[Resolvido!] Análise de Log Pff!

[Voltz 0]

Sou português e econtrei o vosso site ao acaso e reparei que tem sido bastante eficaz a ajudar todos os que aqui veem postar.

 

Gostaria que analiza-sem o meu Log do Hijackthis e deixo tb o log do Malwarebytes.

 

Obrigado e um abraço do outro lado do Oceano! ;D

 

 

LOG HIJACKTHIS:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 18:44:59, on 29-09-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\Programas\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Programas\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\V0220Mon.exe

C:\Programas\MSN Messenger\MsnMsgr.Exe

C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\programas\valve\steam\steam.exe

C:\Programas\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Programas\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Programas\Creative\ShareDLL\CADI\NotiMan.exe

C:\Programas\Stardock\ObjectDock\ObjectDock.exe

C:\Programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Programas\MSN Messenger\usnsvc.exe

C:\Programas\Teamspeak2_RC2\TeamSpeak.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Hijackthis\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {CE05B815-6F98-4ADD-AEB7-60BB2D4264F1} - (no file)

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVFX Engine] C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [CTDVDDET] "C:\Programas\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [RCSystem] "C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programas\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [VolPanel] "C:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\programas\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Programas\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programas\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...327/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{46905F53-7FE6-458C-BF82-49AEE15D009D}: NameServer = 212.113.161.226,212.113.161.227

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Programas\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

O23 - Service: Route Access Protocol Graphics (RAPG) - Sonic Solutions - (no file)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programas\Spyware Doctor\pctsSvc.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

 

--

End of file - 10678 bytes

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

LOG MALWAREBYTES:

 

Malwarebytes' Anti-Malware 1.28

Versão do banco de dados: 1168

Windows 5.1.2600 Service Pack 3

 

29-09-2008 18:52:32

mbam-log-2008-09-29 (18-52-32).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 51465

Tempo decorrido: 8 minute(s), 17 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registo infectadas: 0

Valores do Registo infectados: 0

Ítens do Registo infectados: 0

Pastas infectadas: 0

Ficheiros infectados: 0

 

Processos da Memória infectados:

(Nenhum item malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum item malicioso foi detectado)

 

Chaves do Registo infectadas:

(Nenhum item malicioso foi detectado)

 

Valores do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Ítens do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Pastas infectadas:

(Nenhum item malicioso foi detectado)

 

Ficheiros infectados:

(Nenhum item malicioso foi detectado)

[Silas Martins 0]

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

[Voltz 0]

Aqui está e obrigado mais uma vez!

 

 

ComboFix 08-09-28.01 - Administrador 2008-09-29 21:40:22.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.602 [GMT 1:00]Executando de: C:\Documents and Settings\Administrador\Ambiente de trabalho\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\regedit.com

C:\WINDOWS\system32\taskmgr.com

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-28 to 2008-09-29 ))))))))))))))))))))))))))))))))

.

 

2008-09-27 15:02 . 2008-09-27 15:02 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-09-27 15:02 . 2008-09-27 15:02 <DIR> d-------- C:\Programas\microsoft frontpage

2008-09-27 14:07 . 2008-09-27 14:07 <DIR> d-------- C:\WINDOWS\system32\bits

2008-09-27 14:07 . 2008-09-27 14:07 <DIR> d-------- C:\WINDOWS\l2schemas

2008-09-27 13:34 . 2008-09-27 13:34 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-09-24 15:35 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

2008-09-18 16:46 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll

2008-09-18 16:22 . 2008-09-18 16:23 <DIR> d-------- C:\Programas\Malwarebytes' Anti-Malware

2008-09-18 16:22 . 2008-09-18 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-18 16:22 . 2008-09-18 16:22 <DIR> d-------- C:\Documents and Settings\Administrador\Application Data\Malwarebytes

2008-09-18 16:22 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-18 16:22 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-18 16:16 . 2008-09-29 18:44 <DIR> d-------- C:\Hijackthis

2008-09-15 21:07 . 2008-09-15 21:07 <DIR> d-------- C:\Programas\Electronic Arts

2008-09-15 21:06 . 2008-09-15 21:06 <DIR> d-------- C:\WINDOWS\system32\AGEIA

2008-09-15 21:06 . 2008-09-15 21:07 <DIR> d-------- C:\Programas\AGEIA Technologies

2008-09-11 18:00 . 2008-09-11 18:00 <DIR> d-------- C:\Programas\TuneUp Utilities 2006

2008-09-06 21:29 . 2008-09-06 21:29 <DIR> d-------- C:\Programas\DAEMON Tools Lite

2008-09-06 21:18 . 2008-09-06 21:18 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-27 14:06 --------- d-----w C:\Programas\MSN Messenger

2008-09-25 15:35 --------- d-----w C:\Programas\World of Warcraft

2008-09-22 11:21 --------- d-----w C:\Documents and Settings\Administrador\Application Data\uTorrent

2008-09-19 17:09 --------- d-----w C:\Documents and Settings\Administrador\Application Data\Hamachi

