[Resolvido!]pc muito lento

[fair 0]

Oi, está difícil manter a ligação. Pc desliga sozinho e resolvi pedir ajuda aí que n sei mais o que fazer.

Meu sistema é o XP e uso o Bitdefender mas está acusando virus.

 

valeu qualquer ajuda, por favor.

[Mário Monteiro 179]

Siga o topico e post um log

 

Regra Nº 02 - Utilizando O Hijackthis.

[fair 0]

Oi Mário,

 

Depois de instalar esse programa só não reiniciei (n sei se faz diferença) receando perder de novo a ligação.

 

Segue o Log pedido, agradecendo a sua ajuda:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:43:58, on 22-10-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxdjcoms.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS\system32\SupportAppPT\ztemon.exe

C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe

C:\Programas\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Programas\Softwin\BitDefender10\bdmcon.exe

C:\Programas\Softwin\BitDefender10\bdagent.exe

C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Programas\Wireless Console 2\wcourier.exe

C:\Programas\ASUS\Splendid\ACMON.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\ATK Hotkey\Hcontrol.exe

C:\Programas\Lexmark 1400 Series\lxdjamon.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Programas\Windows Sidebar\sidebar.exe

C:\Programas\ATK Hotkey\ATKOSD.exe

C:\Programas\ATK Hotkey\WDC.exe

C:\Programas\Windows Sidebar\sidebar.exe

C:\Programas\MODEM MF622\Modem.exe

C:\Programas\Softwin\BitDefender10\bdlite.exe

C:\Programas\hijackt\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [bDMCon] "C:\Programas\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Programas\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [sMSERIAL] C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Programas\Lexmark 1400 Series\lxdjmon.exe"

O4 - HKLM\..\Run: [lxdjamon] "C:\Programas\Lexmark 1400 Series\lxdjamon.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Programas\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [gwdwin] C:\Programas\wsmcw\gwdwin.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214500437625

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{23901DA7-3C91-4605-A9AD-BD6DBA7C5470}: NameServer = 212.55.154.174 10.11.12.14

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programas\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe

O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

 

--

End of file - 9209 bytes

[DigRam 144]

Bom Dia! fair

 

<@> Vá a este Link,e baixe:

 

< Malwarebytes >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Rápido!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens,detectados,para a quarentena.

<@> Para maiores detalhes: < Link >

-----------------------

<@> Poste,os relatórios: mbam-log-10-21-2008 (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[fair 0]

Oi DigRam,

 

Te agradeço as instruções dadas que já efectuei e então passo os Logs pedidos pela ordem feita:

 

 

Malwarebytes' Anti-Malware 1.29

Versão do banco de dados: 1276

Windows 5.1.2600 Service Pack 3

 

22-10-2008 14:44:49

mbam-log-2008-10-22 (14-44-49).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 47833

Tempo decorrido: 52 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registo infectadas: 0

Valores do Registo infectados: 0

Ítens do Registo infectados: 0

Pastas infectadas: 0

Ficheiros infectados: 0

 

Processos da Memória infectados:

(Nenhum item malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum item malicioso foi detectado)

 

Chaves do Registo infectadas:

(Nenhum item malicioso foi detectado)

 

Valores do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Ítens do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Pastas infectadas:

(Nenhum item malicioso foi detectado)

 

Ficheiros infectados:

(Nenhum item malicioso foi detectado)

 

 

Não consegui actualizar o HijackThis, mas baixei após indicação aqui, faz apenas horas, segue:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:45:38, on 22-10-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxdjcoms.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS\system32\SupportAppPT\ztemon.exe

C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Programas\Softwin\BitDefender10\bdmcon.exe

C:\Programas\Softwin\BitDefender10\bdagent.exe

C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Programas\Wireless Console 2\wcourier.exe

C:\Programas\ASUS\Splendid\ACMON.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\ATK Hotkey\Hcontrol.exe

C:\Programas\Lexmark 1400 Series\lxdjamon.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Programas\Windows Sidebar\sidebar.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Programas\Softwin\BitDefender10\vsserv.exe

C:\Programas\Windows Sidebar\sidebar.exe

C:\Programas\ATK Hotkey\ATKOSD.exe

C:\Programas\ATK Hotkey\WDC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programas\hijackt\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [bDMCon] "C:\Programas\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Programas\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [sMSERIAL] C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Programas\Lexmark 1400 Series\lxdjmon.exe"

O4 - HKLM\..\Run: [lxdjamon] "C:\Programas\Lexmark 1400 Series\lxdjamon.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programas\Malwbytes\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Programas\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [gwdwin] C:\Programas\wsmcw\gwdwin.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214500437625

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programas\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe

O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

 

--

End of file - 9203 bytes

 

 

agradecendo uma vez mais :thumbsup:

[DigRam 144]

Bom Dia! fair

 

<@> Baixe: < >

 

< ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe >

 

<@> Salve-o no Desktop!

<@> Execute o arquivo: drweb-cureit.exe

<@> Clique em Iniciar e escolha a verificação express scan.

<@> Se for encontrado,algum ficheiro infectado,clique no botão yes,para acionar a cura.

<@> Quando o scan rápido terminar,clique em Opções --> Alterar Definições.

<@> Na aba Verificação,desmarque a Análise Heurística e confirme!

<@> De volta à janela principal,marque os drives que você deseja examinar.

<@> Selecione todos! Um ponto vermelho,vai indicar os drives selecionados.

<@> Clique na seta verde,para iniciar o exame.

 

 

<@> Caso haja uma solicitação,para curar/mover o arquivo,clique em Sim,para todos.

<@> Quando o exame terminar,observe se o ícone "objetos encontrados" < > está habilitado.

<@> Se estiver,clique nele!

<@> À seguir clique no ícone,logo abaixo,e selecione: Mover incuráveis

 

 

<@> Caso o programa não possa curá-los,ele irá move-los para a pasta Quarentena,no diretório DoctorWeb.

<@> Feito isto, vá no menu superior e clique na opção Ficheiros --> Guardar listas de arquivos.

<@> Salve a lista no desktop. ( DrWeb.csv ) <-- Relatório para postagem!

<@> Feche o programa!

<@> Reinicie o computador,para que o programa termine de deletar/mover,os arquivos que estavam sendo utilizados.

 

Abraços!

