Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Gmax2008

[Arquivado] - Desktop e Menu iniciar sumiram

Recommended Posts

Olá pessoal sou novo aqui no iMasters, e queria pedir ajuda : Meu desktop e os icones SUMIRAM!!!!!!!!!!!!!! :wacko:

Tudo começou num domingo eu tava fazendo um trabalho e desliguei o PC. No dia seguinte quando eu fui ligar...

o desktop e os icones tinham sumido. Só da pra abrir pelo Gerenciador de Tarefas Ctrl+Alt+Del.

 

Já baixei o avast, e uma lista de outros mais não consigo resolver o problema. Ja restaurei o sistema e nada.

 

Já vi varios casos igual ao meu que tiveram solução.

 

Não sei se ajuda mas tá aqui o meu log do HiJackThis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:33:13, on 23/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>

O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>

O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->

O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>

O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>

O1 - Hosts: <tr>

O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>

O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>

O1 - Hosts: </tr>

O1 - Hosts: </table>

O1 - Hosts: <br>

O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>

O1 - Hosts: <tr>

O1 - Hosts: <td bgcolor=003399 colspan=2>

O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>

O1 - Hosts: </td>

O1 - Hosts: </tr></table>

O1 - Hosts: <br>

O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>

O1 - Hosts: <tr>

O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>

O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>

O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>

O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>

O1 - Hosts: <tr bgcolor=white><td valign=top align=center>

O1 - Hosts: <form action="http://search.yahoo.com/search">

O1 - Hosts: <input size="14" name="p" value=""> 

O1 - Hosts: <input type="SUBMIT" value="Search">

O1 - Hosts: <font face=arial size=-2> <a href="http://search.yahoo.com/search/options?p=">advanced search</a>  <a href="http://buzz.yahoo.com">most popular</a></font>

O1 - Hosts: </form></td></tr></table>

O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>

O1 - Hosts: <tr bgcolor=ccccff><td>

O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>

O1 - Hosts: </td></tr>

O1 - Hosts: <tr><td>

O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>

O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.

O1 - Hosts: </td></tr>

O1 - Hosts: <tr><td align=right>

O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>

O1 - Hosts: </td></tr>

O1 - Hosts: </table>

O1 - Hosts: </td></tr></table>

O1 - Hosts: </td>

O1 - Hosts: <td width=1> </td>

O1 - Hosts: <td valign=top align=center width=445>

O1 - Hosts: < script language="JavaScript" type="text/javascript"

O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr" >

O1 - Hosts: < /script >

O1 - Hosts: <noscript>

O1 - Hosts: <iframe

O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"

O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0

O1 - Hosts: vspace=0 frameborder=0 scrolling=no>

O1 - Hosts: </iframe>

O1 - Hosts: </noscript>

O1 - Hosts: </td>

O1 - Hosts: </tr>

O1 - Hosts: </table>

O1 - Hosts: <br>

O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>

O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">

O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>

O1 - Hosts: <font face=arial size=-2><A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A

O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>

O1 - Hosts: </font></td></tr></table></td></tr></table>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Extensão do Navegador - {937833BF-40FC-46BC-806F-34201374A953} - C:\WINDOWS\system32\wgapre32.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [lphc943j0e73j] C:\WINDOWS\system32\lphc943j0e73j.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\RunOnce: [spybotDeletingA2682] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\BlockedCookies.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingC2222] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\BlockedCookies.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingA9101] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\DirectoryDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingC6453] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\DirectoryDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingA3721] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ENoSignature.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingC1936] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ENoSignature.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingA705] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ExeDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingC2136] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ExeDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingA797] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\FileDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingC8245] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\FileDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingA3934] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\RegistryDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingC3310] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\RegistryDefinition.dat"

O4 - HKLM\..\RunOnce: [spybotDeletingA3866] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\Quarantine\Quarantined files will be placed here.txt"

O4 - HKLM\..\RunOnce: [spybotDeletingC2876] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\Quarantine\Quarantined files will be placed here.txt"

O4 - HKLM\..\RunOnce: [spybotDeletingA5014] command /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC5793] cmd /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"

O4 - HKLM\..\RunOnce: [spybotDeletingA6117] command /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC2724] cmd /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i

O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe

O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [ViStart] C:\Arquivos de programas\ViStart\ViStart

O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe

O4 - HKCU\..\Run: [shockAero] C:\Documents and Settings\Casa\Meus documentos\ShockAero\ShockAero.exe

O4 - HKCU\..\Run: [PSwitch] C:\Arquivos de programas\Proxy Switcher Standard\ProxySwitcher.exe

O4 - HKCU\..\Run: [CMS_RSChecker] "D:\RS FAN v1.1.exe" -m

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB3559] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\BlockedCookies.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingD8073] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\BlockedCookies.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingB9224] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\DirectoryDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingD9035] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\DirectoryDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingB1167] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ENoSignature.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingD5612] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ENoSignature.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingB9082] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ExeDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingD2994] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\ExeDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingB4766] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\FileDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingD7262] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\FileDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingB4596] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\RegistryDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingD616] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\RegistryDefinition.dat"