2008-09-15 20:30 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-09-15 20:04 --------- d--h--w C:\Programas\InstallShield Installation Information

2008-09-15 20:02 --------- d-----w C:\Programas\Activision

2008-09-11 16:59 --------- d-----w C:\Programas\Ficheiros comuns\Wise Installation Wizard

2008-09-04 13:58 --------- d-----w C:\Documents and Settings\Administrador\Application Data\Gearbox Software

2008-08-29 07:18 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-08-27 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-27 19:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-08-27 19:07 --------- d-----w C:\Programas\Spybot - Search & Destroy

2008-08-27 18:22 --------- d-----w C:\Programas\Spyware Doctor

2008-08-27 18:22 --------- d-----w C:\Programas\MP3 WAV Converter

2008-08-27 18:13 --------- d-----w C:\Programas\TeaTimer (Spybot - Search & Destroy)

2008-08-25 12:22 --------- d-----w C:\Programas\Java

2008-07-22 23:57 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-04-28 14:45 22,328 ----a-w C:\Documents and Settings\Administrador\Application Data\PnkBstrK.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"Steam"="c:\programas\valve\steam\steam.exe" [2008-03-29 1271032]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"Creative Detector"="C:\Programas\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

"DAEMON Tools Lite"="C:\Programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]

"HP Software Update"="C:\Programas\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]

"HP Component Manager"="C:\Programas\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]

"AVFX Engine"="C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]

"CTDVDDET"="C:\Programas\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"RCSystem"="C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]

"AudioDrvEmulator"="C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]

"VolPanel"="C:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]

"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AppleSyncNotifier"="C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-03 116040]

"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2008-05-27 413696]

"iTunesHelper"="C:\Programas\iTunes\iTunesHelper.exe" [2008-07-09 289064]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]

"V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 32768]

"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 C:\WINDOWS\LOGI_MWX.EXE]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 C:\WINDOWS\KHALMNPR.Exe]

"NvMediaCenter"="NvMCTray.dll" [2006-10-22 C:\WINDOWS\system32\nvmctray.dll]

"CTHelper"="CTHELPER.EXE" [2005-08-07 C:\WINDOWS\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 C:\WINDOWS\system32\CTXFIHLP.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\

Adobe Reader Speed Launch.lnk - C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

HP Digital Imaging Monitor.lnk - C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]

Image Transfer.lnk - C:\Programas\Sony Corporation\Image Transfer\SonyTray.exe [2003-01-07 73728]

Logitech SetPoint.lnk - C:\Programas\Logitech\SetPoint\SetPoint.exe [2005-12-27 434176]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"PAVSRV"=2 (0x2)

"PavPrSrv"=2 (0x2)

"PavProt"=2 (0x2)

"Pavkre"=2 (0x2)

"PAVFNSVR"=2 (0x2)

"PAVFIRES"=2 (0x2)

"PASSRV"=2 (0x2)

"PSIMSVC"=2 (0x2)

"PREVSRV"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programas\\Valve\\Steam\\Steam.exe"=

"C:\\Programas\\Valve\\Steam\\SteamApps\\tiaguito_monteiro@hotmail.com\\day of defeat\\hl.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Programas\\Valve\\Steam\\SteamApps\\tiaguito_monteiro@hotmail.com\\half-life\\hl.exe"=

"C:\\Programas\\Valve\\Steam\\SteamApps\\tiaguito_monteiro@hotmail.com\\counter-strike\\hl.exe"=

"C:\\Programas\\LimeWire\\LimeWire.exe"=

"C:\\Programas\\Valve\\Steam\\SteamApps\\tiaguito_monteiro@hotmail.com\\counter-strike source\\hl2.exe"=

"C:\\Programas\\Valve\\Steam\\SteamApps\\tiaguito_monteiro@hotmail.com\\half-life 2\\hl2.exe"=

"C:\\Programas\\Valve\\Steam\\SteamApps\\tiaguito_monteiro@hotmail.com\\half-life 2 deathmatch\\hl2.exe"=

"C:\\Programas\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Programas\\Valve\\Steam\\SteamApps\\tiaguito_monteiro@hotmail.com\\dedicated server\\hlds.exe"=

"C:\\Programas\\HP\\HP Software Update\\HPWUCli.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\StubInstaller.exe"=

"C:\\Programas\\Valve\\Steam\\SteamApps\\tiaguito_monteiro@hotmail.com\\day of defeat source\\hl2.exe"=

"C:\\Programas\\Valve\\Steam\\SteamApps\\tiaguito_monteiro@hotmail.com\\dedicated server\\hltv.exe"=

"C:\\Programas\\Valve\\Steam\\SteamApps\\tiaguito_monteiro@hotmail.com\\half-life blue shift\\hl.exe"=

"C:\\Programas\\World of Warcraft\\BackgroundDownloader.exe"=

"C:\\Programas\\Valve\\Steam\\SteamApps\\tiaguito_monteiro@hotmail.com\\source sdk base\\hl2.exe"=

