[Resolvido!]Socket error # 11004

[hideyuke 0]

Meu Team Speak esta dando esse erro toda a vez que tento me conectar nele.Alguem da uma olhada por favor.

Log:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:05:38, on 24/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mplayerc.exe

C:\Documents and Settings\Ítalo\Desktop\Jogos\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\explori.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [taskmgra] C:\WINDOWS\system32\taskmgra.com

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ANT] C:\WINDOWS\winhelp32.exe

O4 - HKLM\..\Run: [WINNT] C:\WINDOWS\winnt.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: winhelp32.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD54F2-34CC-4DCE-9A40-9095898EA5CF}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: aGBPluginAdm - C:\WINDOWS\SYSTEM32\asteca.dll

O20 - Winlogon Notify: ascfix - C:\WINDOWS\SYSTEM32\astrix.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[DigRam 144]

Bom Dia! hideyuke

 

<@> Baixe: < BankerFix >

<@> Salve-o no Desktop!

<@> Feche todas as janelas e o navegador,ao rodar o BankerFix.

<@> Desabilite proteções residente de AntiVírus e AntiSpywares.

<@> Dê um duplo clique no Bankerfix.exe,depois.. Enter.

<@> Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

------------------------

<@> Poste o relatorio.txt do BankerFix,que está em: C:\LinhaDefensiva\relatorio.txt

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[hideyuke 0]

DigRam vlw pela sua ajuda, mas o problema ainda continua(Socket error # 11004).

Aqui estao o relatorio e o log.

 

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 25/8/2008 - 15:38

-------------------------------------------------------

Lista de Definição: 2008-05-10-1

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

HJACK

 

Logfile of HijackThis v1.99.1

Scan saved at 15:39:59, on 25/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\WINDOWS\System32\cmd.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Ítalo\Desktop\Jogos\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD54F2-34CC-4DCE-9A40-9095898EA5CF}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: aGBPluginAdm - C:\WINDOWS\SYSTEM32\asteca.dll

O20 - Winlogon Notify: ascfix - C:\WINDOWS\SYSTEM32\astrix.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[DigRam 144]

Boa Noite! hideyuke

 

<@> Faça o download do ComboFix.exe.

<@> Baixe-o para o Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar! >> Enter

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

----------------------

<@> Poste os relatórios: C:\ComboFix.txt + Log do HJT,atualizado.

 

Abraços!

[hideyuke 0]

O problema ainda esta acontecendo.

Logs:

 

Logfile of HijackThis v1.99.1

Scan saved at 16:15:55, on 26/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Ítalo\Desktop\Jogos\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD54F2-34CC-4DCE-9A40-9095898EA5CF}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: aGBPluginAdm - C:\WINDOWS\SYSTEM32\asteca.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

 

 

COMBO:

 

ComboFix 08-08-25.01 - 2008-08-26 16:09:16.2 - NTFSx86

Microsoft Windows XP Professional [GMT -3:00]

Executando de: C:\Documents and Settings\Ítalo\Desktop\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))

.

 

2008-08-26 16:04 . 2008-08-26 16:04 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-08-26 16:04 . 2008-08-26 16:04 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-08-26 16:04 . 2008-08-26 16:04 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-08-26 16:04 . <DIR> C:\Documents and Settings\-talo

2008-08-26 16:00 . 2008-08-26 16:04 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2008-08-25 15:26 . 2008-08-25 17:06 <DIR> d-------- C:\LinhaDefensiva

2008-08-17 09:15 . 2008-08-17 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2008-08-17 09:15 . 2008-08-23 19:20 <DIR> d-------- C:\Arquivos de programas\Combat Arms

2008-08-10 12:46 . 2008-08-10 12:46 268 --ah----- C:\sqmdata13.sqm

2008-08-10 12:46 . 2008-08-10 12:46 244 --ah----- C:\sqmnoopt13.sqm

2008-08-07 14:58 . 2008-08-07 14:58 <DIR> d-------- C:\Arquivos de programas\Disc2Phone

2008-08-07 14:55 . 2008-08-07 14:55 <DIR> d-------- C:\WINDOWS\system32\URTTEMP

2008-08-04 19:46 . 2006-06-11 06:02 77,824 -ra------ C:\WINDOWS\system32\btw_ci.dll

2008-08-04 19:46 . 2006-06-11 06:02 67,384 -ra------ C:\WINDOWS\system32\drivers\btwusb.sys

2008-08-04 19:36 . 2008-08-07 14:52 <DIR> d-------- C:\Documents and Settings\Ítalo\Dados de aplicativos\Teleca

2008-08-04 19:35 . 2008-08-04 19:35 <DIR> d-------- C:\Documents and Settings\Ítalo\Dados de aplicativos\Sony Ericsson

2008-08-04 19:32 . 2008-08-04 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Sony Ericsson

2008-08-04 19:32 . 2008-08-04 19:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Sony Ericsson Shared

2008-08-04 19:31 . 2008-08-04 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Teleca

2008-08-04 19:31 . 2008-08-04 19:31 <DIR> d-------- C:\Arquivos de programas\Sony Ericsson

2008-08-04 19:31 . 2008-08-04 19:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2008-08-04 18:40 . 2004-08-04 00:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-08-04 18:40 . 2004-08-04 00:39 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-08-04 18:40 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-08-04 18:40 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-08-04 18:40 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-04 18:40 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-08-03 18:28 . 2008-08-03 18:37 <DIR> d-------- C:\Arquivos de programas\PhotoFiltre Studio

2008-08-03 18:28 . 2008-08-03 18:28 45 ---h----- C:\WINDOWS\dsez2405.dat

2008-08-03 18:13 . 2008-08-03 18:13 <DIR> d-------- C:\Arquivos de programas\Opanda

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-26 19:09 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\Free Download Manager

2008-08-26 19:06 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\Hamachi

2008-08-26 19:00 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\AVG7

2008-08-25 21:22 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\LimeWire

2008-08-21 15:04 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-20 18:49 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\AdobeUM

2008-08-17 02:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-08-16 18:21 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\teamspeak2

2008-08-16 16:49 --------- d-----w C:\Arquivos de programas\RF Online

2008-08-13 01:09 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-13 01:08 --------- d-----w C:\Arquivos de programas\Fraps

2008-08-08 18:33 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\MegauploadToolbar

2008-08-06 21:59 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\DNA

2008-08-06 20:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-03 21:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-03 21:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-02 17:42 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\Ahead

2008-07-18 01:19 --------- d-----w C:\Arquivos de programas\Google

2008-07-18 01:17 --------- d-----w C:\Arquivos de programas\Java

2008-07-18 00:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sony

2008-07-18 00:32 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\Publish Providers

2008-07-18 00:31 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\Sony Setup

2008-07-17 22:52 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\Sony

2008-07-17 22:49 --------- d-----w C:\Arquivos de programas\Vstplugins

2008-07-17 22:49 --------- d-----w C:\Arquivos de programas\Sony

2008-07-17 22:47 --------- d-----w C:\Arquivos de programas\MSBuild

2008-07-17 22:43 --------- d-----w C:\Arquivos de programas\Reference Assemblies

2008-07-17 21:55 --------- d-----w C:\Arquivos de programas\Sony Setup

2008-07-17 21:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-07-15 18:10 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-07-13 18:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-07-13 18:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-07-07 14:16 88,064 ----a-w C:\WINDOWS\system32\asteca.dll