O4 - HKCU\..\RunOnce: [spybotDeletingB4120] command /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\Quarantine\Quarantined files will be placed here.txt"

O4 - HKCU\..\RunOnce: [spybotDeletingD1353] cmd /c del "C:\Documents and Settings\Casa\Dados de aplicativos\AntiSpywareDAT\Quarantine\Quarantined files will be placed here.txt"

O4 - HKCU\..\RunOnce: [spybotDeletingB1355] command /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD5945] cmd /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"

O4 - HKCU\..\RunOnce: [spybotDeletingB8714] command /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD5925] cmd /c del "C:\Arquivos de programas\MyWebSearch\bar\1.bin\MWSBAR.DLL_old"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Styler.lnk = ?

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Vista Sidebar\sidebar.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Update.exe

O8 - Extra context menu item: &Search - ?p=ZCxdm451YYBR

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\ARQUIV~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 23288 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Combofix e salve no seu desktop.

 

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

 

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

 

Para parar ou sair do ComboFix, tecle "2" e Enter.

 

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Baixe o Combofix e salve no seu desktop.

 

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

 

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

 

Para parar ou sair do ComboFix, tecle "2" e Enter.

 

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

 

 

ComboFix 08-09-22.04 - Casa 2008-09-23 17:49:45.1 - NTFSx86

Executando de: C:\Documents and Settings\Casa\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\FunWebProducts

C:\Arquivos de programas\FunWebProducts\Shared\Cache\AvatarSmallBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Arquivos de programas\internet explorer\msimg32.dll

C:\Arquivos de programas\MyWebSearch

C:\autorun.inf

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\windows update.exe

C:\Documents and Settings\Gustavo\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\n.com

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo1.dll

C:\WINDOWS\system32\ckvo2.dll

C:\WINDOWS\system32\dao350.dll

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\f3PSSavr.scr

C:\WINDOWS\system32\kavo0.dll

C:\WINDOWS\system32\kavo2.dll

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\skinboxer43.dll

C:\WINDOWS\system32\wgaprem32.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_MYWEBSEARCHSERVICE

-------\Legacy_NPF

-------\Service_MyWebSearchService

-------\Service_NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-08-23 to 2008-09-23 ))))))))))))))))))))))))))))))))

.

 

2008-09-23 17:15 . 2008-09-23 17:15 <DIR> d-------- C:\WINDOWS\ERUNT

2008-09-23 17:12 . 2008-09-23 17:33 <DIR> d-------- C:\SDFix

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressÆo

2008-09-23 12:16 . 2008-09-23 12:16 993 --a------ C:\WINDOWS\wininit.ini

2008-09-23 06:07 . 2008-09-23 06:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-09-22 23:04 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-09-22 23:04 . 2008-09-23 13:44 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-09-22 22:19 . 2008-09-22 22:19 <DIR> d-------- C:\Arquivos de programas\IObit

2008-09-22 22:14 . 2008-09-23 16:32 <DIR> d-------- C:\Hijack

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador

2008-09-21 22:25 . 2008-09-21 22:25 197 --a------ C:\WINDOWS\system32\MRT.INI

2008-09-17 17:50 . 2008-09-17 17:49 115,913 -r-hs---- C:\k2d8j3wa.bat

2008-09-08 14:40 . 2008-09-08 14:40 33 --a------ C:\WINDOWS\KB1369769.ini

2008-09-06 19:11 . 2008-09-06 19:11 90,834 -r-hs---- C:\r1y1.bat

2008-09-05 15:12 . 2008-09-05 15:13 <DIR> d-------- C:\Arquivos de programas\VDOWNLOADER

2008-09-05 14:21 . 2008-09-05 14:21 <DIR> d-------- C:\Arquivos de programas\4U Computing

2008-09-05 13:41 . 2008-09-05 13:41 <DIR> d-------- C:\OutputFolder

2008-09-05 13:39 . 2008-09-05 13:39 <DIR> d-------- C:\Arquivos de programas\Allok Video to MP4 Converter

2008-09-05 13:39 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax

2008-09-05 13:39 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll

2008-09-05 13:39 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll

2008-09-05 12:07 . 2008-09-05 12:07 92,932 -r-hs---- C:\ktnquo.exe

2008-09-02 18:46 . 2008-09-02 18:47 90,911 -r-hs---- C:\f.bat

2008-09-02 18:31 . 2008-09-02 18:30 109,043 -r-hs---- C:\hpkq.cmd

2008-09-01 19:17 . 2008-09-01 19:29 1,750,528 --a------ C:\WINDOWS\system32\wgapre32.dll

2008-09-01 17:58 . 2008-09-01 17:57 90,623 -r-hs---- C:\kk3.bat

2008-09-01 13:16 . 2008-09-01 13:16 <DIR> d-------- C:\Arquivos de programas\Nero

2008-09-01 13:16 . 2008-09-01 13:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-29 13:23 . 2008-09-01 12:26 <DIR> d-------- C:\Arquivos de programas\Pivot Stickfigure Animator

