Cookies\leandro@888[1].txt

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Readme Live Axis Tons

Deletado! - C:\Arquivos de programas\Circle Developement

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[17/03/2008|14:44] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[28/04/2008|09:35] C:\DOCUME~1\ALLUSE~1\DADOSD~1\avg8

[11/05/2008|20:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

[14/03/2008|08:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\desktop.ini

[01/04/2008|17:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

[14/03/2008|13:57] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[24/03/2008|14:35] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP

[24/03/2008|14:37] C:\DOCUME~1\ALLUSE~1\DADOSD~1\hpzinstall.log

[23/07/2008|23:43] C:\DOCUME~1\ALLUSE~1\DADOSD~1\LGMOBILEAX

[23/08/2008|16:54] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Malwarebytes

[18/03/2008|19:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[16/08/2008|22:43] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[14/03/2008|13:57] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Mozilla

[18/08/2008|16:01] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NFS Underground

[14/03/2008|13:06] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

[08/04/2008|13:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[15/03/2008|11:13] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

 

[14/03/2008|08:23] C:\DOCUME~1\DEFAUL~1\DADOSD~1\desktop.ini

[15/03/2008|19:21] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[17/03/2008|14:49] C:\DOCUME~1\Leandro\DADOSD~1\Adobe

[22/03/2008|11:57] C:\DOCUME~1\Leandro\DADOSD~1\Ahead

[05/06/2008|14:51] C:\DOCUME~1\Leandro\DADOSD~1\BSplayer

[03/05/2008|10:56] C:\DOCUME~1\Leandro\DADOSD~1\BSplayer Pro

[14/03/2008|13:07] C:\DOCUME~1\Leandro\DADOSD~1\DAEMON Tools

[14/03/2008|08:23] C:\DOCUME~1\Leandro\DADOSD~1\desktop.ini

[12/04/2008|11:53] C:\DOCUME~1\Leandro\DADOSD~1\GDIPFONTCACHEV1.DAT

[16/03/2008|14:29] C:\DOCUME~1\Leandro\DADOSD~1\Help

[24/03/2008|14:43] C:\DOCUME~1\Leandro\DADOSD~1\HP

[14/03/2008|11:56] C:\DOCUME~1\Leandro\DADOSD~1\Identities

[22/08/2008|17:19] C:\DOCUME~1\Leandro\DADOSD~1\Image Zone Express

[11/05/2008|20:05] C:\DOCUME~1\Leandro\DADOSD~1\InstallShield

[22/07/2008|22:06] C:\DOCUME~1\Leandro\DADOSD~1\KC Softwares

[16/08/2008|23:01] C:\DOCUME~1\Leandro\DADOSD~1\LG Electronics

[14/03/2008|14:31] C:\DOCUME~1\Leandro\DADOSD~1\Macromedia

[23/08/2008|16:54] C:\DOCUME~1\Leandro\DADOSD~1\Malwarebytes

[16/03/2008|14:30] C:\DOCUME~1\Leandro\DADOSD~1\Media Player Classic

[22/07/2008|17:08] C:\DOCUME~1\Leandro\DADOSD~1\Microsoft

[14/03/2008|13:57] C:\DOCUME~1\Leandro\DADOSD~1\Mozilla

[14/04/2008|11:57] C:\DOCUME~1\Leandro\DADOSD~1\Real

[22/03/2008|10:17] C:\DOCUME~1\Leandro\DADOSD~1\SecuROM

[30/03/2008|10:42] C:\DOCUME~1\Leandro\DADOSD~1\Sun

[14/03/2008|13:37] C:\DOCUME~1\Leandro\DADOSD~1\WinRAR

 

[28/04/2008|09:16] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[28/04/2008|09:16] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[22/08/2008 08:21][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 15:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[17/07/2008|23:50] C:\Arquivos de programas\Adobe