2008-07-01 13:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-29 00:23 --------- d-----w C:\Arquivos de programas\pbEG - Private Brasil Estratégia Games

2008-06-29 00:21 --------- d-----w C:\Arquivos de programas\Taikodom-live

2008-06-25 16:54 463,872 ---ha-w C:\WINDOWS\x.dll

2008-06-15 16:13 12,513,222 ------w C:\avg7qt.dat

2008-02-04 14:14 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat

2008-02-04 14:14 0 ---ha-w C:\Documents and Settings\Ítalo\Dados de aplicativos\hpothb07.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-26_15.49.32.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-24 22:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

- 2008-08-25 22:32:38 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-08-26 19:07:41 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

- 2008-08-23 18:24:49 109,740 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

+ 2008-08-26 19:04:10 123,416 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" [2007-12-16 19:39 2449455]

"Free Uploader Oe Integration"="C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe" [2007-06-10 17:02 40960]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-12-26 17:32 190024]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-02-13 20:09 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-05-11 04:47 790528]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-10 19:03 8429568]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 19:14 579584]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-12-26 17:32 190024]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"nwiz"="nwiz.exe" [2007-05-10 19:03 1626112 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-12-23 18:34 219136]

 

C:\Documents and Settings\Ötalo\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

hamachi.lnk - C:\Arquivos de programas\Hamachi\hamachi.exe [2008-02-04 20:24:36 624416]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

hp psc 1000 series.lnk - C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 00:17:18 147456]

hpoddt01.exe.lnk - C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ aGBPluginAdm]

2008-07-07 11:16 88064 C:\WINDOWS\system32\asteca.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^svhost.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe

backup=C:\WINDOWS\pss\svhost.exeCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-26 23:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-03 23:56 1667584 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-05-10 19:03 81920 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]

--a------ 2004-11-11 22:50 212992 C:\ARQUIV~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-05-10 19:03 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\RF Online\\RF.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Valve\\hlds.exe"=

"C:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aom.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\thrones.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\patriots.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aomx.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"C:\Arquivos de programas\Combat Arms\CombatArms.exe"= C:\Arquivos de programas\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Arquivos de programas\Combat Arms\Engine.exe"= C:\Arquivos de programas\Combat Arms\Engine.exe:*Enabled:Engine.exe

"C:\\Arquivos de programas\\Combat Arms\\NMService.exe"=

 

S3 XDva134;XDva134;C:\WINDOWS\system32\XDva134.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{900f1d60-5441-11dd-a733-001d7d89bef7}]

\Shell\Auto\command - G:\MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-03-25 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1198444292.job

- C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Ítalo\Dados de aplicativos\Mozilla\Firefox\Profiles\7o5zr3ip.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.br/

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-26 16:11:47

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execuçao ---------------------

 

PROCESSOS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\asteca.dll

.

Tempo para conclusão: 2008-08-26 16:14:40

ComboFix-quarantined-files.txt 2008-08-26 19:14:38

ComboFix2.txt 2008-08-26 18:49:48

 

Pre-Run: 16 pasta(s) 39,921,426,432 bytes disponíveis

Post-Run: 19 pasta(s) 39,916,478,464 bytes disponíveis

 

199

[DigRam 144]

Boa Tarde! hideyuke

 

<@> Configure o Windows,para mostrar os arquivos/pastas ocultas.

 

<!> Link.

 

<@> Acesse este site: --> < http://virusscan.jotti.org/ >

<@> Em File to upload,coloque: C:\WINDOWS\SYSTEM32\asteca.dll <--

<@> Em seguida,clique em Submit.

<@> Terminando,faça a pesquisa com o ficheiro: C:\WINDOWS\x.dll <--

<@> Copie e poste,o resultado destes exames.

--------------------------

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe

G:\MicrosoftPowerPoint.exe

C:\WINDOWS\pss\svhost.exe

Dirlook::

C:\WINDOWS\pss

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{900f1d60-5441-11dd-a733-001d7d89bef7}]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^svhost.exe]

path=-

backup=-

Driver::

"XDva134"

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + Pesquisas do Jotti + HijackThis,atualizado.

 

Abraços!

[hideyuke 0]

Problema ainda persiste.

Vlw DigRam por continuar ajudando

Logs:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:15:55, on 26/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Ítalo\Desktop\Jogos\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD54F2-34CC-4DCE-9A40-9095898EA5CF}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: aGBPluginAdm - C:\WINDOWS\SYSTEM32\asteca.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

 

 

 

 

 

ComboFix 08-08-25.01 - 2008-08-26 16:09:16.2 - NTFSx86

Microsoft Windows XP Professional [GMT -3:00]

Executando de: C:\Documents and Settings\Ítalo\Desktop\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))

.

 

2008-08-26 16:04 . 2008-08-26 16:04 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-08-26 16:04 . 2008-08-26 16:04 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-08-26 16:04 . 2008-08-26 16:04 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-08-26 16:04 . <DIR> C:\Documents and Settings\-talo

2008-08-26 16:00 . 2008-08-26 16:04 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2008-08-25 15:26 . 2008-08-25 17:06 <DIR> d-------- C:\LinhaDefensiva

2008-08-17 09:15 . 2008-08-17 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2008-08-17 09:15 . 2008-08-23 19:20 <DIR> d-------- C:\Arquivos de programas\Combat Arms

2008-08-10 12:46 . 2008-08-10 12:46 268 --ah----- C:\sqmdata13.sqm

2008-08-10 12:46 . 2008-08-10 12:46 244 --ah----- C:\sqmnoopt13.sqm

2008-08-07 14:58 . 2008-08-07 14:58 <DIR> d-------- C:\Arquivos de programas\Disc2Phone

2008-08-07 14:55 . 2008-08-07 14:55 <DIR> d-------- C:\WINDOWS\system32\URTTEMP

2008-08-04 19:46 . 2006-06-11 06:02 77,824 -ra------ C:\WINDOWS\system32\btw_ci.dll

2008-08-04 19:46 . 2006-06-11 06:02 67,384 -ra------ C:\WINDOWS\system32\drivers\btwusb.sys

2008-08-04 19:36 . 2008-08-07 14:52 <DIR> d-------- C:\Documents and Settings\Ítalo\Dados de aplicativos\Teleca

2008-08-04 19:35 . 2008-08-04 19:35 <DIR> d-------- C:\Documents and Settings\Ítalo\Dados de aplicativos\Sony Ericsson

2008-08-04 19:32 . 2008-08-04 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Sony Ericsson

2008-08-04 19:32 . 2008-08-04 19:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Sony Ericsson Shared

2008-08-04 19:31 . 2008-08-04 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Teleca

2008-08-04 19:31 . 2008-08-04 19:31 <DIR> d-------- C:\Arquivos de programas\Sony Ericsson