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-23 21:38 --------- d-----w C:\Arquivos de programas\ViStart

2008-09-22 16:43 14,328,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-09-22 16:26 556,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-09-22 02:30 53,132 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-09-22 02:30 194,468 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-09-22 01:32 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-09-17 00:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-09-01 23:46 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\Ahead

2008-09-01 17:07 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-08-23 00:27 --------- d-----w C:\Arquivos de programas\NitroPC

2008-08-18 22:44 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\uTorrent

2008-08-18 19:55 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-08-18 17:42 --------- d-----w C:\Arquivos de programas\Spyware Remover 7.0 Demo

2008-08-08 16:55 --------- d-----w C:\Arquivos de programas\Nokia

2008-08-02 03:58 --------- d-----w C:\Arquivos de programas\Dolphin

2008-08-01 20:22 40 ----a-w C:\Documents and Settings\Casa\language.dat

2008-07-24 18:06 --------- d-----w C:\Arquivos de programas\Vista Sidebar

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\WinFlip

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\VisualTooltip

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\ViOrb

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\TrueTransparency

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\Styler

2008-07-24 18:01 --------- d-----w C:\Arquivos de programas\LClock

2008-07-23 13:15 --------- d-----w C:\Arquivos de programas\uTorrent

2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-11 17:15 10,121,656 ----a-w C:\Arquivos de programas\Alcohol120_trial_1.9.7.6221.exe

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-24 20:58 8,351,908 ----a-w C:\Arquivos de programas\windows_sidebar_XP_PT_BR.rar

2007-08-31 18:40 2,234,899 ----a-w C:\Arquivos de programas\fastaero0751.rar

.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:40, on 2008-09-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\ViOrb\ViOrb.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\LClock\lclock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ViStart\ViStart.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Styler\Styler.exe

C:\Arquivos de programas\Vista Sidebar\sidebar.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Extensão do Navegador - {937833BF-40FC-46BC-806F-34201374A953} - C:\WINDOWS\system32\wgapre32.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [lphc943j0e73j] C:\WINDOWS\system32\lphc943j0e73j.exe

O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe

O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ViStart] C:\Arquivos de programas\ViStart\ViStart

O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe

O4 - HKCU\..\Run: [shockAero] C:\Documents and Settings\Casa\Meus documentos\ShockAero\ShockAero.exe

O4 - HKCU\..\Run: [CMS_RSChecker] "D:\RS FAN v1.1.exe" -m

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

O4 - HKCU\..\Run: [TransBar] C:\Documents and Settings\Casa\Meus documentos\TransBar.exe /s

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Styler.lnk = ?

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Vista Sidebar\sidebar.exe

O8 - Extra context menu item: &Search - ?p=ZCxdm451YYBR

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 8677 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

O lo do combofix estar incompleto, por favor poste o log completo!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vlw nem sei como te agradecer :clap: :grin:

 

Queria saber como é que pega esses virus

 

Vou postar um outro log do Combofix, do SDfix e do HiJackThis

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tá aqui os logs

 

ComboFix:

 

ComboFix 08-09-22.04 - Casa 2008-09-24 13:07:54.2 - NTFSx86

Executando de: C:\Documents and Settings\Casa\Meus documentos\Aplicativos Diversos\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Arquivos de programas\FunWebProducts

C:\Arquivos de programas\FunWebProducts\Shared\Cache\AvatarSmallBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

C:\Arquivos de programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Arquivos de programas\internet explorer\msimg32.dll

C:\Arquivos de programas\MyWebSearch

C:\autorun.inf

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\windows update.exe

C:\Documents and Settings\Gustavo\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\n.com

C:\WINDOWS\system32\ckvo.exe

C:\WINDOWS\system32\ckvo1.dll

C:\WINDOWS\system32\ckvo2.dll

C:\WINDOWS\system32\dao350.dll

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\f3PSSavr.scr

C:\WINDOWS\system32\kavo0.dll

C:\WINDOWS\system32\kavo2.dll

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\skinboxer43.dll

C:\WINDOWS\system32\wgaprem32.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_MYWEBSEARCHSERVICE

-------\Legacy_NPF

-------\Service_MyWebSearchService

-------\Service_NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-08-24 to 2008-09-24 ))))))))))))))))))))))))))))))))

.