[fair 0]

Bom dia para você também DigRam :thumbsup:

 

Uma vez mais seguindo suas instruções, cá estão os resultados.

O programa instalado não deu opção nenhuma de "curar" os ficheiros encontrados e foi movendo-os todos.

feita a reiniciação, segue o relatório Dr.Web, guardado no desktop :

 

 

irc.exe C:\Programas\gwbdrx Modificação de BackDoor.Generic.880 Movido.

file.exe\gwdwin.exe C:\Programas\Microsoft Studio Files\file.exe Modificação de BackDoor.Generic.1338

file.exe\irc.exe C:\Programas\Microsoft Studio Files\file.exe Modificação de BackDoor.Generic.880

file.exe C:\Programas\Microsoft Studio Files O arquivo contém objectos infectados Movido.

irc.exe C:\Programas\wsmcw Modificação de BackDoor.Generic.880 Movido.

img76.exe\irc.exe C:\Programas\wsmcw\install\img76.exe Modificação de BackDoor.Generic.880

img76.exe\mwstwn.exe C:\Programas\wsmcw\install\img76.exe Modificação de BackDoor.Generic.1338

img76.exe C:\Programas\wsmcw\install O arquivo contém objectos infectados Movido.

A0018293.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220 Modificação de BackDoor.Generic.880 Movido.

A0018294.exe\gwdwin.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220\A0018294.exe Modificação de BackDoor.Generic.1338

A0018294.exe\irc.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220\A0018294.exe Modificação de BackDoor.Generic.880

A0018294.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220 O arquivo contém objectos infectados Movido.

A0018295.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220 Modificação de BackDoor.Generic.880 Movido.

A0018296.exe\irc.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220\A0018296.exe Modificação de BackDoor.Generic.880

A0018296.exe\mwstwn.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220\A0018296.exe Modificação de BackDoor.Generic.1338

A0018296.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP220 O arquivo contém objectos infectados Movido.

A0009026.exe\gwdwin.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP82\A0009026.exe Modificação de BackDoor.Generic.1338

A0009026.exe\irc.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP82\A0009026.exe Modificação de BackDoor.Generic.880

A0009026.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP82 O arquivo contém objectos infectados Movido.

A0009028.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP82 Modificação de BackDoor.Generic.1338 Movido.

A0009313.exe\gwdwin.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP91\A0009313.exe Modificação de BackDoor.Generic.1289

A0009313.exe\irc.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP91\A0009313.exe Modificação de BackDoor.Generic.880

A0009313.exe C:\System Volume Information\_restore{E9A6E66D-E22A-4E8B-A76C-BE0FFE27B017}\RP91 O arquivo contém objectos infectados Movido.

 

DigRam peço desculpa por não ter conseguido passar melhor o relatório, mas não domino o Office 007

 

entretanto o antivirus ia alertando tantos outros como:

 

trojan spy Banker.AAYX

trojan spy Banker .VB.V

trojan spy Banker.VBW

trojan spy Banker.AAZA

trojan spy Banker.B0S

 

trojan bancos. PXD

trojan downloader IKNa

 

e trojan Generics sem fim, que fui ao Virus Total analisar pelo menos um, do qual junto o Log:

 

Vírus total:

Arquivo lsass.exe recebido em 2008.10.23 08:10:18 (CET)

Andamento: terminado

Resultado: 5/36 (13.89%)

Modo compacto

Imprimir resultados

Email:

 

 

 

Antivírus Versão Última Atualização Resultado

AhnLab-V3 2008.10.22.0 2008.10.23 -

AntiVir 7.9.0.5 2008.10.22 -

Authentium 5.1.0.4 2008.10.23 -

Avast 4.8.1248.0 2008.10.22 Win32:Trojan-gen {Other}

AVG 8.0.0.161 2008.10.23 -

BitDefender 7.2 2008.10.23 -

CAT-QuickHeal 9.50 2008.10.23 -

ClamAV 0.93.1 2008.10.23 -

DrWeb 4.44.0.09170 2008.10.23 -

eSafe 7.0.17.0 2008.10.22 -

eTrust-Vet 31.6.6164 2008.10.22 -

Ewido 4.0 2008.10.22 -

F-Prot 4.4.4.56 2008.10.22 -

F-Secure 8.0.14332.0 2008.10.23 Trojan-Downloader.Win32.VB.hik

Fortinet 3.113.0.0 2008.10.22 -

GData 19 2008.10.23 Win32:Trojan-gen {Other}

Ikarus T3.1.1.44.0 2008.10.23 Trojan-Spy.Win32.Banker.ARQ

K7AntiVirus 7.10.503 2008.10.22 -

Kaspersky 7.0.0.125 2008.10.23 Trojan-Downloader.Win32.VB.hik

McAfee 5412 2008.10.23 -

Microsoft 1.4005 2008.10.23 -

NOD32 3547 2008.10.22 -

Norman 5.80.02 2008.10.22 -

Panda 9.0.0.4 2008.10.22 -

PCTools 4.4.2.0 2008.10.22 -

Prevx1 V2 2008.10.23 -

Rising 20.67.22.00 2008.10.22 -

SecureWeb-Gateway 6.7.6 2008.10.22 -

Sophos 4.34.0 2008.10.23 -

Sunbelt 3.1.1745.1 2008.10.22 -

Symantec 10 2008.10.23 -

TheHacker 6.3.1.0.124 2008.10.23 -

TrendMicro 8.700.0.1004 2008.10.23 -

VBA32 3.12.8.8 2008.10.22 -

ViRobot 2008.10.23.1433 2008.10.23 -

VirusBuster 4.5.11.0 2008.10.22 -

Informações adicionais

File size: 80896 bytes

MD5...: ff19c3673683212acba055279b4396b6

SHA1..: 060a51e4c0dac62cbe6540e45b4e0e5a2f050fe3

SHA256: 29699359d5639fba5eb7b5ecc09012f57031bf01065d615481148d3d132ce268

SHA512: ef7d6aad66ffdfddd169f54f8a5e674e7b8119606941adf146f8c7a2d7e4ba7a

8e5cb9acaef14b2aac84359f37583c2cd1a0532797fb8479628acc31de188f5b

PEiD..: -

TrID..: File type identification

Win32 Executable Microsoft Visual Basic 5 (86.3%)

Windows Screen Saver (5.0%)

Win32 Executable Generic (3.3%)

Win32 Dynamic Link Library (generic) (2.9%)