[22/08/2008|11:34] C:\Arquivos de programas\Arquivos comuns

[13/06/2008|15:56] C:\Arquivos de programas\Avanquest update

[28/04/2008|09:35] C:\Arquivos de programas\AVG

[14/03/2008|13:39] C:\Arquivos de programas\AvRack

[09/07/2004|09:13] C:\Arquivos de programas\BDA.cab

[19/07/2004|22:58] C:\Arquivos de programas\BDANT.cab

[19/07/2004|22:53] C:\Arquivos de programas\BDAXP.cab

[16/03/2008|14:29] C:\Arquivos de programas\CDisplay

[14/03/2008|11:31] C:\Arquivos de programas\ComPlus Applications

[05/06/2008|16:21] C:\Arquivos de programas\CoolSMS

[22/06/2008|04:05] C:\Arquivos de programas\DAEMON Tools Lite

[09/07/2004|09:13] C:\Arquivos de programas\DirectX.cab

[28/03/2008|14:32] C:\Arquivos de programas\Download Wait Film

[23/08/2008|12:43] C:\Arquivos de programas\DreMule

[09/07/2004|03:03] C:\Arquivos de programas\DSETUP.dll

[09/07/2004|04:08] C:\Arquivos de programas\dsetup32.dll

[09/07/2004|14:17] C:\Arquivos de programas\dxnt.cab

[09/07/2004|04:08] C:\Arquivos de programas\dxsetup.exe

[21/03/2008|19:00] C:\Arquivos de programas\Electronic Arts

[22/03/2008|10:25] C:\Arquivos de programas\GameVicio

[28/04/2008|09:36] C:\Arquivos de programas\Grisoft

[24/03/2008|14:32] C:\Arquivos de programas\Hewlett-Packard

[24/03/2008|14:35] C:\Arquivos de programas\HP

[22/07/2008|22:33] C:\Arquivos de programas\Image-Line

[25/07/2008|22:13] C:\Arquivos de programas\InstallShield Installation Information