2008-08-04 19:31 . 2008-08-04 19:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2008-08-04 18:40 . 2004-08-04 00:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-08-04 18:40 . 2004-08-04 00:39 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-08-04 18:40 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-08-04 18:40 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-08-04 18:40 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-04 18:40 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-08-03 18:28 . 2008-08-03 18:37 <DIR> d-------- C:\Arquivos de programas\PhotoFiltre Studio

2008-08-03 18:28 . 2008-08-03 18:28 45 ---h----- C:\WINDOWS\dsez2405.dat

2008-08-03 18:13 . 2008-08-03 18:13 <DIR> d-------- C:\Arquivos de programas\Opanda

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-26 19:09 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\Free Download Manager

2008-08-26 19:06 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\Hamachi

2008-08-26 19:00 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\AVG7

2008-08-25 21:22 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\LimeWire

2008-08-21 15:04 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-20 18:49 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\AdobeUM

2008-08-17 02:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-08-16 18:21 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\teamspeak2

2008-08-16 16:49 --------- d-----w C:\Arquivos de programas\RF Online

2008-08-13 01:09 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-13 01:08 --------- d-----w C:\Arquivos de programas\Fraps

2008-08-08 18:33 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\MegauploadToolbar

2008-08-06 21:59 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\DNA

2008-08-06 20:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-03 21:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-03 21:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-02 17:42 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\Ahead

2008-07-18 01:19 --------- d-----w C:\Arquivos de programas\Google

2008-07-18 01:17 --------- d-----w C:\Arquivos de programas\Java

2008-07-18 00:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sony

2008-07-18 00:32 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\Publish Providers

2008-07-18 00:31 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\Sony Setup

2008-07-17 22:52 --------- d-----w C:\Documents and Settings\Ítalo\Dados de aplicativos\Sony

2008-07-17 22:49 --------- d-----w C:\Arquivos de programas\Vstplugins

2008-07-17 22:49 --------- d-----w C:\Arquivos de programas\Sony

2008-07-17 22:47 --------- d-----w C:\Arquivos de programas\MSBuild

2008-07-17 22:43 --------- d-----w C:\Arquivos de programas\Reference Assemblies

2008-07-17 21:55 --------- d-----w C:\Arquivos de programas\Sony Setup

2008-07-17 21:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-07-15 18:10 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-07-13 18:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-07-13 18:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-07-07 14:16 88,064 ----a-w C:\WINDOWS\system32\asteca.dll

2008-07-01 13:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-29 00:23 --------- d-----w C:\Arquivos de programas\pbEG - Private Brasil Estratégia Games

2008-06-29 00:21 --------- d-----w C:\Arquivos de programas\Taikodom-live

2008-06-25 16:54 463,872 ---ha-w C:\WINDOWS\x.dll

2008-06-15 16:13 12,513,222 ------w C:\avg7qt.dat

2008-02-04 14:14 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat

2008-02-04 14:14 0 ---ha-w C:\Documents and Settings\Ítalo\Dados de aplicativos\hpothb07.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-08-26_15.49.32.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-24 22:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

- 2008-08-25 22:32:38 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-08-26 19:07:41 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

- 2008-08-23 18:24:49 109,740 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

+ 2008-08-26 19:04:10 123,416 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" [2007-12-16 19:39 2449455]

"Free Uploader Oe Integration"="C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe" [2007-06-10 17:02 40960]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-12-26 17:32 190024]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-02-13 20:09 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-05-11 04:47 790528]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-10 19:03 8429568]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 19:14 579584]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-12-26 17:32 190024]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"nwiz"="nwiz.exe" [2007-05-10 19:03 1626112 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-12-23 18:34 219136]

 

C:\Documents and Settings\Ötalo\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

hamachi.lnk - C:\Arquivos de programas\Hamachi\hamachi.exe [2008-02-04 20:24:36 624416]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

hp psc 1000 series.lnk - C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 00:17:18 147456]

hpoddt01.exe.lnk - C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ aGBPluginAdm]

2008-07-07 11:16 88064 C:\WINDOWS\system32\asteca.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^svhost.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe

backup=C:\WINDOWS\pss\svhost.exeCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-26 23:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-03 23:56 1667584 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-05-10 19:03 81920 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]

--a------ 2004-11-11 22:50 212992 C:\ARQUIV~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-05-10 19:03 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\RF Online\\RF.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Valve\\hlds.exe"=

"C:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aom.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\thrones.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\patriots.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aomx.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"C:\Arquivos de programas\Combat Arms\CombatArms.exe"= C:\Arquivos de programas\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Arquivos de programas\Combat Arms\Engine.exe"= C:\Arquivos de programas\Combat Arms\Engine.exe:*Enabled:Engine.exe

"C:\\Arquivos de programas\\Combat Arms\\NMService.exe"=

 

S3 XDva134;XDva134;C:\WINDOWS\system32\XDva134.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{900f1d60-5441-11dd-a733-001d7d89bef7}]

\Shell\Auto\command - G:\MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-03-25 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1198444292.job

- C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Ítalo\Dados de aplicativos\Mozilla\Firefox\Profiles\7o5zr3ip.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.br/

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-26 16:11:47

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execuçao ---------------------

 

PROCESSOS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\asteca.dll

.

Tempo para conclusão: 2008-08-26 16:14:40

ComboFix-quarantined-files.txt 2008-08-26 19:14:38

ComboFix2.txt 2008-08-26 18:49:48

 

Pre-Run: 16 pasta(s) 39,921,426,432 bytes disponíveis

Post-Run: 19 pasta(s) 39,916,478,464 bytes disponíveis

 

199

[DigRam 144]

Bom Dia! hideyuke

 

<!> O relatório postado,não é o correto ( CFScript.txt ).Caso não o possua,repita toda a operação de arraste,até ao surgimento da janela,que dará início à execução do ComboFix.

<!> Restou-lhe,também,postar os relatórios do jotti.

 

Abraços!

[hideyuke 0]

DigRam desculpa ae, ta aqui o certo:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 09:46:13, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Ítalo\Desktop\Jogos\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD54F2-34CC-4DCE-9A40-9095898EA5CF}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: aGBPluginAdm - C:\WINDOWS\SYSTEM32\asteca.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

 

 

ASTECA.DLL

Scan taken on 28 Aug 2008 12:23:59 (GMT)

A-Squared Found nothing

AntiVir Found TR/Banker.86016.Q

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found Trojan.Spy.Delf.NPO

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found Trojan.PWS.Lineage.origin

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found Trojan-Spy.Delf.NPO

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found Trojan.PWS.Lineage

 

 

X.DLL

Scan taken on 28 Aug 2008 12:27:45 (GMT)

A-Squared Found nothing

AntiVir Found TR/Dldr.Agent.dng

ArcaVir Found nothing

Avast Found Win32:Downloader-BJU

AVG Antivirus Found nothing

BitDefender Found Trojan.Generic.341393

ClamAV Found Trojan.Downloader-36245

CPsecure Found nothing

Dr.Web Found DLOADER.Trojan (probable variant)

F-Prot Antivirus Found W32/Downldr2.ATQP

F-Secure Anti-Virus Found nothing

Fortinet Found PossibleThreat (probable variant)

Ikarus Found Trojan-Downloader.Agent.dng

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found Embedded.Trojan-Spy.Win32.Banker.med (probable variant)

 

 

 

 

ComboFix 08-08-27.05 - Ítalo 2008-08-28 9:32:30.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.573 [GMT -3:00]

Executando de: C:\Documents and Settings\Ítalo\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Ítalo\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe

C:\WINDOWS\pss\svhost.exe

G:\MicrosoftPowerPoint.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_XDVA134

-------\Service_XDva134

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))

.