Win16/32 Executable Delphi generic (0.8%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x401b60

timedatestamp.....: 0x48776e00 (Fri Jul 11 14:28:16 2008)

machinetype.......: 0x14c (I386)

 

( 5 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0xe884 0xea00 5.57 7b9a9f6b9a634ef8358bd97b8053daac

.data 0x10000 0x140c 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b

.idata 0x12000 0x860 0xa00 4.99 11107fbe378e1a4419716f50f94bacb6

.rsrc 0x13000 0x2b54 0x2c00 4.45 d923bd19078431cf9d21f837ec0fe301

.reloc 0x16000 0x1532 0x1600 6.46 24347da21382fb8a06c974f618d2aa98

 

( 1 imports )

> MSVBVM50.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, __vbaEnd, __vbaPut3, _adj_fdiv_m64, __vbaFreeObjList, -, _adj_fprem1, -, -, __vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaExitProc, -, -, -, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaStrFixstr, -, _CIsin, -, -, -, __vbaChkstk, -, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, -, __vbaVarTstEq, __vbaI2I4, DllFunctionCall, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaRedim, EVENT_SINK_Release, -, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaExceptHandler, __vbaPrintFile, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, -, __vbaFPException, __vbaStrVarVal, __vbaVarCat, -, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaInStr, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaI4Str, __vbaFreeStrList, -, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaStrToAnsi, -, __vbaFpI2, __vbaVarCopy, -, _CIatan, __vbaStrMove, _allmul, _CItan, __vbaUI1Var, __vbaFPInt, _CIexp, __vbaFreeStr, __vbaFreeObj

 

( 0 exports )

:blink:

 

Não sei te agradecer, abraços!

[DigRam 144]

Boa Noite! fair

 

<@> BAIXE: < Kaspersky Virus Removal Tool >

-----------------------------

<@> Faça o download da atualização mais recente! <-- Observe as datas!

<@> Salve-o em Arquivos de Programas!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Execute a ferramenta com um duplo-clique,em seu executável.

<@> Abrir-se-á,a seguinte janela:

 

 

<@> Na opção: Manual Cure,marque todas as caixas e clique em Scan.

<@> Terminando o scan,copie e poste o relatório.

<@> Procure postar,apenas,a parte que indica as remoções efetuadas pela ferramenta.

<@> Poste,também,HijackThis atualizado.

 

Ps: Confirme a solicitação de remoção,aos arquivos detectados!

Abraços!

[fair 0]

Boa tarde! DigRam :thumbsup:

 

Cá estou de novo com outros resultados, procurando seguir direitinho suas valiosas instruções e aqui seguem os relatórios, ambos feitos igualmente em modo seguro. Nossa! Veja só quantos malwares esse programinha "curou"!

 

Segue então o resumo "possível", mas veja que não é pouca bagunça não :wacko:

 

Detected

--------

Status Object

------ ------

deleted: Trojan program Backdoor.Win32.VB.eqx File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/gwdwin.exe

deleted: Trojan program Trojan-Downloader.Win32.Agent.wlv File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/iek.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cbz File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/live.exe

deleted: Trojan program Trojan-Downloader.Win32.VB.fvo File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/mlst.exe

deleted: Trojan program Trojan-Downloader.Win32.VB.fvp File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/mon.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cca File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/rds.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cca File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009026.exe/replay.exe

deleted: Trojan program Backdoor.Win32.VB.eqx File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009028.exe

deleted: Trojan program Backdoor.Win32.VB.etm File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/gwdwin.exe

deleted: Trojan program Trojan-Downloader.Win32.Agent.xjy File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/iek.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cdd File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/live.exe

deleted: Trojan program Trojan-Downloader.Win32.VB.gbv File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/mlst.exe

deleted: Trojan program Trojan-Downloader.Win32.VB.gbu File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/mon.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.csj File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/msgex.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cdd File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/rds.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.ceo File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0009313.exe/replay.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cbj File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/gf.exe

deleted: Trojan program Backdoor.Win32.VB.eny File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/gwdwin.exe

deleted: Trojan program Trojan-Downloader.Win32.Agent.wcx File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/iek.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cbk File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/live.exe

deleted: Trojan program Trojan-Downloader.Win32.VB.fso File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/mlst.exe

deleted: Trojan program Trojan-Downloader.Win32.VB.fso File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/mon.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cbk File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/msgex.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cbl File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/rds.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cbl File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/replay.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cbl File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/santander.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cbl File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/varios.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cbm File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018294.exe/bradesco.exe

deleted: Trojan program Trojan-Downloader.Win32.Agent.ydp File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/iek.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.ceq File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/live.exe

deleted: Trojan program Trojan-Downloader.Win32.VB.gfd File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/mlst.exe

deleted: Trojan program Trojan-Downloader.Win32.VB.gfd File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/mon.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.csn File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/msgex.exe

deleted: Trojan program Backdoor.Win32.VB.ewc File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/mwstwn.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cer File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/rds.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cer File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\A0018296.exe/replay.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cbm File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\file.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cer File: C:\Documents and Settings\Vicente\DoctorWeb\Quarantine\img76.exe

deleted: Trojan program Trojan-Downloader.Win32.Agent.ydp File: C:\Programas\gwbdrx\iek.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.ceq File: C:\Programas\gwbdrx\live.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.csn File: C:\Programas\gwbdrx\msgex.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cer File: C:\Programas\gwbdrx\rds.exe

deleted: Trojan program Trojan-Downloader.Win32.Banload.dzk File: C:\Programas\gwbdrx\vcdg.bat

deleted: Trojan program Trojan-Downloader.Win32.VB.hik File: C:\Programas\Microsoft Studio Files\lsass.exe

deleted: Trojan program Trojan-Downloader.Win32.Banload.dzk File: C:\Programas\Microsoft Studio Files\vcdg.bat

deleted: Trojan program Trojan-Banker.Win32.Bancos.csj File: C:\Programas\wsmcw\msgex.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.ceo File: C:\Programas\wsmcw\replay.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.cbq File: C:\Programas\wsmcw\plugins\bbvar.exe/varios.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.ccp File: C:\Programas\wsmcw\plugins\ilmmrr.exe/replay.exe

deleted: Trojan program Trojan-Downloader.Win32.Agent.wtk File: C:\Programas\wsmcw\plugins\ilmmrr.exe/iek.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.ccp File: C:\Programas\wsmcw\plugins\ilmmrr.exe/live.exe

deleted: Trojan program Trojan-Downloader.Win32.VB.fyk File: C:\Programas\wsmcw\plugins\ilmmrr.exe/mlst.exe

deleted: Trojan program Trojan-Downloader.Win32.VB.fxh File: C:\Programas\wsmcw\plugins\ilmmrr.exe/mon.exe

deleted: Trojan program Trojan-Banker.Win32.Bancos.ccp File: C:\Programas\wsmcw\plugins\ilmmrr.exe/rds.exe