 

2008-09-23 20:26 . 2008-09-23 20:26 <DIR> d-------- C:\Arquivos de programas\TopDesk

2008-09-23 20:05 . 2008-09-23 20:05 <DIR> d-------- C:\Arquivos de programas\EA SPORTS

2008-09-23 17:15 . 2008-09-23 17:15 <DIR> d-------- C:\WINDOWS\ERUNT

2008-09-23 17:12 . 2008-09-23 17:33 <DIR> d-------- C:\SDFix

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-09-23 12:16 . 2008-09-23 12:16 993 --a------ C:\WINDOWS\wininit.ini

2008-09-23 06:07 . 2008-09-23 06:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-09-22 23:04 . 2008-09-23 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-09-22 22:19 . 2008-09-22 22:19 <DIR> d-------- C:\Arquivos de programas\IObit

2008-09-22 22:14 . 2008-09-23 19:40 <DIR> d-------- C:\Hijack

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador

2008-09-21 22:25 . 2008-09-21 22:25 197 --a------ C:\WINDOWS\system32\MRT.INI

2008-09-17 17:50 . 2008-09-17 17:49 115,913 -r-hs---- C:\k2d8j3wa.bat

2008-09-08 14:40 . 2008-09-08 14:40 33 --a------ C:\WINDOWS\KB1369769.ini

2008-09-06 19:11 . 2008-09-06 19:11 90,834 -r-hs---- C:\r1y1.bat

2008-09-05 15:12 . 2008-09-05 15:13 <DIR> d-------- C:\Arquivos de programas\VDOWNLOADER

2008-09-05 13:41 . 2008-09-05 13:41 <DIR> d-------- C:\OutputFolder

2008-09-05 12:07 . 2008-09-05 12:07 92,932 -r-hs---- C:\ktnquo.exe

2008-09-02 18:46 . 2008-09-02 18:47 90,911 -r-hs---- C:\f.bat

2008-09-02 18:31 . 2008-09-02 18:30 109,043 -r-hs---- C:\hpkq.cmd

2008-09-01 19:17 . 2008-09-01 19:29 1,750,528 --a------ C:\WINDOWS\system32\wgapre32.dll

2008-09-01 17:58 . 2008-09-01 17:57 90,623 -r-hs---- C:\kk3.bat

2008-09-01 13:16 . 2008-09-01 13:16 <DIR> d-------- C:\Arquivos de programas\Nero

2008-09-01 13:16 . 2008-09-01 13:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-29 13:23 . 2008-09-01 12:26 <DIR> d-------- C:\Arquivos de programas\Pivot Stickfigure Animator

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-24 16:27 --------- d-----w C:\Arquivos de programas\ViStart

2008-09-23 22:52 --------- d-----w C:\Arquivos de programas\free-downloads.net

2008-09-23 22:52 --------- d-----w C:\Arquivos de programas\Conduit

2008-09-23 22:03 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-09-22 16:43 14,328,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-09-22 16:26 556,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-09-22 02:30 53,132 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-09-22 02:30 194,468 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-09-17 00:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-09-01 23:46 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\Ahead

2008-09-01 17:07 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-08-23 00:27 --------- d-----w C:\Arquivos de programas\NitroPC

2008-08-18 22:44 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\uTorrent

2008-08-18 19:55 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-08-18 17:42 --------- d-----w C:\Arquivos de programas\Spyware Remover 7.0 Demo

2008-08-08 16:55 --------- d-----w C:\Arquivos de programas\Nokia

2008-08-02 03:58 --------- d-----w C:\Arquivos de programas\Dolphin

2008-08-01 20:22 40 ----a-w C:\Documents and Settings\Casa\language.dat

2008-07-24 18:06 --------- d-----w C:\Arquivos de programas\Vista Sidebar

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\WinFlip

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\VisualTooltip

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\ViOrb

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\TrueTransparency

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\Styler

2008-07-24 18:01 --------- d-----w C:\Arquivos de programas\LClock

2008-07-11 17:15 10,121,656 ----a-w C:\Arquivos de programas\Alcohol120_trial_1.9.7.6221.exe

2007-12-24 20:58 8,351,908 ----a-w C:\Arquivos de programas\windows_sidebar_XP_PT_BR.rar

2007-08-31 18:40 2,234,899 ----a-w C:\Arquivos de programas\fastaero0751.rar

.

 

------- Sigcheck -------

 

2005-03-02 14:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2007-02-28 08:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2004-08-03 23:55 2070400 7b6e20eda4457e87986aabefa07ad0ba C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-02 14:08 2061056 d5ed391b213fa2a6ee25de5ab8512360 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 12:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

2008-04-13 22:00 2070144 f84054bfd1d688b901ad907499879bbd C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntkrnlpa.exe

2007-02-28 12:02 2071168 556bfec77107e78076d3d470cef72b9f C:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 12:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 12:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

 

2005-03-02 14:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2007-02-28 12:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2004-08-03 23:40 2194560 b09517124a659d5764b2e1760a609c2e C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-02 14:09 2183552 0da99d0cbd578ad96effd3a571ce8437 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 12:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2008-04-13 22:01 2193280 185f6c64734019e7e9f626e53cc37fb4 C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntoskrnl.exe

2007-02-28 12:02 2193920 239adfb7b15a5d2032842f260d19d735 C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 12:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-02-28 12:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\system32\VITrans\ntoskrnl.exe

 

2007-06-13 09:21 1425920 16ad50b47ae6a73ba54cb016b85e4aa5 C:\WINDOWS\explorer.exe

2007-06-13 09:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-03 23:45 1424896 90a6eb2a3ce24982d96ee51f23b07de5 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2008-04-13 22:20 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\explorer.exe