[14/03/2008|12:07] C:\Arquivos de programas\Intel

[25/03/2008|11:58] C:\Arquivos de programas\Internet Explorer

[31/03/2008|14:29] C:\Arquivos de programas\Java

[22/07/2008|22:06] C:\Arquivos de programas\KC Softwares

[14/03/2008|13:06] C:\Arquivos de programas\K-Lite Codec Pack

[25/07/2008|22:13] C:\Arquivos de programas\LG Electronics

[16/08/2008|23:01] C:\Arquivos de programas\LG PC Suite

[23/08/2008|16:54] C:\Arquivos de programas\Malwarebytes' Anti-Malware

[22/07/2004|10:51] C:\Arquivos de programas\ManagedDX.CAB

[03/06/2008|10:59] C:\Arquivos de programas\Messenger

[28/03/2008|14:31] C:\Arquivos de programas\Messenger Plus! Live

[16/03/2008|20:33] C:\Arquivos de programas\Microsoft ActiveSync

[14/03/2008|11:34] C:\Arquivos de programas\microsoft frontpage

[16/03/2008|20:32] C:\Arquivos de programas\Microsoft Office

[15/03/2008|12:27] C:\Arquivos de programas\Microsoft SQL Server Compact Edition

[18/06/2008|15:27] C:\Arquivos de programas\Motorola Phone Tools

[14/03/2008|11:32] C:\Arquivos de programas\Movie Maker

[23/08/2008|21:43] C:\Arquivos de programas\Mozilla Firefox

[25/03/2008|15:52] C:\Arquivos de programas\MP3 Player Utilities 4.00

[20/07/2008|22:52] C:\Arquivos de programas\MP3 Splitter & Joiner

[20/07/2008|22:26] C:\Arquivos de programas\MP3JOINER

[14/03/2008|11:30] C:\Arquivos de programas\MSN Gaming Zone

[22/03/2008|10:57] C:\Arquivos de programas\Nero

[14/03/2008|11:32] C:\Arquivos de programas\NetMeeting

[14/03/2008|11:32] C:\Arquivos de programas\Outlook Express

[28/03/2008|05:46] C:\Arquivos de programas\Programas RFB

[14/03/2008|23:13] C:\Arquivos de programas\Programas SRF

[14/04/2008|11:56] C:\Arquivos de programas\Real

[14/03/2008|13:39] C:\Arquivos de programas\Realtek AC97

[14/03/2008|13:39] C:\Arquivos de programas\Realtek Sound Manager

[03/06/2008|15:00] C:\Arquivos de programas\SAMSUNG

[14/03/2008|11:33] C:\Arquivos de programas\Servi‡os on-line

[25/03/2008|22:35] C:\Arquivos de programas\Slawdog

[08/04/2008|13:35] C:\Arquivos de programas\Spybot - Search & Destroy

[10/06/2008|11:28] C:\Arquivos de programas\Ubisoft

[14/03/2008|11:56] C:\Arquivos de programas\Uninstall Information

[28/03/2008|17:41] C:\Arquivos de programas\USBToolbox

[15/03/2008|09:04] C:\Arquivos de programas\Velox

[11/04/2008|21:09] C:\Arquivos de programas\VstPlugins

[15/03/2008|15:24] C:\Arquivos de programas\Webteh

[15/03/2008|12:27] C:\Arquivos de programas\Windows Live

[25/07/2008|22:16] C:\Arquivos de programas\Windows Media Player

[14/03/2008|11:30] C:\Arquivos de programas\Windows NT

[14/03/2008|11:33] C:\Arquivos de programas\WindowsUpdate

[14/03/2008|13:04] C:\Arquivos de programas\WinRAR

[14/03/2008|11:34] C:\Arquivos de programas\xerox

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[17/03/2008|14:43] C:\Arquivos de programas\Arquivos comuns\Adobe

[22/03/2008|11:56] C:\Arquivos de programas\Arquivos comuns\Ahead

[16/03/2008|20:33] C:\Arquivos de programas\Arquivos comuns\Designer

[04/07/2008|20:04] C:\Arquivos de programas\Arquivos comuns\DirectX

[24/03/2008|14:30] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[24/03/2008|14:35] C:\Arquivos de programas\Arquivos comuns\HP

[27/03/2008|11:37] C:\Arquivos de programas\Arquivos comuns\InstallShield

[28/03/2008|09:32] C:\Arquivos de programas\Arquivos comuns\Java

[11/05/2008|20:06] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[11/05/2008|20:06] C:\Arquivos de programas\Arquivos comuns\Motorola Shared

[14/03/2008|11:32] C:\Arquivos de programas\Arquivos comuns\MSSoap

[14/03/2008|08:24] C:\Arquivos de programas\Arquivos comuns\ODBC

[14/04/2008|11:56] C:\Arquivos de programas\Arquivos comuns\Real

[14/03/2008|11:32] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[14/03/2008|08:24] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[14/06/2008|14:31] C:\Arquivos de programas\Arquivos comuns\SWF Studio

[16/03/2008|20:32] C:\Arquivos de programas\Arquivos comuns\System

[14/03/2008|15:09] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

[14/04/2008|11:56] C:\Arquivos de programas\Arquivos comuns\xing shared

 

--------------------\\ Process

 

( 43 Processus )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-23 22:42:37

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 109

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:64][D:6]-> C:\DOCUME~1\Leandro\CONFIG~1\Temp

[F:636][D:0]-> C:\DOCUME~1\Leandro\Cookies

[F:1935][D:23]-> C:\DOCUME~1\Leandro\CONFIG~1\TEMPOR~1\content.IE5

 

--------------------\\ Verificação completa em 22:45:17

-------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:01:49, on 23/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Hj\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [zzGBK] D:\setup.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [systemDriverDll] c:\windows\system\pnagent563.dll.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AdVantage Setup] C:\Arquivos de programas\Webteh\BSplayer\AdVantageSetup.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [AdVantage] "C:\Arquivos de programas\AdVantage\AdVantage.exe"

O4 - HKCU\..\Run: [Dvdnoun] C:\DOCUME~1\Leandro\DADOSD~1\DOWNLO~1\você time site.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205517036281

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1003575-3725-445F-9E0E-459A95BFD9A8}: NameServer = 200.165.132.154 200.165.132.148

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 8310 bytes

-------------------

:thumbsup:

[DigRam 144]

Bom Dia! negodico

 

Alguns ficheiros que estão sendo carregados,na inicialização,necessitam de uma melhor investigação.

<@> Vá em Iniciar --> Executar --> Digite: combofix.exe /u --> Clique: OK

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: ComboFix desinstalado!

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

----------------------

<@> Baixe: < Runscanner v. 1.7.0.0 >

<@> Salve-o no Disco Local-C,e descompacte-o aí mesmo.