 

Log do HijackThis completo :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:12:07, on 24-10-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\hijackt\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [bDMCon] "C:\Programas\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Programas\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [sMSERIAL] C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [lxdjamon] "C:\Programas\Lexmark 1400 Series\lxdjamon.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

O4 - HKCU\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

O4 - HKCU\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\npjpi160_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\npjpi160_06.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214500437625

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programas\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe

O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

 

--

End of file - 7228 bytes

 

Obrigadão por sua ajuda! :thumbsup:

 

abraços!

[DigRam 144]

Bom Dia! fair

 

<!> Caso,ainda,tenha problemas de conecção,execute este programa: WinsockFix

<!> Ps: Execute-o,somente,em Modo de Segurança e com a conecção comprometida ou instável.

----------------------

<@> Baixe: < WinsockFix >

<@> Salve-o no Desktop!

<@> Reinicie o computador em Modo de Segurança!

<@> Execute o WinsockFix!

<@> Duplo clique em WinsockFix.exe

<@> Abrir-se-á a janela: VB_Winfix 1.2

<@> Clique em Fix.

<@> Surgirá uma mensagem! >> Clique em Sim!

<@> Terminando,reinicie normalmente o computador!

----------------------

<!> Baixe: < ATF-Cleaner >

----------------------

<!> Salve-o no Desktop!

<!> Reinicie o computador,em Modo de Segurança.

<!> Clique em ATF-Cleaner.exe

<!> Em "Select Files To Delete",marque Select All.

<!> Clique em Empty Selected.

<!> Na janela Done Cleaning,dê o OK --> Exit

 

<!> Atenção: Se utiliza o Firefox:

 

* No topo,clique em Firefox e escolha: Select All --> Clique em Empty Selected.

 

<!> Atenção: Se utiliza o Opera:

 

* No topo,clique em Opera e escolha: Select All --> Clique em Empty Selected.

-----------------------

<@> Baixe: < Runscanner v. 1.7.0.0 >

<@> Salve-o no Disco Local-C,e descompacte-o aí mesmo.

<@> Abra o programa e,com o botão Expert mode já marcado,clique Ok.

<@> Feche todas as janelas/programas,antes de executar este utilitário.

<@> Rode-o,clicando em Scan computer. <-- Aguarde!

<@> Terminando,clique no menu: Online analysis

<@> Abrirá a página: online malware analysis report

------------------------

<@> Poste,na sua resposta,o Link referente à esta análise. <-- Digite o endereço!

 

Abraços!

[fair 0]

Bom dia! DigRam

 

 

 

Como a conecção melhorou bastante e graças a sua ajuda, passei do 1º passo sugerido, para os seguintes :thumbsup:

e então passei já a limpeza do ATF-Cleaner e de seguida, o scan com o Runscanner cujo Link para o relatório pedido, segue em baixo:

 

http://www.runscanner.net/report.aspx?repo...78-391ff749d15b

 

Agora o que acontece, é que o anti-virus se queixa e volta e meia "ameaça" suspender, pode? :blink: Só se está se achando com menos trabalho! :clap:

rsrsrs

 

Continuação do seu excelente contributo que muito agradeço. Abraços!

[DigRam 144]

Boa Noite! fair

 

<!> O relatório foi removido do Link e,devido à isso,executaremos o ComboFix.

-----------------------

<@> Baixe: < ComboFix.exe >

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N".

-----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[fair 0]

Boa Tarde e Bom domingo para você! DigRam,

 

E uma vez mais obrigada pela ajuda! A conecção melhorou bastante e tudo o mais. Passei o ComboFix em modo normal e segue o Relatório:

 

ComboFix 08-10-25.01 - Vicente 2008-10-26 12:59:58.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.1501 [GMT 0:00]

Executando de: C:\Documents and Settings\Vicente\Ambiente de trabalho\ComboFix.exe

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-26 to 2008-10-26 ))))))))))))))))))))))))))))

.

 

2008-10-26 12:37 . 2008-10-26 12:37 <DIR> d-------- C:\WINDOWS\LastGood

2008-10-25 08:44 . 2008-10-25 09:09 <DIR> d-------- C:\Programas\RSCAN-1-7

2008-10-24 11:40 . 2008-10-24 12:48 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Os meus documentos

2008-10-24 11:40 . 2008-06-26 07:33 <DIR> d--h----- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Modelos

2008-10-24 11:40 . 2008-06-26 08:30 <DIR> dr------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Menu Iniciar

2008-10-24 11:40 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Favoritos

2008-10-24 11:40 . 2008-10-26 13:00 <DIR> d--h----- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Definições locais

2008-10-24 11:40 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Ambiente de trabalho

2008-10-24 11:40 . 2008-10-24 11:40 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE

2008-10-24 10:21 . 2008-07-08 13:54 148,496 --a------ C:\WINDOWS\system32\drivers\31376723.sys

2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador\Os meus documentos

2008-10-24 10:18 . 2008-06-26 07:33 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-10-24 10:18 . 2008-06-26 08:30 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d--h----- C:\Documents and Settings\Administrador\Definições locais

2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador\Ambiente de trabalho

2008-10-24 10:18 . 2008-10-24 10:18 <DIR> d-------- C:\Documents and Settings\Administrador

2008-10-24 10:04 . 2008-10-24 10:21 <DIR> d-------- C:\Programas\KASP-TOOL

2008-10-23 04:51 . 2008-10-23 05:06 <DIR> d-------- C:\Documents and Settings\Vicente\DoctorWeb

2008-10-22 13:56 . 2008-10-23 21:22 <DIR> d-------- C:\Programas\CCLEAN

2008-10-22 13:19 . 2008-10-22 13:19 <DIR> d-------- C:\Documents and Settings\Vicente\Application Data\Malwarebytes

