análise de log

[mehira 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:23:38, on 31/10/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\ApVxdWin.exe

C:\Program Files\DAP\DAP.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\YUNiTI\YUNiTI.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Oi Internet\discaoi.exe

c:\program files\panda software\panda antivirus 2007\WebProxy.exe

C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O1 - Hosts: ::1 localhost

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [chic mags] "C:\ProgramData\soapitchitch.y4e4mq"

O4 - HKCU\..\Run: [Long Internet Team Stupid] "C:\ProgramData\Browse Third Exit.3yvs9u"

O4 - HKCU\..\Run: [YUNiTI] "C:\Program Files\YUNiTI\YUNiTI.exe"

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe

O4 - Global Startup: Discador Oi Internet.lnk = C:\Program Files\Oi Internet\discaoi.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7B47DE8A-D81B-40D2-86D7-CC7F7C5FFF74}: NameServer = 200.223.0.83 200.223.0.84

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)

O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrvx86.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PskSvc.exe

 

--

End of file - 7333 bytes

[DigRam 144]

Bom Dia! mehira

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\lopR.txt )

<@> Poste,também,HijackThis atualizado.

-------------------------

<@> Baixe: < ToolBar S&D >

<@> Salve-o no Disco Local-C,em uma pasta própria.

<@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok.

<@> Digite o dois! ( 2 ) --> Aguarde!

<@> Terminando,poste o relatório. ( C:\ToolBar SD\TB_1.txt )

 

Abraços!

[mehira 0]

oi olha aki..

--------------------\\ Lop S&D 4.2.4-9 XP/Vista

 

 

"C:\Lop SD" ( MAJ : 30-10-2008|21:58 )

Option : [2] ( 03/11/2008|22:38 )

 

[ UAC => 1 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\ProgramData\comp two long internet\Tray Tick.exe

Deletado! - C:\Program Files\Circle Developement\Uninstall.exe

Deletado! - C:\Users\Isabel\AppData\Roaming\MICROS~1\Windows\Cookies\isabel@www.adserver5[1].txt

Deletado! - C:\ProgramData\Browse Third Exit.3yvs9u

Deletado! - C:\ProgramData\soapitchitch.jabod2

Deletado! - C:\ProgramData\soapitchitch.oceqi9

Deletado! - C:\ProgramData\soapitchitch.y4e4mq

Deletado! - C:\Users\Isabel\AppData\Local\Temp\bisE903.exe

Deletado! - C:\ProgramData\comp two long internet

Deletado! - C:\Program Files\Circle Developement

-

[ Arquivos/Ficheiros Hosts ] .. RESTAURADO

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em Local

 

[23/05/2008|00:31] C:\Users\Isabel\AppData\Local\Adobe

[31/05/2008|19:11] C:\Users\Isabel\AppData\Local\Ahead

[03/05/2008|08:30] C:\Users\Isabel\AppData\Local\d3d9caps.dat

[02/05/2008|17:07] C:\Users\Isabel\AppData\Local\Dados de aplicativos

[23/06/2008|23:01] C:\Users\Isabel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[18/05/2008|21:58] C:\Users\Isabel\AppData\Local\GDIPFONTCACHEV1.DAT

[02/05/2008|17:07] C:\Users\Isabel\AppData\Local\Hist¢rico

[21/06/2008|20:15] C:\Users\Isabel\AppData\Local\IconCache.db

[18/06/2008|22:37] C:\Users\Isabel\AppData\Local\Microsoft

[17/05/2008|20:18] C:\Users\Isabel\AppData\Local\Microsoft Games

[22/06/2008|14:54] C:\Users\Isabel\AppData\Local\Microsoft Help

[29/05/2008|10:27] C:\Users\Isabel\AppData\Local\Mozilla

[12/06/2008|12:52] C:\Users\Isabel\AppData\Local\NFS Underground 2

[02/05/2008|17:17] C:\Users\Isabel\AppData\Local\Panda Software

[13/05/2008|19:42] C:\Users\Isabel\AppData\Local\speed-bit

[03/11/2008|22:39] C:\Users\Isabel\AppData\Local\Temp

[02/05/2008|17:07] C:\Users\Isabel\AppData\Local\Temporary Internet Files

[11/05/2008|07:58] C:\Users\Isabel\AppData\Local\VirtualStore

 