 

2008-08-27 19:47 . 2008-08-27 19:47 7,168 --ahs---- C:\WINDOWS\Thumbs.db

2008-08-27 19:47 . 2008-08-27 19:47 6,144 --ahs---- C:\Documents and Settings\Thumbs.db

2008-08-26 16:57 . 2008-08-26 16:57 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-08-26 16:57 . 2008-08-26 16:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-08-26 16:57 . 2008-08-26 16:57 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-08-26 16:57 . 2008-08-26 16:57 <DIR> d-------- C:\Documents and Settings\Ítalo

2008-08-26 16:57 . <DIR> C:\Documents and Settings\-talo\Configurações locais

2008-08-26 16:57 . <DIR> C:\Documents and Settings\-talo\Configurações locais

2008-08-26 16:20 . 2008-08-26 16:57 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-08-26 16:00 . 2008-08-26 16:57 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2008-08-25 15:26 . 2008-08-25 17:06 <DIR> d-------- C:\LinhaDefensiva

2008-08-17 09:15 . 2008-08-17 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2008-08-17 09:15 . 2008-08-27 19:47 <DIR> d-------- C:\Arquivos de programas\Combat Arms

2008-08-10 12:46 . 2008-08-10 12:46 268 --ah----- C:\sqmdata13.sqm

2008-08-10 12:46 . 2008-08-10 12:46 244 --ah----- C:\sqmnoopt13.sqm

2008-08-07 14:58 . 2008-08-07 14:58 <DIR> d-------- C:\Arquivos de programas\Disc2Phone

2008-08-07 14:55 . 2008-08-07 14:55 <DIR> d-------- C:\WINDOWS\system32\URTTEMP

2008-08-04 19:46 . 2006-06-11 06:02 77,824 -ra------ C:\WINDOWS\system32\btw_ci.dll

2008-08-04 19:46 . 2006-06-11 06:02 67,384 -ra------ C:\WINDOWS\system32\drivers\btwusb.sys

2008-08-04 19:32 . 2008-08-04 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Sony Ericsson

2008-08-04 19:32 . 2008-08-04 19:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Sony Ericsson Shared

2008-08-04 19:31 . 2008-08-04 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Teleca

2008-08-04 19:31 . 2008-08-04 19:31 <DIR> d-------- C:\Arquivos de programas\Sony Ericsson

2008-08-04 19:31 . 2008-08-04 19:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2008-08-04 18:40 . 2004-08-04 00:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-08-04 18:40 . 2004-08-04 00:39 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-08-04 18:40 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-08-04 18:40 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-08-04 18:40 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-04 18:40 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-08-03 18:28 . 2008-08-03 18:37 <DIR> d-------- C:\Arquivos de programas\PhotoFiltre Studio

2008-08-03 18:28 . 2008-08-03 18:28 45 ---h----- C:\WINDOWS\dsez2405.dat

2008-08-03 18:13 . 2008-08-03 18:13 <DIR> d-------- C:\Arquivos de programas\Opanda

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-27 22:47 --------- d-----w C:\Arquivos de programas\Valve

2008-08-27 22:47 --------- d-----w C:\Arquivos de programas\RF Online

2008-08-27 22:47 --------- d-----w C:\Arquivos de programas\QuickTime Alternative

2008-08-27 22:47 --------- d-----w C:\Arquivos de programas\LimeWire

2008-08-27 22:47 --------- d-----w C:\Arquivos de programas\Free Download Manager

2008-08-21 15:04 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-17 02:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-08-13 01:09 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-13 01:08 --------- d-----w C:\Arquivos de programas\Fraps

2008-08-06 20:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-03 21:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-03 21:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-18 01:19 --------- d-----w C:\Arquivos de programas\Google

2008-07-18 01:17 --------- d-----w C:\Arquivos de programas\Java

2008-07-18 00:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sony

2008-07-17 22:49 --------- d-----w C:\Arquivos de programas\Vstplugins

2008-07-17 22:49 --------- d-----w C:\Arquivos de programas\Sony

2008-07-17 22:47 --------- d-----w C:\Arquivos de programas\MSBuild

2008-07-17 22:43 --------- d-----w C:\Arquivos de programas\Reference Assemblies

2008-07-17 21:55 --------- d-----w C:\Arquivos de programas\Sony Setup

2008-07-17 21:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-07-15 18:10 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-07-13 18:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-07-13 18:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-07-01 13:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-29 00:23 --------- d-----w C:\Arquivos de programas\pbEG - Private Brasil Estratégia Games

2008-06-29 00:21 --------- d-----w C:\Arquivos de programas\Taikodom-live

2008-06-25 16:54 463,872 ---ha-w C:\WINDOWS\x.dll

2008-06-15 16:13 12,513,222 ------w C:\avg7qt.dat

2008-02-04 14:14 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of C:\WINDOWS\pss ----

 

2008-02-03 21:56 211 --------- C:\WINDOWS\pss\boot.ini.backup

2007-12-23 18:16 608 --------- C:\WINDOWS\pss\win.ini.backup

2007-12-23 14:41 231 --------- C:\WINDOWS\pss\system.ini.backup

 

 

((((((((((((((((((((((((((((( snapshot@2008-08-26_15.49.32.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

- 2008-08-25 22:32:38 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-08-28 12:12:17 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

- 2008-08-23 18:24:49 109,740 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

+ 2008-08-26 19:57:16 310,120 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" [2007-12-16 19:39 2449455]

"Free Uploader Oe Integration"="C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe" [2007-06-10 17:02 40960]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-12-26 17:32 190024]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-02-13 20:09 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-05-11 04:47 790528]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-10 19:03 8429568]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 19:14 579584]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-12-26 17:32 190024]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"nwiz"="nwiz.exe" [2007-05-10 19:03 1626112 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-12-23 18:34 219136]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

hp psc 1000 series.lnk - C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 00:17:18 147456]

hpoddt01.exe.lnk - C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ aGBPluginAdm]

2008-07-07 11:16 88064 C:\WINDOWS\system32\asteca.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^svhost.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe

backup=C:\WINDOWS\pss\svhost.exeCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-26 23:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-03 23:56 1667584 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-05-10 19:03 81920 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]

--a------ 2004-11-11 22:50 212992 C:\ARQUIV~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-05-10 19:03 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\RF Online\\RF.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Valve\\hlds.exe"=

"C:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aom.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\thrones.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\patriots.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aomx.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"C:\Arquivos de programas\Combat Arms\CombatArms.exe"= C:\Arquivos de programas\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Arquivos de programas\Combat Arms\Engine.exe"= C:\Arquivos de programas\Combat Arms\Engine.exe:*Enabled:Engine.exe

"C:\\Arquivos de programas\\Combat Arms\\NMService.exe"=

 

.