2008-10-22 13:19 . 2008-10-22 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-10-22 13:19 . 2008-10-16 19:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-22 13:19 . 2008-10-16 19:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-22 13:10 . 2008-10-22 13:10 <DIR> d-------- C:\Programas\Nova pasta

2008-10-22 13:10 . 2008-10-22 13:19 <DIR> d-------- C:\Programas\Malwbytes

2008-10-21 23:13 . 2008-10-24 13:12 <DIR> d-------- C:\Programas\hijackt

2008-10-20 14:31 . 2008-10-20 14:31 268 --ah----- C:\sqmdata04.sqm

2008-10-20 14:31 . 2008-10-20 14:31 244 --ah----- C:\sqmnoopt04.sqm

2008-10-20 10:58 . 2008-10-20 10:58 268 --ah----- C:\sqmdata03.sqm

2008-10-20 10:58 . 2008-10-20 10:58 244 --ah----- C:\sqmnoopt03.sqm

2008-10-14 21:58 . 2008-08-14 13:23 2,193,024 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-14 21:58 . 2008-08-14 13:23 2,149,376 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-14 21:58 . 2008-08-14 13:23 2,069,888 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-14 21:58 . 2008-08-14 13:23 2,028,032 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-26 12:57 81,984 ----a-w C:\WINDOWS\system32\bdod.bin

2008-10-25 08:23 --------- d-----w C:\Programas\MODEM MF622

2008-10-24 12:44 --------- d-----w C:\Programas\wsmcw

2008-10-24 12:44 --------- d-----w C:\Programas\Microsoft Studio Files

2008-10-24 12:44 --------- d-----w C:\Programas\gwbdrx

2008-10-23 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-10-22 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-10-22 02:02 --------- d-----w C:\Programas\Spybot - Search & Destroy

2008-10-21 10:19 --------- d-----w C:\Programas\Lx_cats

2008-09-17 17:34 45,056 ----a-w C:\WINDOWS\system32\acovcnt.exe

2008-09-15 15:25 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-14 13:23 2,149,376 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:23 2,028,032 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-06-26 07:40 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

2008-06-26 07:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Histórico\History.IE5\index.dat

2008-06-26 07:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Histórico\History.IE5\MSHist012008062620080627\index.dat

2008-06-26 07:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Temporary Internet Files\Content.IE5\index.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Sidebar"="C:\Programas\Windows Sidebar\sidebar.exe" [2007-07-28 1230848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-20 8462336]

"BDMCon"="C:\Programas\Softwin\BitDefender10\bdmcon.exe" [2008-06-26 290816]

"BDAgent"="C:\Programas\Softwin\BitDefender10\bdagent.exe" [2008-06-26 69632]

"SMSERIAL"="C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

"Power_Gear"="C:\Programas\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]

"Wireless Console 2"="C:\Programas\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]

"ACMON"="C:\Programas\ASUS\Splendid\ACMON.exe" [2007-07-10 851968]

"SynTPEnh"="C:\Programas\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]

"ATKHOTKEY"="C:\Programas\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280]

"lxdjamon"="C:\Programas\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]

"GrooveMonitor"="C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"LXDJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll" [2007-02-09 102400]

"nwiz"="nwiz.exe" [2007-06-20 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2007-06-15 C:\WINDOWS\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2008-05-08 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=sockspy.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 21:16 39792 C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]

--a------ 2007-07-19 14:41 49520 C:\Programas\ASUS\ASUS Live Update\ALU.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 06:00 33648 C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-06-20 11:21 81920 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-03-25 03:28 144784 C:\Programas\Java\jre1.6.0_06\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"NBService"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\lxdjcoms.exe"=

"C:\\Programas\\Lexmark 1400 Series\\lxdjamon.exe"=

"C:\\Programas\\Lexmark 1400 Series\\App4R.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=

"C:\\Programas\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=

 

R0 iastor75;iastor75;C:\WINDOWS\system32\drivers\iastor75.sys [2008-05-12 304920]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-30 36864]

S1 is-SQ5V8drv;is-SQ5V8drv;C:\WINDOWS\system32\DRIVERS\31376723.sys [2008-07-08 148496]

S3 USBSHGX;SHARP GSM GPRS USB Driver 2.1.0;C:\WINDOWS\system32\DRIVERS\usbgx_2.sys [2004-09-06 24080]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff0d31e-435a-11dd-8009-001e8c238379}]

\Shell\AutoRun\command - F:\AutoRun.exe

 

*Newly Created Service* - PROCEXP90

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Programas\Ficheiros comuns\LightScribe\LSRunOnce.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

"C:\Programas\Windows Sidebar\sidebar.exe" /RegServer

.

- - - - ORFÃOS REMOVIDOS - - - -

 

MSConfigStartUp-gwdwin - C:\Programas\wsmcw\gwdwin.exe

 

 

.

------- Scan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.pt/

O8 -: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface\{23901DA7-3C91-4605-A9AD-BD6DBA7C5470}: NameServer = 212.55.154.174 10.11.12.14

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-26 13:01:00

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXDJCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16???????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-10-26 13:01:47

ComboFix-quarantined-files.txt 2008-10-26 13:01:40

 

Pré-execução: 67.207.483.392 bytes livres

Pós execução: 67,200,815,104 bytes livres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

170 --- E O F --- 2008-10-24 13:53:12

 

 

Mais o do HijackThis conforme pedido:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:03:18, on 26-10-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxdjcoms.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS\system32\SupportAppPT\ztemon.exe

C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programas\Softwin\BitDefender10\bdagent.exe

C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Programas\ASUS\Splendid\ACMON.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\ATK Hotkey\Hcontrol.exe

C:\Programas\Lexmark 1400 Series\lxdjamon.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Windows Sidebar\sidebar.exe

C:\Programas\Windows Sidebar\sidebar.exe

C:\Programas\ATK Hotkey\ATKOSD.exe

C:\Programas\ATK Hotkey\WDC.exe

C:\Programas\MODEM MF622\Modem.exe

C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Programas\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programas\hijackt\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [bDMCon] "C:\Programas\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Programas\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [sMSERIAL] C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [lxdjamon] "C:\Programas\Lexmark 1400 Series\lxdjamon.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Programas\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214500437625

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{23901DA7-3C91-4605-A9AD-BD6DBA7C5470}: NameServer = 212.55.154.174 10.11.12.14

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programas\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe

O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

 

--

End of file - 8395 bytes

 

Até mais DigRam e espero ter feito tudo direito de forma a ajudar no seu trabalho. Obgda.!