2007-06-13 09:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 09:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\system32\VITrans\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{937833BF-40FC-46BC-806F-34201374A953}]

2008-09-01 19:29 1750528 --a------ C:\WINDOWS\system32\wgapre32.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ViStart"="C:\Arquivos de programas\ViStart\ViStart" [X]

"ViOrb"="C:\Arquivos de programas\ViOrb\ViOrb.exe" [2007-11-19 163840]

"VisualTaskTips"="C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2007-08-15 36352]

"LClock"="C:\Arquivos de programas\LClock\lclock.exe" [2004-09-20 65536]

"TrueTransparency"="C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe" [2008-06-24 372224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"kav"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 139367]

"TopDesk"="C:\Arquivos de programas\TopDesk\topdesk.exe" [2006-03-01 201216]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-03 159744]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoBandCustomize"= 0 (0x0)

"NoMovingBands"= 0 (0x0)

"NoCloseDragDropBands"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^Styler.lnk]

path=C:\Documents and Settings\Casa\Menu Iniciar\Programas\Inicializar\Styler.lnk

backup=C:\WINDOWS\pss\Styler.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Casa^Menu Iniciar^Programas^Inicializar^Thoosje Vista Sidebar.lnk]

path=C:\Documents and Settings\Casa\Menu Iniciar\Programas\Inicializar\Thoosje Vista Sidebar.lnk

backup=C:\WINDOWS\pss\Thoosje Vista Sidebar.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

--a------ 2008-03-20 12:46 217544 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxCmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2005-12-16 12:57 94208 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-03 23:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 07:00 33648 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NitroPC]

--a------ 2007-11-15 13:03 1975824 C:\Arquivos de programas\NitroPC\NitroPC.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-03-09 13:29 7561216 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\viwc]

--a------ 2007-11-30 05:56 329029 C:\WINDOWS\system32\viwc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Documents and Settings\\Casa\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Alwil Software\\Avast4\\ashSimpl.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

S3 AVPsys;AVPsys;C:\WINDOWS\system32\drivers\tdi.sys [2004-08-03 18560]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{007c8316-946b-11dc-ae8b-0013d4ececad}]

\Shell\AutoRun\command - F:\m6dqm2vd.exe

\Shell\explore\Command - F:\m6dqm2vd.exe

\Shell\open\Command - F:\m6dqm2vd.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a3b98ef-b707-11dc-aa49-0013d4ececad}]

\Shell\AutoRun\command - F:\oufddh.exe

\Shell\explore\Command - F:\oufddh.exe

\Shell\open\Command - F:\oufddh.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4de2d8b3-2f34-11dd-99cd-0013d4ececad}]

\Shell\AutoRun\command - E:\bpu.exe

\Shell\explore\Command - E:\bpu.exe

\Shell\open\Command - E:\bpu.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68142a2e-616a-11dd-9a2e-0013d4ececad}]

\Shell\AutoRun\command - D:\fufb6tq3.cmd

\Shell\explore\Command - D:\fufb6tq3.cmd

\Shell\open\Command - D:\fufb6tq3.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abab42c1-a25a-11dc-92fb-0013d4ececad}]

\Shell\AutoRun\command - qeoc6sj.exe

\Shell\explore\Command - qeoc6sj.exe

\Shell\open\Command - qeoc6sj.exe

.

- - - - ORFAOS REMOVIDOS - - - -

 

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

MSConfigStartUp-CMS_RSChecker - D:\RS FAN v1.1.exe

MSConfigStartUp-kamsoft - C:\WINDOWS\system32\ckvo.exe

MSConfigStartUp-kava - C:\WINDOWS\system32\kavo.exe

MSConfigStartUp-lphc943j0e73j - C:\WINDOWS\system32\lphc943j0e73j.exe

MSConfigStartUp-PSwitch - C:\Arquivos de programas\Proxy Switcher Standard\ProxySwitcher.exe

MSConfigStartUp-ShockAero - C:\Documents and Settings\Casa\Meus documentos\ShockAero\ShockAero.exe

MSConfigStartUp-SpybotSD TeaTimer - C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

MSConfigStartUp-TransBar - C:\Documents and Settings\Casa\Meus documentos\TransBar.exe

 

 

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Casa\Dados de aplicativos\Mozilla\Firefox\Profiles\xhvmh2al.default\

FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Arquivos de programas\Mozilla Firefox\plugins\NPMyWebS.dll

FF -: plugin - C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-24 13:11:59

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execuçao ---------------------

 

PROCESSOS: C:\WINDOWS\explorer.exe

-> C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparencyHook.dll

-> C:\Arquivos de programas\VisualTaskTips\VttHooks.dll

.