Conte£do da pasta 'Tarefas Agendadas'

 

2008-03-25 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1198444292.job

- C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 09:38:16

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\asteca.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hposts08.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-28 9:43:53 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-28 12:43:50

ComboFix2.txt 2008-08-26 19:14:41

ComboFix3.txt 2008-08-26 18:49:48

 

Pre-Run: 16 pasta(s) 39,712,079,872 bytes disponíveis

Post-Run: 19 pasta(s) 39,672,492,032 bytes dispon¡veis

 

215

[DigRam 144]

Boa Tarde! hideyuke

 

---- Directory of C:\WINDOWS\pss ----

 

2008-02-03 21:56 211 --------- C:\WINDOWS\pss\boot.ini.backup <-- Renomeie para: boot.ini

2007-12-23 18:16 608 --------- C:\WINDOWS\pss\win.ini.backup <-- Renomeie para: win.ini

2007-12-23 14:41 231 --------- C:\WINDOWS\pss\system.ini.backup <-- Renomeie para: system.ini

<!> Renomeie estes ficheiros,para a extenção .ini. ( Ponto ini )

------------------------------

<@> Selecione e copie,todo o conteúdo que está entre os XXXX,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

File::

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe

C:\WINDOWS\x.dll

C:\WINDOWS\system32\asteca.dll

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aGBPluginAdm]

[HKLM\~\startupfolder\C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe]

"path"=-

"backup"=-

Dirlook::

C:\WINDOWS\system32\GroupPolicy

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[hideyuke 0]

Infelizmente ainda nao ta pegando o TS.

DigRam vlw por contiuar ajudando.

 

 

ComboFix 08-08-27.05 - Ítalo 2008-08-28 13:49:59.4 - NTFSx86

Executando de: C:\Documents and Settings\Ítalo\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Ítalo\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe

C:\WINDOWS\system32\asteca.dll

C:\WINDOWS\x.dll

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\asteca.dll

C:\WINDOWS\x.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))

.

 

2008-08-27 19:47 . 2008-08-27 19:47 7,168 --ahs---- C:\WINDOWS\Thumbs.db

2008-08-27 19:47 . 2008-08-27 19:47 6,144 --ahs---- C:\Documents and Settings\Thumbs.db

2008-08-26 16:57 . 2008-08-28 09:43 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-08-26 16:57 . 2008-08-28 09:43 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-08-26 16:57 . 2008-08-28 09:43 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-08-26 16:57 . 2008-08-26 16:57 <DIR> d-------- C:\Documents and Settings\Ítalo

2008-08-26 16:57 . <DIR> C:\Documents and Settings\-talo\Configurações locais

2008-08-26 16:57 . <DIR> C:\Documents and Settings\-talo\Configurações locais

2008-08-26 16:20 . 2008-08-26 16:57 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-08-26 16:00 . 2008-08-26 16:57 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2008-08-25 15:26 . 2008-08-25 17:06 <DIR> d-------- C:\LinhaDefensiva

2008-08-17 09:15 . 2008-08-17 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2008-08-17 09:15 . 2008-08-27 19:47 <DIR> d-------- C:\Arquivos de programas\Combat Arms

2008-08-10 12:46 . 2008-08-10 12:46 268 --ah----- C:\sqmdata13.sqm

2008-08-10 12:46 . 2008-08-10 12:46 244 --ah----- C:\sqmnoopt13.sqm

2008-08-07 14:58 . 2008-08-07 14:58 <DIR> d-------- C:\Arquivos de programas\Disc2Phone

2008-08-07 14:55 . 2008-08-07 14:55 <DIR> d-------- C:\WINDOWS\system32\URTTEMP

2008-08-04 19:46 . 2006-06-11 06:02 77,824 -ra------ C:\WINDOWS\system32\btw_ci.dll

2008-08-04 19:46 . 2006-06-11 06:02 67,384 -ra------ C:\WINDOWS\system32\drivers\btwusb.sys

2008-08-04 19:32 . 2008-08-04 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Sony Ericsson

2008-08-04 19:32 . 2008-08-04 19:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Sony Ericsson Shared

2008-08-04 19:31 . 2008-08-04 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Teleca

2008-08-04 19:31 . 2008-08-04 19:31 <DIR> d-------- C:\Arquivos de programas\Sony Ericsson

2008-08-04 19:31 . 2008-08-04 19:32 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2008-08-04 18:40 . 2004-08-04 00:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-08-04 18:40 . 2004-08-04 00:39 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

2008-08-04 18:40 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-08-04 18:40 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-08-04 18:40 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-04 18:40 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-08-03 18:28 . 2008-08-03 18:37 <DIR> d-------- C:\Arquivos de programas\PhotoFiltre Studio

2008-08-03 18:28 . 2008-08-03 18:28 45 ---h----- C:\WINDOWS\dsez2405.dat

2008-08-03 18:13 . 2008-08-03 18:13 <DIR> d-------- C:\Arquivos de programas\Opanda

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-27 22:47 --------- d-----w C:\Arquivos de programas\Valve

2008-08-27 22:47 --------- d-----w C:\Arquivos de programas\RF Online

2008-08-27 22:47 --------- d-----w C:\Arquivos de programas\QuickTime Alternative

2008-08-27 22:47 --------- d-----w C:\Arquivos de programas\LimeWire

2008-08-27 22:47 --------- d-----w C:\Arquivos de programas\Free Download Manager

2008-08-21 15:04 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-08-17 02:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-08-13 01:09 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-13 01:08 --------- d-----w C:\Arquivos de programas\Fraps

2008-08-06 20:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-08-03 21:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-08-03 21:12 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-18 01:19 --------- d-----w C:\Arquivos de programas\Google

2008-07-18 01:17 --------- d-----w C:\Arquivos de programas\Java

2008-07-18 00:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Sony

2008-07-17 22:49 --------- d-----w C:\Arquivos de programas\Vstplugins

2008-07-17 22:49 --------- d-----w C:\Arquivos de programas\Sony

2008-07-17 22:47 --------- d-----w C:\Arquivos de programas\MSBuild

2008-07-17 22:43 --------- d-----w C:\Arquivos de programas\Reference Assemblies

2008-07-17 21:55 --------- d-----w C:\Arquivos de programas\Sony Setup

2008-07-17 21:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-07-15 18:10 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-07-13 18:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-07-13 18:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2008-07-01 13:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-29 00:23 --------- d-----w C:\Arquivos de programas\pbEG - Private Brasil Estratégia Games

2008-06-29 00:21 --------- d-----w C:\Arquivos de programas\Taikodom-live

2008-06-15 16:13 12,513,222 ------w C:\avg7qt.dat

2008-02-04 14:14 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of C:\WINDOWS\system32\GroupPolicy ----

 

2008-08-26 16:26 316 --a------ C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol

2008-08-26 16:26 154 --a------ C:\WINDOWS\system32\GroupPolicy\gpt.ini

2008-08-26 16:20 81 ---h----- C:\WINDOWS\system32\GroupPolicy\Adm\admfiles.ini

2004-07-23 21:42 1511114 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\inetres.adm

2004-07-17 22:57 1913876 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\system.adm