[DigRam 144]

Boa Tarde! fair

 

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\WINDOWS\system32\acovcnt.exe

F:\AutoRun.exe

C:\sqmdata04.sqm

C:\sqmnoopt04.sqm

C:\sqmdata03.sqm

C:\sqmnoopt03.sqm

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff0d31e-435a-11dd-8009-001e8c238379}]

Folder::

C:\Programas\wsmcw

C:\Programas\Microsoft Studio Files

C:\Programas\gwbdrx

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste o relatório: C:\ComboFix.txt

 

Abraços!

[fair 0]

Boa tarde! DigRam

 

A única unidade que tem e foi inserida é IPod. Conecção voltou a ficar instavel, lenta e sem abrir algumas páginas, mas deu para voltar aqui.

 

Segue o relatório ComboFix pedido:

 

ComboFix 08-10-25.01 - Vicente 2008-10-27 11:46:16.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.1520 [GMT 0:00]

Executando de: C:\Documents and Settings\Vicente\Ambiente de trabalho\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\Vicente\Ambiente de trabalho\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

 

 

FILE ::

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\WINDOWS\system32\acovcnt.exe

F:\AutoRun.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Programas\gwbdrx

C:\Programas\gwbdrx\banif.bxz

C:\Programas\gwbdrx\banif.exe

C:\Programas\gwbdrx\barclays.bxz

C:\Programas\gwbdrx\barclays.exe

C:\Programas\gwbdrx\bbva.bxz

C:\Programas\gwbdrx\bbva.exe

C:\Programas\gwbdrx\bctf.bat

C:\Programas\gwbdrx\bes.bxz

C:\Programas\gwbdrx\bes.exe

C:\Programas\gwbdrx\block

C:\Programas\gwbdrx\bpinet.bxz

C:\Programas\gwbdrx\bpinet.exe

C:\Programas\gwbdrx\cgd.bxz

C:\Programas\gwbdrx\cgd.exe

C:\Programas\gwbdrx\dllhosts.exe

C:\Programas\gwbdrx\exitd.vxd

C:\Programas\gwbdrx\infoseg.bxz

C:\Programas\gwbdrx\lg

C:\Programas\gwbdrx\liveoff.txt

C:\Programas\gwbdrx\locaweb.bxz

C:\Programas\gwbdrx\montepio.bxz

C:\Programas\gwbdrx\montepio.exe

C:\Programas\gwbdrx\ms765581111

C:\Programas\gwbdrx\Mswinsck.ocx

C:\Programas\gwbdrx\name.drv

C:\Programas\gwbdrx\notfirihfyt65hggj.dll

C:\Programas\gwbdrx\Readme.exe

C:\Programas\gwbdrx\scrypt.exe

C:\Programas\gwbdrx\sec\fx.crp

C:\Programas\gwbdrx\upfile.exe

C:\Programas\gwbdrx\upinfod.drv

C:\Programas\gwbdrx\windvxsweq999922334

C:\Programas\gwbdrx\wininfo1.vxd

C:\Programas\gwbdrx\WinRds\1.crp

C:\Programas\gwbdrx\WinRds\2.crp

C:\Programas\gwbdrx\WinRds\3.crp

C:\Programas\gwbdrx\WinRds\install.crp

C:\Programas\gwbdrx\WinRds\Reiniciar.crp

C:\Programas\gwbdrx\WinRds\termsrv.dll

C:\Programas\gwbdrx\winvxhfythg34a.rd

C:\Programas\Microsoft Studio Files

C:\Programas\Microsoft Studio Files\ftnn987.ko

C:\Programas\wsmcw

C:\Programas\wsmcw\banif.bxz

C:\Programas\wsmcw\banif.exe

C:\Programas\wsmcw\barclays.bxz

C:\Programas\wsmcw\barclays.exe

C:\Programas\wsmcw\bb.bxz

C:\Programas\wsmcw\bb.exe

C:\Programas\wsmcw\bbva.bxz

C:\Programas\wsmcw\bbva.exe

C:\Programas\wsmcw\bctf.bat

C:\Programas\wsmcw\bes.bxz

C:\Programas\wsmcw\bes.exe

C:\Programas\wsmcw\block

C:\Programas\wsmcw\bpinet.bxz

C:\Programas\wsmcw\bpinet.exe

C:\Programas\wsmcw\bradesco.bxz

C:\Programas\wsmcw\caixa.bxz

C:\Programas\wsmcw\caixa.exe

C:\Programas\wsmcw\ccfacil.bxz

C:\Programas\wsmcw\cgd.bxz

C:\Programas\wsmcw\cgd.exe

C:\Programas\wsmcw\checkcheck.bxz

C:\Programas\wsmcw\dllhosts.exe

C:\Programas\wsmcw\exitd.vxd

C:\Programas\wsmcw\gf.bxz

C:\Programas\wsmcw\infoseg.bxz

C:\Programas\wsmcw\kill.exe

C:\Programas\wsmcw\lg

C:\Programas\wsmcw\live.txt

C:\Programas\wsmcw\liveoff.txt

C:\Programas\wsmcw\locaweb.bxz

C:\Programas\wsmcw\montepio.bxz

C:\Programas\wsmcw\montepio.exe

C:\Programas\wsmcw\ms765581111

C:\Programas\wsmcw\Mswinsck.ocx

C:\Programas\wsmcw\name.drv

C:\Programas\wsmcw\notfirihfyt65hggj.dll

C:\Programas\wsmcw\plugins\k.exe

C:\Programas\wsmcw\Readme.exe

C:\Programas\wsmcw\registro.bxz

C:\Programas\wsmcw\santander.bxz

C:\Programas\wsmcw\scrypt.exe

C:\Programas\wsmcw\sec\fx.crp

C:\Programas\wsmcw\state

C:\Programas\wsmcw\upinfod.drv

C:\Programas\wsmcw\upinfov.drv

C:\Programas\wsmcw\vcdg.bat

C:\Programas\wsmcw\windvxsweq999922334

C:\Programas\wsmcw\wininfo1.vxd

C:\Programas\wsmcw\wininfo2.vxd

C:\Programas\wsmcw\wininfo3.vxd

C:\Programas\wsmcw\WinRds\1.crp

C:\Programas\wsmcw\WinRds\2.crp

C:\Programas\wsmcw\WinRds\3.crp

C:\Programas\wsmcw\WinRds\install.crp

C:\Programas\wsmcw\WinRds\Reiniciar.crp

C:\Programas\wsmcw\WinRds\termsrv.dll

C:\Programas\wsmcw\winvxhfythg34a.rd

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\WINDOWS\system32\acovcnt.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-27 to 2008-10-27 ))))))))))))))))))))))))))))

.