<@> Estabeleça um atalho,na área de trabalho,para o executável. ( RunScanner.exe )

<@> Abra o programa e,com o botão Expert mode já marcado,clique Ok.

<@> Feche todas as janelas/programas,antes de executar este utilitário.

<@> Rode-o,clicando em Scan computer. Aguarde!

<@> Terminando,clique no menu: Online analysis --> Aguarde!

<@> Abrirá a página: online malware analysis report

----------------------

<@> Poste,na sua resposta,o Link referente à esta análise. ( Ou seja,cole o endereço! )

 

Abraços!

[negodico 0]

Bom dia DigRam !!

 

segue o link cara: http://www.runscanner.net/report.aspx?repo...d7-0d2b60411ad6

[DigRam 144]

Bom Dia! negodico

 

<!> A ferramenta,não revelou malwares,em potencial.Temos,apenas,entradas sem arquivos ( Órfãos ) à serem removidos.

-----------------------

052 Explorer Browser Helper Objects (BHO)

 

{53707962-6F74-2D53-2644-206D7942484F} GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045} GUID / CLSID not found

{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} GUID / CLSID not found

 

173 ContextMenuHandlers

 

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} {9F97547E-4609-42C5-A... GUID / CLSID not found

GUID / CLSID not found

 

221 HKLM *\ShellEx\ContextMenuHandlers

 

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} {9F97547E-4609-42C5-A... GUID / CLSID not found

GUID / CLSID not found

 

225 HKCU Folder\ShellEx\ContextMenuHandlers

 

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} {9F97547E-4609-42C5-A... GUID / CLSID not found

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} {9F97547E-4609-42C5-A... GUID / CLSID not found

 

227 HKLM Directory\ShellEx\ContextMenuHandlers

 

GUID / CLSID not found

<!> Siga,abaixo,os procedimentos de remoção!

-----------------------

<@> Clique,com o direito do Mouse,nas linhas destacadas em vermelho.

<@> Clique em: Mark/unmark item Space

<@> Clique na aba: Item fixer --> Fix selected items.

<@> Na mensagem,dê o OK.

<@> Em Information,confirme!

<@> Clique em Unrated items e Malware hunting,para confirmar-mos as remoções efetuadas.

<@> Caso deseje uma limpeza mais profunda,vá em Extra stuff e remova todas as linhas destacadas em vermelho.

------------------------

<!> O log está limpo! :thumbsup:

<!> Bom trabalho!

 

Abraços!

[negodico 0]

Bom Dia! negodico

 

<!> A ferramenta,não revelou malwares,em potencial.Temos,apenas,entradas sem arquivos ( Órfãos ) à serem removidos.

-----------------------

052 Explorer Browser Helper Objects (BHO)

 

{53707962-6F74-2D53-2644-206D7942484F} GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045} GUID / CLSID not found

{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} GUID / CLSID not found

 

173 ContextMenuHandlers

 

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} {9F97547E-4609-42C5-A... GUID / CLSID not found

GUID / CLSID not found

 

221 HKLM *\ShellEx\ContextMenuHandlers

 

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} {9F97547E-4609-42C5-A... GUID / CLSID not found

GUID / CLSID not found

 

225 HKCU Folder\ShellEx\ContextMenuHandlers

 

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} {9F97547E-4609-42C5-A... GUID / CLSID not found

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} {9F97547E-4609-42C5-A... GUID / CLSID not found

 

227 HKLM Directory\ShellEx\ContextMenuHandlers

 

GUID / CLSID not found

<!> Siga,abaixo,os procedimentos de remoção!

-----------------------

<@> Clique,com o direito do Mouse,nas linhas destacadas em vermelho.

<@> Clique em: Mark/unmark item Space

<@> Clique na aba: Item fixer --> Fix selected items.

<@> Na mensagem,dê o OK.

<@> Em Information,confirme!

<@> Clique em Unrated items e Malware hunting,para confirmar-mos as remoções efetuadas.

<@> Caso deseje uma limpeza mais profunda,vá em Extra stuff e remova todas as linhas destacadas em vermelho.

------------------------

<!> O log está limpo! :thumbsup:

<!> Bom trabalho!

 

Abraços!

 

 

:clap: Valew cara !!! OBrigado mesmo :thumbsup:

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.