2004-07-17 11:40 72272 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\wmplayer.adm

2004-07-17 11:40 44940 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\wuau.adm

2004-07-17 11:40 43086 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\conf.adm

 

 

((((((((((((((((((((((((((((( snapshot@2008-08-26_15.49.32.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-24 22:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

+ 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

- 2008-08-25 22:32:38 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-08-28 14:02:26 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

- 2008-08-23 18:24:49 109,740 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

+ 2008-08-26 19:57:16 310,120 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" [2007-12-16 19:39 2449455]

"Free Uploader Oe Integration"="C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe" [2007-06-10 17:02 40960]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-12-26 17:32 190024]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-02-13 20:09 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2007-05-11 04:47 790528]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-10 19:03 8429568]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 19:14 579584]

"MessengerPlus3"="C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2007-12-26 17:32 190024]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"nwiz"="nwiz.exe" [2007-05-10 19:03 1626112 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-12-23 18:34 219136]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

hp psc 1000 series.lnk - C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 00:17:18 147456]

hpoddt01.exe.lnk - C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:]

 

[HKLM\~\startupfolder\C:\Documents and Settings]

 

[HKLM\~\startupfolder\C:\Documents and Settings\All Users]

 

[HKLM\~\startupfolder\C:\Documents and Settings\All Users\Menu Iniciar]

 

[HKLM\~\startupfolder\C:\Documents and Settings\All Users\Menu Iniciar\Programas]

 

[HKLM\~\startupfolder\C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar]

 

[HKLM\~\startupfolder\C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^svhost.exe]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\svhost.exe

backup=C:\WINDOWS\pss\svhost.exeCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-26 23:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-08-03 23:56 1667584 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-05-10 19:03 81920 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]

--a------ 2004-11-11 22:50 212992 C:\ARQUIV~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-05-10 19:03 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\RF Online\\RF.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Valve\\hlds.exe"=

"C:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aom.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\thrones.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\patriots.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aomx.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"C:\Arquivos de programas\Combat Arms\CombatArms.exe"= C:\Arquivos de programas\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Arquivos de programas\Combat Arms\Engine.exe"= C:\Arquivos de programas\Combat Arms\Engine.exe:*Enabled:Engine.exe

"C:\\Arquivos de programas\\Combat Arms\\NMService.exe"=

 

.

Conte£do da pasta 'Tarefas Agendadas'

 

2008-03-25 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1198444292.job

- C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

.

- - - - ORFAOS REMOVIDOS - - - -

 

Notify- aGBPluginAdm - asteca.dll

 

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 13:54:33

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hposts08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-28 14:00:12 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-28 17:00:10

ComboFix2.txt 2008-08-28 12:43:53

ComboFix3.txt 2008-08-26 19:14:41

ComboFix4.txt 2008-08-26 18:49:48

 

Pre-Run: 16 pasta(s) 39,494,004,736 bytes disponíveis

Post-Run: 19 pasta(s) 39,515,267,072 bytes dispon¡veis

 

221

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:02:40, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Ítalo\Desktop\Jogos\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD54F2-34CC-4DCE-9A40-9095898EA5CF}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[DigRam 144]

Boa Tarde! hideyuke

 

<!> O Socket error # 11004,ainda permanece?

-------------------------

<@> Baixe: < SDFix >

<@> Salve-o no Disco Local-C e,descompacte-o aí mesmo.

<@> Reinicie o computador em Modo de Segurança.

<@> Dê um duplo clique em: < runThis.bat >

 

Caso uma janela abra e feche,repentinamente!

Vá em Iniciar >> Executar >> Digite ou cole:

 

%systemdrive%\SDFix\apps\FixPath.exe /Q

 

Reinicie o computador e execute,novamente,o SDFix.

Caso não funcione,verifique a variável %comspec%.

Clique direito do mouse,em Meu Computador >> Propriedades >> Avançadas.

Em: Variáveis do Ambiente >> Verifique se a variável ComSpec,tem o seguinte valor para o cmd.exe.

 

Valor:

 

%SystemRoot%\system32\cmd.exe

<@> Aperte o Y.

<@> Aguarde a conclusão!

<@> Terminando,aperte Enter. ( Ou,qualquer tecla!)

<@> O computador será reiniciado!

<@> Aguarde,ainda,a conclusão da limpeza.

------------------------

<!> Poste os relatórios: Report.txt + HijackThis,atualizado.

 

Abraços!

[hideyuke 0]

O problema no TS ainda continua :blink:

 

Logfile of HijackThis v1.99.1

Scan saved at 15:59:10, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Ítalo\Desktop\Jogos\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD54F2-34CC-4DCE-9A40-9095898EA5CF}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

 

 

 

 

 

SDFix: Version 1.219

Run by Ötalo on qui 28/08/2008 at 15:08

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 15:14:03

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:c6,91,f9,9b,12,42,ca,44,e8,b4,28,f8,74,2a,19,48,99,43,30,9a,7a,..

"p0"="C:\Arquivos de programas\DAEMON Tools Lite\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,6e,29,8b,33,07,63,3a,a2,1a,bd,4f,80,4e,72,3e,5c,80,..

"khjeh"=hex:8f,90,5a,a2,ad,00,dd,8f,e6,54,74,90,8f,a8,8f,31,9b,b4,dd,7d,28,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:e5,f5,d0,b0,5f,61,94,95,1a,ac,6f,3c,92,32,f6,0e,81,c6,4c,e9,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:c6,91,f9,9b,12,42,ca,44,e8,b4,28,f8,74,2a,19,48,99,43,30,9a,7a,..

"p0"="C:\Arquivos de programas\DAEMON Tools Lite\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,6e,29,8b,33,07,63,3a,a2,1a,bd,4f,80,4e,72,3e,5c,80,..

"khjeh"=hex:8f,90,5a,a2,ad,00,dd,8f,e6,54,74,90,8f,a8,8f,31,9b,b4,dd,7d,28,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:e5,f5,d0,b0,5f,61,94,95,1a,ac,6f,3c,92,32,f6,0e,81,c6,4c,e9,c1,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000066

"TracesSuccessful"=dword:00000006

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"="C:\\Arquivos de programas\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"

"C:\\Arquivos de programas\\Valve\\hl.exe"="C:\\Arquivos de programas\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"="C:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Arquivos de programas\\RF Online\\RF.exe"="C:\\Arquivos de programas\\RF Online\\RF.exe:*:Enabled:RFLauncher"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Arquivos de programas\\Valve\\hlds.exe"="C:\\Arquivos de programas\\Valve\\hlds.exe:*:Enabled:HLDS Launcher"

"C:\\Arquivos de programas\\Free Download Manager\\fdm.exe"="C:\\Arquivos de programas\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager"

"C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aom.exe"="C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aom.exe:*:Enabled:Age of Mythology"

"C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\thrones.exe"="C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\thrones.exe:*:Enabled:Rise of Nations"

"C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\patriots.exe"="C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\patriots.exe:*:Enabled:Rise of Nations"

"C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aomx.exe"="C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"="C:\\Arquivos de programas\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"

"C:\\Arquivos de programas\\Combat Arms\\CombatArms.exe"="C:\\Arquivos de programas\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"