 

2008-10-27 11:27 . 2008-10-27 11:27 <DIR> d-------- C:\WINDOWS\LastGood

2008-10-25 08:44 . 2008-10-25 09:09 <DIR> d-------- C:\Programas\RSCAN-1-7

2008-10-24 11:40 . 2008-10-24 12:48 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Os meus documentos

2008-10-24 11:40 . 2008-06-26 07:33 <DIR> d--h----- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Modelos

2008-10-24 11:40 . 2008-06-26 08:30 <DIR> dr------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Menu Iniciar

2008-10-24 11:40 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Favoritos

2008-10-24 11:40 . 2008-10-27 11:50 <DIR> d--h----- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Definições locais

2008-10-24 11:40 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE\Ambiente de trabalho

2008-10-24 11:40 . 2008-10-24 11:40 <DIR> d-------- C:\Documents and Settings\Administrador.ASUS-76E9D648DE

2008-10-24 10:21 . 2008-07-08 13:54 148,496 --a------ C:\WINDOWS\system32\drivers\31376723.sys

2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador\Os meus documentos

2008-10-24 10:18 . 2008-06-26 07:33 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-10-24 10:18 . 2008-06-26 08:30 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d--h----- C:\Documents and Settings\Administrador\Definições locais

2008-10-24 10:18 . 2008-06-26 08:30 <DIR> d-------- C:\Documents and Settings\Administrador\Ambiente de trabalho

2008-10-24 10:18 . 2008-10-24 10:18 <DIR> d-------- C:\Documents and Settings\Administrador

2008-10-24 10:04 . 2008-10-24 10:21 <DIR> d-------- C:\Programas\KASP-TOOL

2008-10-23 04:51 . 2008-10-23 05:06 <DIR> d-------- C:\Documents and Settings\Vicente\DoctorWeb

2008-10-22 13:56 . 2008-10-23 21:22 <DIR> d-------- C:\Programas\CCLEAN

2008-10-22 13:19 . 2008-10-22 13:19 <DIR> d-------- C:\Documents and Settings\Vicente\Application Data\Malwarebytes

2008-10-22 13:19 . 2008-10-22 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-10-22 13:19 . 2008-10-16 19:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-22 13:19 . 2008-10-16 19:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-10-22 13:10 . 2008-10-22 13:10 <DIR> d-------- C:\Programas\Nova pasta

2008-10-22 13:10 . 2008-10-22 13:19 <DIR> d-------- C:\Programas\Malwbytes

2008-10-21 23:13 . 2008-10-26 13:03 <DIR> d-------- C:\Programas\hijackt

2008-10-14 21:58 . 2008-08-14 13:23 2,193,024 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-14 21:58 . 2008-08-14 13:23 2,149,376 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-14 21:58 . 2008-08-14 13:23 2,069,888 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-14 21:58 . 2008-08-14 13:23 2,028,032 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-27 11:50 81,984 ----a-w C:\WINDOWS\system32\bdod.bin

2008-10-27 11:25 --------- d-----w C:\Programas\MODEM MF622

2008-10-23 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-10-22 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-10-22 02:02 --------- d-----w C:\Programas\Spybot - Search & Destroy

2008-10-21 10:19 --------- d-----w C:\Programas\Lx_cats

2008-09-15 15:25 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-14 13:23 2,149,376 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:23 2,028,032 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-06-26 07:40 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

2008-06-26 07:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Histórico\History.IE5\index.dat

2008-06-26 07:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Histórico\History.IE5\MSHist012008062620080627\index.dat

2008-06-26 07:40 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Definições locais\Temporary Internet Files\Content.IE5\index.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Sidebar"="C:\Programas\Windows Sidebar\sidebar.exe" [2007-07-28 1230848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-20 8462336]

"BDMCon"="C:\Programas\Softwin\BitDefender10\bdmcon.exe" [2008-06-26 290816]

"BDAgent"="C:\Programas\Softwin\BitDefender10\bdagent.exe" [2008-06-26 69632]

"SMSERIAL"="C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

"Power_Gear"="C:\Programas\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]

"Wireless Console 2"="C:\Programas\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]

"ACMON"="C:\Programas\ASUS\Splendid\ACMON.exe" [2007-07-10 851968]

"SynTPEnh"="C:\Programas\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]

"ATKHOTKEY"="C:\Programas\ATK Hotkey\Hcontrol.exe" [2007-06-29 225280]

"lxdjamon"="C:\Programas\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]

"GrooveMonitor"="C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"LXDJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll" [2007-02-09 102400]

"nwiz"="nwiz.exe" [2007-06-20 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2007-06-15 C:\WINDOWS\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2008-05-08 C:\WINDOWS\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=sockspy.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 21:16 39792 C:\Programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]

--a------ 2007-07-19 14:41 49520 C:\Programas\ASUS\ASUS Live Update\ALU.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 06:00 33648 C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-06-20 11:21 81920 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-03-25 03:28 144784 C:\Programas\Java\jre1.6.0_06\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"NBService"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\lxdjcoms.exe"=

"C:\\Programas\\Lexmark 1400 Series\\lxdjamon.exe"=

"C:\\Programas\\Lexmark 1400 Series\\App4R.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=

"C:\\Programas\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=

 

R0 iastor75;iastor75;C:\WINDOWS\system32\drivers\iastor75.sys [2008-05-12 304920]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-30 36864]

S1 is-SQ5V8drv;is-SQ5V8drv;C:\WINDOWS\system32\DRIVERS\31376723.sys [2008-07-08 148496]

S3 USBSHGX;SHARP GSM GPRS USB Driver 2.1.0;C:\WINDOWS\system32\DRIVERS\usbgx_2.sys [2004-09-06 24080]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Programas\Ficheiros comuns\LightScribe\LSRunOnce.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

"C:\Programas\Windows Sidebar\sidebar.exe" /RegServer

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-27 11:51:54

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXDJCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-10-27 11:53:58

ComboFix-quarantined-files.txt 2008-10-27 11:53:51

ComboFix2.txt 2008-10-26 13:01:48

 

Pré-execução: 67.249.352.704 bytes livres

Pós execução: 67,227,951,104 bytes livres

 

262 --- E O F --- 2008-10-24 13:53:12

 

 

P.S. ComboFix desta vez trancou o computador.Só desligando no botão, mas tudo rolando de novo, valeu!