Tempo para conclusão: 2008-09-24 13:15:56

ComboFix-quarantined-files.txt 2008-09-24 17:15:49

 

Pre-Run: 17 pasta(s) 13,746,212,864 bytes disponíveis

Post-Run: 23 pasta(s) 13,738,602,496 bytes disponíveis

 

261 --- E O F --- 2008-09-22 02:25:41

 

 

HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:20:48, on 24/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\ViOrb\ViOrb.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\LClock\lclock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ViStart\ViStart.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe

C:\Arquivos de programas\Styler\Styler.exe

C:\Arquivos de programas\Vista Sidebar\sidebar.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Extensão do Navegador - {937833BF-40FC-46BC-806F-34201374A953} - C:\WINDOWS\system32\wgapre32.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [TopDesk] C:\Arquivos de programas\TopDesk\topdesk.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe

O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe

O4 - HKCU\..\Run: [ViStart] C:\Arquivos de programas\ViStart\ViStart

O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Search - ?p=ZCxdm451YYBR

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 7991 bytes

 

 

E o SDFix:

 

 

SDFix: Version 1.228

Run by Casa on 23/09/2008 at 17:18

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system32\Windows Update.exe - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-23 17:29:09

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:4c,c9,1f,20,10,49,f4,4f,bf,be,f8,60,14,27,34,47,63,96,11,1b,fd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:11,ac,7e,02,76,34,be,70,aa,ac,6d,d8,9e,d6,e3,47,e9,6e,3b,19,00,..

"p0"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:725c49ba

"s2"=dword:fb9f099b

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:11,ac,7e,02,76,34,be,70,aa,ac,6d,d8,9e,d6,e3,47,e9,6e,3b,19,00,..

"p0"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:11,ac,7e,02,76,34,be,70,aa,ac,6d,d8,9e,d6,e3,47,e9,6e,3b,19,00,..

"p0"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\"

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Arquivos de programas\\DAP\\DAP.exe"="C:\\Arquivos de programas\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"

"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"

"C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Arquivos de programas\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService"

"C:\\Arquivos de programas\\Warp Pipe\\warppipe.exe"="C:\\Arquivos de programas\\Warp Pipe\\warppipe.exe:*:Enabled:Warp Pipe Beta"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="C:\\Arquivos de programas\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"C:\\Documents and Settings\\Casa\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"="C:\\Documents and Settings\\Casa\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe:*:Enabled:PowerSoccer"

"C:\\WINDOWS\\system32\\a.exe"="C:\\WINDOWS\\system32\\a.exe:*:Disabled:a"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Fri 5 Sep 2008 92,932 ..SHR --- "C:\ktnquo.exe"

Mon 25 Aug 2008 89,420 ..SHR --- "C:\n.com"

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"

Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SDUpdate.exe"

Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe"

Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe"

Sat 6 Sep 2008 90,834 ..SHR --- "C:\WINDOWS\system32\ckvo.exe"

Sun 21 Sep 2008 84,992 ..SHR --- "C:\WINDOWS\system32\ckvo0.dll"

Sat 6 Sep 2008 84,992 ..SHR --- "C:\WINDOWS\system32\ckvo1.dll"

Mon 1 Sep 2008 84,992 ..SHR --- "C:\WINDOWS\system32\ckvo2.dll"

Mon 22 Sep 2008 187,392 ..SHR --- "C:\WINDOWS\system32\kavo0.dll"

Wed 17 Sep 2008 187,392 ..SHR --- "C:\WINDOWS\system32\kavo2.dll"

Wed 6 Feb 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 6 Feb 2008 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"

Fri 28 Mar 2008 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"

Sun 15 Sep 2002 7,221 A..H. --- "C:\Documents and Settings\Casa\Desktop\StartHook.dll"

Mon 18 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Tue 27 Nov 2007 525,192 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\34724ce2be5d963d34d33d37894bf8b1\BIT5E.tmp"

Wed 6 Feb 2008 4,348 ...H. --- "C:\Documents and Settings\Casa\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv1key.bak"

Wed 6 Feb 2008 401 A..H. --- "C:\Documents and Settings\Casa\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv1lic.bak"

Mon 12 Nov 2007 312 A.SH. --- "C:\Documents and Settings\Casa\Meus documentos\Minhas m£sicas\Backup de Licen‡a\drmv2key.bak"

 

Finished!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções.

 

Delete a pasta qoobox que está localizada em C:\, delete também o Log ComboFix.txt também localizado em C:\.

 

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\k2d8j3wa.bat

C:\WINDOWS\KB1369769.ini

C:\r1y1.bat

C:\OutputFolder

C:\ktnquo.exe

C:\f.bat

C:\hpkq.cmd

C:\kk3.bat

F:\m6dqm2vd.exe

F:\oufddh.exe

E:\bpu.exe

D:\fufb6tq3.cmd

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{007c8316-946b-11dc-ae8b-0013d4ececad}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a3b98ef-b707-11dc-aa49-0013d4ececad}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4de2d8b3-2f34-11dd-99cd-0013d4ececad}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68142a2e-616a-11dd-9a2e-0013d4ececad}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abab42c1-a25a-11dc-92fb-0013d4ececad}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tá aqui os logs:

 

Combofix:

 

ComboFix 08-09-24.01 - Casa 2008-09-24 15:25:19.3 - NTFSx86

Executando de: C:\Documents and Settings\Casa\Meus documentos\Aplicativos Diversos\ComboFix.exe

Command switches used :: C:\Documents and Settings\Casa\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

C:\f.bat

C:\hpkq.cmd

C:\k2d8j3wa.bat

C:\kk3.bat

C:\ktnquo.exe

C:\OutputFolder

C:\r1y1.bat

C:\WINDOWS\KB1369769.ini

D:\fufb6tq3.cmd

E:\bpu.exe

F:\m6dqm2vd.exe

F:\oufddh.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\f.bat

C:\hpkq.cmd

C:\k2d8j3wa.bat

C:\kk3.bat

C:\ktnquo.exe

C:\r1y1.bat

C:\WINDOWS\KB1369769.ini

F:\m6dqm2vd.exe

F:\oufddh.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-24 to 2008-09-24 ))))))))))))))))))))))))))))))))

.