"C:\\Arquivos de programas\\Combat Arms\\Engine.exe"="C:\\Arquivos de programas\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

"C:\\Arquivos de programas\\Combat Arms\\NMService.exe"="C:\\Arquivos de programas\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Arquivos de programas\\Combat Arms\\CombatArms.exe"="C:\\Arquivos de programas\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"

"C:\\Arquivos de programas\\Combat Arms\\Engine.exe"="C:\\Arquivos de programas\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"

Thu 9 Nov 2006 20,480 A..H. --- "C:\Arquivos de programas\Combat Arms\HShield\4e59468.dll"

Thu 9 Nov 2006 20,480 A..H. --- "C:\Arquivos de programas\Combat Arms\HShield\a230c0.dll"

Wed 25 Jun 2008 463,872 A..H. --- "C:\Arquivos de programas\Internet Explorer\PLUGINS\iedw.exe"

Mon 13 Sep 2004 94,458 ...H. --- "C:\Arquivos de programas\Ahead\Nero PhotoShow\data\Nero PhotoShow Express.exe"

Wed 16 Jan 2008 50,766,819 A..H. --- "C:\Documents and Settings\Ötalo\Desktop\Camila\AllLineX660.exe"

 

Finished!

[hideyuke 0]

O problema no TS ainda continua :blink:

 

Logfile of HijackThis v1.99.1

Scan saved at 15:59:10, on 28/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Free Download Manager\fdm.exe

C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Ítalo\Desktop\Jogos\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Arquivos de programas\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Arquivos de programas\Free Download Manager\FUM\fumiebtn.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD54F2-34CC-4DCE-9A40-9095898EA5CF}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

 

 

 

 

 

SDFix: Version 1.219

Run by Ötalo on qui 28/08/2008 at 15:08

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-28 15:14:03

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:c6,91,f9,9b,12,42,ca,44,e8,b4,28,f8,74,2a,19,48,99,43,30,9a,7a,..

"p0"="C:\Arquivos de programas\DAEMON Tools Lite\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,6e,29,8b,33,07,63,3a,a2,1a,bd,4f,80,4e,72,3e,5c,80,..

"khjeh"=hex:8f,90,5a,a2,ad,00,dd,8f,e6,54,74,90,8f,a8,8f,31,9b,b4,dd,7d,28,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:e5,f5,d0,b0,5f,61,94,95,1a,ac,6f,3c,92,32,f6,0e,81,c6,4c,e9,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:c6,91,f9,9b,12,42,ca,44,e8,b4,28,f8,74,2a,19,48,99,43,30,9a,7a,..

"p0"="C:\Arquivos de programas\DAEMON Tools Lite\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,6e,29,8b,33,07,63,3a,a2,1a,bd,4f,80,4e,72,3e,5c,80,..

"khjeh"=hex:8f,90,5a,a2,ad,00,dd,8f,e6,54,74,90,8f,a8,8f,31,9b,b4,dd,7d,28,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:e5,f5,d0,b0,5f,61,94,95,1a,ac,6f,3c,92,32,f6,0e,81,c6,4c,e9,c1,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000066

"TracesSuccessful"=dword:00000006

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"="C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"="C:\\Arquivos de programas\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"

"C:\\Arquivos de programas\\Valve\\hl.exe"="C:\\Arquivos de programas\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"="C:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Arquivos de programas\\RF Online\\RF.exe"="C:\\Arquivos de programas\\RF Online\\RF.exe:*:Enabled:RFLauncher"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Arquivos de programas\\Valve\\hlds.exe"="C:\\Arquivos de programas\\Valve\\hlds.exe:*:Enabled:HLDS Launcher"

"C:\\Arquivos de programas\\Free Download Manager\\fdm.exe"="C:\\Arquivos de programas\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager"

"C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aom.exe"="C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aom.exe:*:Enabled:Age of Mythology"

"C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\thrones.exe"="C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\thrones.exe:*:Enabled:Rise of Nations"

"C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\patriots.exe"="C:\\Arquivos de programas\\Microsoft Games\\Rise of Nations\\patriots.exe:*:Enabled:Rise of Nations"

"C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aomx.exe"="C:\\Arquivos de programas\\Microsoft Games\\Age of Mythology\\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"="C:\\Arquivos de programas\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"

"C:\\Arquivos de programas\\Combat Arms\\CombatArms.exe"="C:\\Arquivos de programas\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"

"C:\\Arquivos de programas\\Combat Arms\\Engine.exe"="C:\\Arquivos de programas\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

"C:\\Arquivos de programas\\Combat Arms\\NMService.exe"="C:\\Arquivos de programas\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Arquivos de programas\\Combat Arms\\CombatArms.exe"="C:\\Arquivos de programas\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"

"C:\\Arquivos de programas\\Combat Arms\\Engine.exe"="C:\\Arquivos de programas\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"

Thu 9 Nov 2006 20,480 A..H. --- "C:\Arquivos de programas\Combat Arms\HShield\4e59468.dll"

Thu 9 Nov 2006 20,480 A..H. --- "C:\Arquivos de programas\Combat Arms\HShield\a230c0.dll"

Wed 25 Jun 2008 463,872 A..H. --- "C:\Arquivos de programas\Internet Explorer\PLUGINS\iedw.exe"

Mon 13 Sep 2004 94,458 ...H. --- "C:\Arquivos de programas\Ahead\Nero PhotoShow\data\Nero PhotoShow Express.exe"

Wed 16 Jan 2008 50,766,819 A..H. --- "C:\Documents and Settings\Ötalo\Desktop\Camila\AllLineX660.exe"

 

Finished!

[DigRam 144]

Boa Noite! hideyuke

 

<!> O SDFix nada encontrou,relacionados à ficheiros tipificados como svhost.exe.Que,além de bots,é uma de suas especialidades esta remoção.

----------------------

<@> Vá a este Link,e baixe:

 

< Malwarebytes >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo! ( Full Scan )

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens,detectados,para a quarentena.

<@> Para maiores detalhes: < Link >

----------------------

<@> Poste,o relatório: mbam-log-8-28-2008 (00-00-00).txt

 

Abraços!

[hideyuke 0]

Team Speak ainda com erro

 

 

 

Malwarebytes' Anti-Malware 1.25

Versão do banco de dados: 1093

Windows 5.1.2600 Service Pack 2

 

22:16:08 28/8/2008

mbam-log-08-28-2008 (22-16-08).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 163728

Tempo decorrido: 56 minute(s), 2 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 5

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\System Volume Information\_restore{8B323B49-4FB2-4F79-A658-97245ADA1E0E}\RP111\A0064693.exe (Worm.Muha) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8B323B49-4FB2-4F79-A658-97245ADA1E0E}\RP112\A0065666.exe (Worm.Muha) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8B323B49-4FB2-4F79-A658-97245ADA1E0E}\RP113\A0066664.exe (Worm.Muha) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{8B323B49-4FB2-4F79-A658-97245ADA1E0E}\RP119\A0066976.exe (Worm.Muha) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wscnntfyy.dat (Trojan.Agent) -> Quarantined and deleted successfully.