"C:\\Programas\\uTorrent\\utorrent.exe"=

"C:\\Programas\\Hamachi\\hamachi.exe"=

"C:\\Programas\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"=

"C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programas\\SightSpeed\\SightSpeed.exe"=

"C:\\Programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"C:\\Programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Documents and Settings\\Administrador\\Definições locais\\Application Data\\Dyyno Receiver\\DPPM.exe"=

"C:\\Programas\\iTunes\\iTunes.exe"=

"C:\\Programas\\Valve\\Steam\\SteamApps\\tiaguito_monteiro@hotmail.com\\source sdk base 2007\\hl2.exe"=

"C:\\Programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Programas\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programas\\MSN Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R0 netflt;Panda Preventium Driver.;C:\WINDOWS\system32\Drivers\netflt.sys [2003-03-12 183424]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2003-03-12 26656]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]

R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2003-03-12 16640]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2003-03-12 163856]

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 1093632]

R3 NtApm;Controlador de interface Legacy/NT Apm;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-11-20 9472]

S0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [ ]

S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [ ]

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]

S3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 146112]

S3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 6272]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Administrador\Application Data\Mozilla\Firefox\Profiles\ptxfjuz7.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com

FF -: plugin - C:\Documents and Settings\Administrador\Application Data\Mozilla\Firefox\Profiles\ptxfjuz7.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll

FF -: plugin - C:\Programas\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Programas\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - C:\Programas\Dyyno\Dyyno Player\npvlc.dll

FF -: plugin - C:\Programas\iTunes\Mozilla Plugins\npitunes.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-29 21:44:13

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

C:\WINDOWS\TEMP\f5cb03dd-beff-4987-9b98-2a446fb20d42.tmp 0 bytes

 

Varredura completada com sucesso

Ficheiros ocultos: 1

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

Tempo para conclusão: 2008-09-29 21:45:35

ComboFix-quarantined-files.txt 2008-09-29 20:45:30

 

Pre-Run: 29.745.500.160 bytes livres

Post-Run: 29,857,181,696 bytes livres

 

213 --- E O F --- 2008-09-29 00:20:01

[Silas Martins 0]

Poste novo log do Hijackthis

[Voltz 0]

Aqui está

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 21:21:31, on 30-09-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\Programas\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe

C:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Programas\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\V0220Mon.exe

C:\Programas\Creative\MediaSource\Detector\CTDetect.exe

C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Programas\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Stardock\ObjectDock\ObjectDock.exe

C:\Programas\Creative\ShareDLL\CADI\NotiMan.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Programas\MSN Messenger\usnsvc.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Hijackthis\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVFX Engine] C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [CTDVDDET] "C:\Programas\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [RCSystem] "C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programas\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [VolPanel] "C:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\programas\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Programas\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programas\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...327/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{46905F53-7FE6-458C-BF82-49AEE15D009D}: NameServer = 212.113.161.226,212.113.161.227

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Programas\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

O23 - Service: Route Access Protocol Graphics (RAPG) - Sonic Solutions - (no file)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programas\Spyware Doctor\pctsSvc.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

 

--

End of file - 10222 bytes

[Silas Martins 0]

Baixe o Ccleaner aqui

Como usar:

. Abra o ccleaner clicando no comando limpador e clique no comando analizar , aguarde o scam completo , logo após clique no comando executar cleaner , em seguida clique no comando erros e procurar erros , aguarde o scam , assim q terminar clique na opção corrigir erros selecionados , opte para a opção salvar em alguma pasta as alterações do registro para futuras consultas .

Poste novo log do hiajckthis, após execução do Ccleaner.

[Voltz 0]

Aqui está o log do Hijackthis após execução do Ccleaner, obrigado de novo.

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 22:04:57, on 30-09-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Programas\HP\HP Software Update\HPWuSchd2.exe

C:\Programas\HP\hpcoretech\hpcmpmgr.exe

C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\Programas\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe

C:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Programas\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\V0220Mon.exe

C:\Programas\Creative\MediaSource\Detector\CTDetect.exe

C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Programas\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Stardock\ObjectDock\ObjectDock.exe

C:\Programas\Creative\ShareDLL\CADI\NotiMan.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Programas\MSN Messenger\usnsvc.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Hijackthis\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVFX Engine] C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [CTDVDDET] "C:\Programas\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [RCSystem] "C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programas\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programas\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [VolPanel] "C:\Programas\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\programas\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Programas\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programas\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...327/mcfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{46905F53-7FE6-458C-BF82-49AEE15D009D}: NameServer = 212.113.161.226,212.113.161.227

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Programas\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

O23 - Service: Route Access Protocol Graphics (RAPG) - Sonic Solutions - (no file)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programas\Spyware Doctor\pctsSvc.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

 

--

End of file - 10262 bytes

[Silas Martins 0]

Log Limpo

Percebes ainda algo estranho no comportamento do seu pc?

Aguardo retorno.

[Voltz 0]

Está tdo bom agora, obrigado e um grande abraço!

[Silas Martins 0]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.