 

2008-09-23 20:26 . 2008-09-23 20:26 <DIR> d-------- C:\Arquivos de programas\TopDesk

2008-09-23 20:05 . 2008-09-23 20:05 <DIR> d-------- C:\Arquivos de programas\EA SPORTS

2008-09-23 17:15 . 2008-09-23 17:15 <DIR> d-------- C:\WINDOWS\ERUNT

2008-09-23 17:12 . 2008-09-23 17:33 <DIR> d-------- C:\SDFix

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-09-23 13:44 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-09-23 12:16 . 2008-09-23 12:16 993 --a------ C:\WINDOWS\wininit.ini

2008-09-23 06:07 . 2008-09-23 06:07 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-09-22 23:04 . 2008-09-23 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-09-22 22:19 . 2008-09-22 22:19 <DIR> d-------- C:\Arquivos de programas\IObit

2008-09-22 22:14 . 2008-09-24 13:20 <DIR> d-------- C:\Hijack

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-09-22 21:17 . 2008-09-23 13:44 <DIR> d-------- C:\Documents and Settings\Administrador

2008-09-21 22:25 . 2008-09-21 22:25 197 --a------ C:\WINDOWS\system32\MRT.INI

2008-09-05 15:12 . 2008-09-05 15:13 <DIR> d-------- C:\Arquivos de programas\VDOWNLOADER

2008-09-05 13:41 . 2008-09-05 13:41 <DIR> d-------- C:\OutputFolder

2008-09-01 19:17 . 2008-09-01 19:29 1,750,528 --a------ C:\WINDOWS\system32\wgapre32.dll

2008-09-01 13:16 . 2008-09-01 13:16 <DIR> d-------- C:\Arquivos de programas\Nero

2008-09-01 13:16 . 2008-09-01 13:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-29 13:23 . 2008-09-01 12:26 <DIR> d-------- C:\Arquivos de programas\Pivot Stickfigure Animator

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-24 19:05 --------- d-----w C:\Arquivos de programas\D-Tools

2008-09-24 18:41 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-09-24 18:35 --------- d-----w C:\Arquivos de programas\ViStart

2008-09-24 00:37 2,864 ----a-w C:\WINDOWS\system32\winsock.dll

2008-09-23 22:52 --------- d-----w C:\Arquivos de programas\free-downloads.net

2008-09-23 22:52 --------- d-----w C:\Arquivos de programas\Conduit

2008-09-22 16:43 14,328,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-09-22 16:26 556,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-09-22 02:30 53,132 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-09-22 02:30 194,468 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-09-17 00:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-09-01 23:46 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\Ahead

2008-09-01 17:07 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-08-23 00:27 --------- d-----w C:\Arquivos de programas\NitroPC

2008-08-18 22:44 --------- d-----w C:\Documents and Settings\Casa\Dados de aplicativos\uTorrent

2008-08-18 19:55 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-08-18 17:42 --------- d-----w C:\Arquivos de programas\Spyware Remover 7.0 Demo

2008-08-08 16:55 --------- d-----w C:\Arquivos de programas\Nokia

2008-08-02 03:58 --------- d-----w C:\Arquivos de programas\Dolphin

2008-08-01 20:22 40 ----a-w C:\Documents and Settings\Casa\language.dat

2008-07-24 18:06 --------- d-----w C:\Arquivos de programas\Vista Sidebar

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\WinFlip

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\VisualTooltip

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\ViOrb

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\TrueTransparency

2008-07-24 18:02 --------- d-----w C:\Arquivos de programas\Styler

2008-07-24 18:01 --------- d-----w C:\Arquivos de programas\LClock

2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-11 17:15 10,121,656 ----a-w C:\Arquivos de programas\Alcohol120_trial_1.9.7.6221.exe

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2007-12-24 20:58 8,351,908 ----a-w C:\Arquivos de programas\windows_sidebar_XP_PT_BR.rar

2007-08-31 18:40 2,234,899 ----a-w C:\Arquivos de programas\fastaero0751.rar

.