--------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

 

[14/06/4308 20:50][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{E442A369-8FE4-4DED-BF6B-8E917652119F}.job

[03/11/2008 21:25][--ah-----] C:\Windows\tasks\SA.DAT

[22/06/2008 12:14][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Lista de pastas em C:\ProgramData

 

[18/05/2008|22:59] C:\ProgramData\Adobe

[02/11/2006|11:02] C:\ProgramData\Application Data

[02/05/2008|16:56] C:\ProgramData\Dados de aplicativos

[02/11/2006|11:02] C:\ProgramData\Desktop

[02/05/2008|16:56] C:\ProgramData\Documentos

[02/11/2006|11:02] C:\ProgramData\Documents

[02/11/2006|11:02] C:\ProgramData\Favorites

[02/05/2008|16:56] C:\ProgramData\Favoritos

[02/05/2008|16:56] C:\ProgramData\Menu Iniciar

[18/05/2008|22:15] C:\ProgramData\Messenger Plus!

[18/05/2008|17:18] C:\ProgramData\Microsoft

[21/05/2008|04:01] C:\ProgramData\Microsoft Help

[02/05/2008|16:56] C:\ProgramData\Modelos

[21/11/2007|12:05] C:\ProgramData\Real

[02/11/2006|11:02] C:\ProgramData\Start Menu

[03/11/2008|20:26] C:\ProgramData\TEMP

[02/11/2006|11:02] C:\ProgramData\Templates

[26/05/2008|16:48] C:\ProgramData\Transbend

[25/05/2008|20:23] C:\ProgramData\Ubisoft

[25/05/2008|11:03] C:\ProgramData\WLInstaller

 

--------------------\\ Lista de pastas em C:\Program Files

 

[21/05/2008|08:46] C:\Program Files\7-Zip

[18/06/2008|11:42] C:\Program Files\Adobe

[02/05/2008|16:56] C:\Program Files\Arquivos Comuns [C:\Program Files\Common Files]