[DigRam 144]

Boa Noite! hideyuke

 

<!> O problema pode não estar relacionado à malwares,pois estamos executando vários procedimentos de desinfecção e o erro permanece.

<!> Amigo!Voçê já tentou a desinstalação e instalação do programa?

------------------------

<@> Baixe: < >

 

< ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe >

 

<@> Salve-o no Desktop!

<@> Execute o arquivo: drweb-cureit.exe

<@> Clique em Iniciar e escolha a verificação express scan.

<@> Se for encontrado,algum ficheiro infectado,clique no botão yes,para acionar a cura.

<@> Quando o scan rápido terminar,clique em Opções --> Alterar Definições.

<@> Na aba Verificação,desmarque a Análise Heurística e confirme!

<@> De volta à janela principal,marque os drives que você deseja examinar.

<@> Selecione todos! Um ponto vermelho,vai indicar os drives selecionados.

<@> Clique na seta verde,para iniciar o exame.

 

 

<@> Caso haja uma solicitação,para curar/mover o arquivo,clique em Sim,para todos.

<@> Quando o exame terminar,observe se o ícone "objetos encontrados" < > está habilitado.

<@> Se estiver,clique nele!

<@> À seguir clique no ícone,logo abaixo,e selecione: Mover incuráveis

 

 

<@> Caso o programa não possa curá-los,ele irá move-los para a pasta Quarentena,no diretório DoctorWeb.

<@> Feito isto, vá no menu superior e clique na opção Ficheiros --> Guardar listas de arquivos.

<@> Salve a lista no desktop. ( DrWeb.csv ) <-- Relatório de postagem!

<@> Feche o programa!

<@> Reinicie o computador,para que o programa termine de deletar/mover,os arquivos que estavam sendo utilizados.

 

Abraços!

[hideyuke 0]

Finalmente.. Problema Resolvido :grin: :grin:

Valeu DigRam :clap:

 

 

 

crossloopsetup.exe\data003 C:\crossloopsetup.exe Program.RemoteAdmin

crossloopsetup.exe\data004 C:\crossloopsetup.exe Program.RemoteAdmin

crossloopsetup.exe C:\ O arquivo contém objectos infectados Movido.

SDFix.exe\SDFix\apps\Process.exe C:\SDFix.exe Tool.Prockill

SDFix.exe C:\ O arquivo contém objectos infectados Movido.

00082843.FIL C:\$VAULT$.AVG Trojan.PWS.GoldSpy.2147 Eliminado.

00087453.FIL C:\$VAULT$.AVG Trojan.PWS.GoldSpy.2147 Eliminado.

00199968.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

00229421.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

00490671.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

00547937.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

00612125.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

00614578.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

00693578.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

01322953.FIL C:\$VAULT$.AVG Trojan.PWS.GoldSpy.2147 Eliminado.

01544828.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

01763718.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

02935859.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

03849984.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

04229437.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

06831437.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

08941437.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

10831921.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

11793750.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

15127656.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

16861281.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

18137656.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23178593.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23181015.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23182781.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23184312.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23185296.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23186312.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23187296.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23188218.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23188937.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23189921.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23193765.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23194843.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23196000.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23210828.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23213390.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23218906.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23221093.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23222390.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23228937.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23238750.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23275296.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23277093.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23278609.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23279593.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23280671.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23281593.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23282671.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23283578.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23284687.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23288640.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23290171.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23293031.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23294828.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23295171.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23296062.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23296796.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23297343.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23297859.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23298359.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23298828.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23299375.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23300781.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23301593.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23302156.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23302796.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23303515.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23370578.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23373578.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23374078.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23375031.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23375718.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23376437.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23376953.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23377500.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23378093.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23391078.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23927265.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

24788921.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

26546000.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

28516734.FIL C:\$VAULT$.AVG Trojan.Packed.149 Incurável.Movido.

31258859.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

37278937.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

37761687.FIL C:\$VAULT$.AVG Trojan.PWS.GoldSpy.2147 Eliminado.

45329468.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

tbhelper.dll C:\Arquivos de programas\TurboUpload\TurboUpload Toolbar Adware.Casino.51 Incurável.Movido.

RegUBP2b-Ítalo.reg C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Snapshots2 Trojan.StartPage.1505 Eliminado.

ComboFix.exe\327882R2FWJFW\psexec.cfexe C:\Documents and Settings\Ítalo\Desktop\ComboFix.exe Program.PsExec.171

[hideyuke 0]

Finalmente.. Problema Resolvido :grin: :grin:

Valeu DigRam :clap:

 

PS:Dessa vez eu nao precisei reinstalar para funcionar

 

crossloopsetup.exe\data003 C:\crossloopsetup.exe Program.RemoteAdmin

crossloopsetup.exe\data004 C:\crossloopsetup.exe Program.RemoteAdmin

crossloopsetup.exe C:\ O arquivo contém objectos infectados Movido.

SDFix.exe\SDFix\apps\Process.exe C:\SDFix.exe Tool.Prockill

SDFix.exe C:\ O arquivo contém objectos infectados Movido.

00082843.FIL C:\$VAULT$.AVG Trojan.PWS.GoldSpy.2147 Eliminado.

00087453.FIL C:\$VAULT$.AVG Trojan.PWS.GoldSpy.2147 Eliminado.

00199968.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

00229421.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

00490671.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

00547937.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

00612125.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

00614578.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

00693578.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

01322953.FIL C:\$VAULT$.AVG Trojan.PWS.GoldSpy.2147 Eliminado.

01544828.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

01763718.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

02935859.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

03849984.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

04229437.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

06831437.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

08941437.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

10831921.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

11793750.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

15127656.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

16861281.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

18137656.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23178593.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23181015.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23182781.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23184312.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23185296.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23186312.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23187296.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23188218.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23188937.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23189921.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23193765.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23194843.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23196000.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23210828.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23213390.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23218906.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23221093.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23222390.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23228937.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23238750.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23275296.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23277093.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23278609.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23279593.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23280671.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23281593.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23282671.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23283578.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23284687.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23288640.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23290171.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23293031.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23294828.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23295171.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23296062.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23296796.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23297343.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23297859.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23298359.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23298828.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23299375.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23300781.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23301593.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23302156.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23302796.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23303515.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23370578.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23373578.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23374078.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23375031.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23375718.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23376437.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23376953.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23377500.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23378093.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23391078.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

23927265.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

24788921.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

26546000.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

28516734.FIL C:\$VAULT$.AVG Trojan.Packed.149 Incurável.Movido.

31258859.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

37278937.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

37761687.FIL C:\$VAULT$.AVG Trojan.PWS.GoldSpy.2147 Eliminado.

45329468.FIL C:\$VAULT$.AVG Trojan.PWS.Lineage.4600 Eliminado.

tbhelper.dll C:\Arquivos de programas\TurboUpload\TurboUpload Toolbar Adware.Casino.51 Incurável.Movido.

RegUBP2b-Ítalo.reg C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy\Snapshots2 Trojan.StartPage.1505 Eliminado.

ComboFix.exe\327882R2FWJFW\psexec.cfexe C:\Documents and Settings\Ítalo\Desktop\ComboFix.exe Program.PsExec.171

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.