 

------- Sigcheck -------

 

2005-03-02 14:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2007-02-28 08:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2004-08-03 23:55 2070400 7b6e20eda4457e87986aabefa07ad0ba C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-02 14:08 2061056 d5ed391b213fa2a6ee25de5ab8512360 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 12:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

2008-04-13 22:00 2070144 f84054bfd1d688b901ad907499879bbd C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntkrnlpa.exe

2007-02-28 12:02 2071168 556bfec77107e78076d3d470cef72b9f C:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 12:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 12:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

 

2005-03-02 14:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2007-02-28 12:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2004-08-03 23:40 2194560 b09517124a659d5764b2e1760a609c2e C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-02 14:09 2183552 0da99d0cbd578ad96effd3a571ce8437 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 12:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2008-04-13 22:01 2193280 185f6c64734019e7e9f626e53cc37fb4 C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ntoskrnl.exe

2007-02-28 12:02 2193920 239adfb7b15a5d2032842f260d19d735 C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 12:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-02-28 12:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\system32\VITrans\ntoskrnl.exe

 

2007-06-13 09:21 1425920 16ad50b47ae6a73ba54cb016b85e4aa5 C:\WINDOWS\explorer.exe

2007-06-13 09:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-03 23:45 1424896 90a6eb2a3ce24982d96ee51f23b07de5 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2008-04-13 22:20 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\explorer.exe

2007-06-13 09:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 09:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\system32\VITrans\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{937833BF-40FC-46BC-806F-34201374A953}]

2008-09-01 19:29 1750528 --a------ C:\WINDOWS\system32\wgapre32.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ViStart"="C:\Arquivos de programas\ViStart\ViStart" [X]

"ViOrb"="C:\Arquivos de programas\ViOrb\ViOrb.exe" [2007-11-19 163840]

"VisualTaskTips"="C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2007-08-15 36352]

"LClock"="C:\Arquivos de programas\LClock\lclock.exe" [2004-09-20 65536]

"TrueTransparency"="C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe" [2008-06-24 372224]

"viwc"="C:\WINDOWS\system32\viwc.exe" [2007-11-30 329029]

"NitroPC"="C:\Arquivos de programas\NitroPC\NitroPC.exe" [2007-11-15 1975824]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2005-12-16 94208]

"AlcoholAutomount"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"kav"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 139367]

"TopDesk"="C:\Arquivos de programas\TopDesk\topdesk.exe" [2006-03-01 201216]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 7561216]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

 

C:\Documents and Settings\Casa\Menu Iniciar\Programas\Inicializar\

Styler.lnk - C:\Documents and Settings\Casa\Dados de aplicativos\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-07-05 15086]

Thoosje Vista Sidebar.lnk - C:\Arquivos de programas\Vista Sidebar\sidebar.exe [2008-07-24 524288]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoBandCustomize"= 0 (0x0)

"NoMovingBands"= 0 (0x0)

"NoCloseDragDropBands"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Documents and Settings\\Casa\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Alwil Software\\Avast4\\ashSimpl.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R4 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys [ ]

S3 AVPsys;AVPsys;C:\WINDOWS\system32\drivers\tdi.sys [2004-08-03 18560]

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-24 15:27:49

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d344prt]

"ImagePath"="System32\Drivers\d344prt.sys"

.

Tempo para conclusão: 2008-09-24 15:31:15

ComboFix-quarantined-files.txt 2008-09-24 19:31:11

 

Pre-Run: 17 pasta(s) 10.849.910.784 bytes disponíveis

Post-Run: 23 pasta(s) 10,849,513,472 bytes disponíveis

 

205 --- E O F --- 2008-09-22 02:25:41

 

 

 

HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:30:41, on 24/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\ViOrb\ViOrb.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\LClock\lclock.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Styler\Styler.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Extensão do Navegador - {937833BF-40FC-46BC-806F-34201374A953} - C:\WINDOWS\system32\wgapre32.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [TopDesk] C:\Arquivos de programas\TopDesk\topdesk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe

O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe

O4 - HKCU\..\Run: [ViStart] C:\Arquivos de programas\ViStart\ViStart

O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe"

O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Styler.lnk = ?

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Vista Sidebar\sidebar.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Search - ?p=ZCxdm451YYBR

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9322 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Kill Box

 

• Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

 

C:\WINDOWS\system32\viwc.exe

 

• Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;

• Clique no e responda Não à pergunta.

 

- Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

 

- Abra o HijackThis, clique em Do a system scan only e marque a entrada abaixo:

 

O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe

 

- Feche todas as janelas, clique em e em Sim;

 

- Reinicie em modo normal, gere novo log e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:17, on 2008-09-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Extensão do Navegador - {937833BF-40FC-46BC-806F-34201374A953} - C:\WINDOWS\system32\wgapre32.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn1\yt.dll

O4 - HKLM\..\Run: [kav] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [TopDesk] C:\Arquivos de programas\TopDesk\topdesk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe

O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\lclock.exe

O4 - HKCU\..\Run: [ViStart] C:\Arquivos de programas\ViStart\ViStart

O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\Casa\Meus documentos\TrueTransparency\TrueTransparency.exe"

O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Styler.lnk = ?

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Vista Sidebar\sidebar.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Search - ?p=ZCxdm451YYBR

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Arquivos de programas\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 7803 bytes

:thumbsup:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"viwc"=-

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.