 

Abraços!

[DigRam 144]

Bom Dia! fair

 

<!> Voçê conhece este ficheiro?

 

C:\WINDOWS\system32\drivers\31376723.sys <-- Este ficheiro?

------------------------

<@> Faça um scan online em: < Kaspersky >

<@> Utilize para isso,o navegador Internet Explorer.

 

<!> Acesse o site,e clique em: < >

 

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log.

<@> Salve o resultado como .txt,segundo a imagem abaixo:

 

 

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[fair 0]

Boa tarde! DigRam

 

Não conheço essa chave -- 31376723.sys -- não :mellow:DigRam Que poderá ser?

 

Na verdade, não uso nunca este computador e prestei-me apenas a dar uma mão aqui pois estava rolando mesmo mal e por isso penso que essa chave será desconhecida mesmo pelo usuário. Me preocupa agora os e-mails que abri desta máquina e como estará a minha :blink:

 

O Office word é que está sempre apresentando um erro e fecha a toda a hora :wacko:

 

Lhe agradço a ajuda e de imediato vou passar esse scanner indicado após o qual trarei seu relatório.

 

Abraços!

[fair 0]

Boa tarde de novo! DigRam

 

Esatranhamente, foi rápido o Kaspersky scanner online e aqui está o relatório salvo:

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Tuesday, October 28, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Tuesday, October 28, 2008 12:19:04

Records in database: 1353106

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

 

Scan statistics:

Files scanned: 32412

Threat name: 1

Infected objects: 1

Suspicious objects: 0

Duration of the scan: 00:32:15

 

 

File name / Threat name / Threats count

C:\Documents and Settings\Vicente\Definições locais\Temp\Av-test.txt Infected: EICAR-Test-File 1

 

The selected area was scanned.

 

 

Segue o do HijackThis atualizado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:56:35, on 28-10-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxdjcoms.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS\system32\SupportAppPT\ztemon.exe

C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Programas\Softwin\BitDefender10\bdmcon.exe

C:\Programas\Softwin\BitDefender10\bdagent.exe

C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Programas\Wireless Console 2\wcourier.exe

C:\Programas\ASUS\Splendid\ACMON.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\ATK Hotkey\Hcontrol.exe

C:\Programas\Lexmark 1400 Series\lxdjamon.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Programas\Windows Sidebar\sidebar.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Programas\Windows Sidebar\sidebar.exe

C:\Programas\ATK Hotkey\ATKOSD.exe

C:\Programas\ATK Hotkey\WDC.exe

C:\Programas\MODEM MF622\Modem.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe

C:\Programas\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programas\hijackt\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [bDMCon] "C:\Programas\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Programas\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [sMSERIAL] C:\Programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Programas\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programas\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ACMON] "C:\Programas\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Programas\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [lxdjamon] "C:\Programas\Lexmark 1400 Series\lxdjamon.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Programas\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214500437625

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{23901DA7-3C91-4605-A9AD-BD6DBA7C5470}: NameServer = 212.55.154.174 10.11.12.14

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programas\Ficheiros comuns\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programas\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe

O23 - Service: ZTE CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppPT\ztemon.exe

 

--

End of file - 8537 bytes

 

Aguardo e agradeço suas novas instruções, abraço!

[DigRam 144]

Bom Dia! fair

 

Não conheço essa chave -- 31376723.sys -- não DigRam Que poderá ser?

<!> Poderá não ser malware,mas... tente uma pesquisa pelo Jotti!

------------------------

<@> Configure o Windows,para mostrar os arquivos/pastas ocultas.

 

<!> Link.

 

<@> Acesse este site: --> < http://virusscan.jotti.org/ >

<@> Em File to upload,coloque: C:\WINDOWS\system32\drivers\31376723.sys

<@> Em seguida,clique em Submit.

<@> Copie e poste,o resultado deste exame.

------------------------

<@> Abra o Malwarebytes! --> Clique em Ferramentas.

<@> Clique em Executar ferramenta.

<@> Na janela Open e Examinar,busque o arquivo em destaque: C:\Documents and Settings\Vicente\Definições locais\Temp\Av-test.txt <-- Este arquivo!

<@> Clique em Abrir.

<@> Na mensagem,clique em Sim! --> OK.

 

O Office word é que está sempre apresentando um erro e fecha a toda a hora

<!> Se for erro em uma DLL,busque copiá-la de algum cache interno,para o setor requisitante.

<!> Não resolvendo,reinstale o Word.

------------------------

<@> Faça o download do TuneUp Utilities 2008.

<@> Para baixar,digite o seu E-Mail e clique em Start download.

<@> Salve o executável,TU2008TrialEN.exe,em Arquivos de Programas.

<@> O programa é Trial! Mas...haverá tempo,para a otimização do computador.

<@> Procure desfragmentar o Disco e Registro.

<@> Posteriormente,voçê descobrirá que este utilitário realiza muitas funções,que são úteis ao computador.

 

Abraços!

[fair 0]

Boa tarde! DigRam,

 

Relatório do Jotti com pastas ocultas abertas:

 

File: 31376723.sys

 

Scan taken on 29 Oct 2008 14:36:54 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

G DATA Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

Una Nota, DigRam, pois pode vir a ser útil posteriormente. Na busca deste Arquivo, passando o rato nele, abre uma caixina dando as seguintes informações sobre o mesmo que são as seguintes:

 

Descrição: Kif Mini-Filter

Empresa: Kaspersky Lab

Versão : 7.0.0.312

Data de criação: 24-10-08 - 145 kb

 

Feita a remoção do outro arquivo com o Malwarebytes! e reiniciado o pc para o efeito.

Estou baixando de imediato o Programa recomendado TuneUp Utilities 2008. E resta-me agradecer toda a sua ajuda prestada. Valeu a informação para o word tb. :thumbsup:

 

Abraços!