[06/05/2008|10:47] C:\Program Files\AskSBar

[23/06/2008|21:18] C:\Program Files\AVIConverter

[18/05/2008|22:59] C:\Program Files\Common Files

[06/05/2008|10:32] C:\Program Files\DAP

[26/06/2008|12:36] C:\Program Files\Faronics

[07/06/2008|01:14] C:\Program Files\Hamachi

[05/05/2008|20:43] C:\Program Files\iGv6

[31/05/2008|23:44] C:\Program Files\Infogrames

[06/05/2008|17:58] C:\Program Files\InstallShield Installation Information

[11/06/2008|04:09] C:\Program Files\Internet Explorer

[22/05/2008|08:26] C:\Program Files\KGB Archiver

[21/11/2007|12:05] C:\Program Files\K-Lite Codec Pack

[09/06/2008|23:39] C:\Program Files\M3Development_WhenUSave_Installer

[09/05/2008|17:59] C:\Program Files\Messenger Plus! Live

[23/05/2008|13:26] C:\Program Files\MessengerDiscovery

[02/11/2006|10:33] C:\Program Files\Microsoft Games

[18/05/2008|17:19] C:\Program Files\Microsoft Office

[18/05/2008|17:19] C:\Program Files\Microsoft Visual Studio

[18/05/2008|17:16] C:\Program Files\Microsoft Visual Studio 8

[18/05/2008|17:19] C:\Program Files\Microsoft Works

[18/05/2008|17:18] C:\Program Files\Microsoft.NET

[02/11/2006|10:41] C:\Program Files\Movie Maker

[29/05/2008|10:27] C:\Program Files\Mozilla Firefox

[09/06/2008|23:38] C:\Program Files\MP3 to WAV Decoder

[18/05/2008|17:19] C:\Program Files\MSBuild

[02/11/2006|10:33] C:\Program Files\MSN

[23/05/2008|13:26] C:\Program Files\MSN Messenger

[21/11/2007|12:09] C:\Program Files\Nero

[05/05/2008|20:53] C:\Program Files\Oi Internet

[21/11/2007|12:13] C:\Program Files\Panda Software

[21/11/2007|12:01] C:\Program Files\Realtek

[02/11/2006|10:33] C:\Program Files\Reference Assemblies

[06/05/2008|10:46] C:\Program Files\speed-bit

[19/05/2008|08:05] C:\Program Files\SpeedBit Video Accelerator

[27/05/2008|16:18] C:\Program Files\Ubisoft

[02/11/2006|11:02] C:\Program Files\Uninstall Information

[18/06/2008|20:55] C:\Program Files\VSO

[02/11/2006|10:41] C:\Program Files\Windows Calendar

[02/11/2006|10:41] C:\Program Files\Windows Defender

[06/05/2008|02:04] C:\Program Files\Windows Live

[09/05/2008|04:19] C:\Program Files\Windows Mail

[09/05/2008|04:12] C:\Program Files\Windows Media Player

[02/05/2008|16:56] C:\Program Files\Windows NT

[02/11/2006|10:41] C:\Program Files\Windows Photo Gallery

[09/05/2008|04:12] C:\Program Files\Windows Sidebar

[03/06/2008|23:17] C:\Program Files\WinRAR

[25/05/2008|20:40] C:\Program Files\WMV9_VCM

[27/05/2008|09:12] C:\Program Files\YUNiTI

 

--------------------\\ Lista de pastas em C:\Program Files\Common Files

 

[22/05/2008|13:47] C:\Program Files\Common Files\Adobe

[21/11/2007|12:10] C:\Program Files\Common Files\Ahead

[18/05/2008|17:19] C:\Program Files\Common Files\DESIGNER

[21/11/2007|12:00] C:\Program Files\Common Files\InstallShield

[25/05/2008|20:26] C:\Program Files\Common Files\microsoft shared

[02/11/2006|09:18] C:\Program Files\Common Files\Services

[02/05/2008|16:56] C:\Program Files\Common Files\Sistema [C:\Program Files\Common Files\System]

[02/11/2006|09:18] C:\Program Files\Common Files\SpeechEngines

[18/05/2008|17:16] C:\Program Files\Common Files\System

[25/05/2008|09:33] C:\Program Files\Common Files\WindowsLiveInstaller

 

--------------------\\ Process

 

( 27 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Long Internet Team Stupid"="\"C:\\ProgramData\\Browse Third Exit.3yvs9u\""

"chic mags"="\"C:\\ProgramData\\soapitchitch.y4e4mq\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-03 22:39:25

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

C:\Users\Isabel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W7IC1N7V\rss[3].xml 40401 bytes

C:\Users\Isabel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZZ1AD7WR\orkut_logo[2].gif

scan completed successfully

hidden processes: 0

hidden files: 124

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\Users\Isabel\Documents\Bases e montagens\adobe_audition_v1[1].5\Keygen.exe

 

 

[F:1859][D:32]-> C:\Users\Isabel\AppData\Local\Temp

[F:405][D:1]-> C:\Users\Isabel\AppData\Roaming\MICROS~1\Windows\Cookies

[F:1895][D:5]-> C:\Users\Isabel\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:199][D:12]-> C:\$Recycle.Bin

 

1 - "C:\Lop SD\LopR_1.txt" - 03/11/2008|22:46 - Option : [2]

 

--------------------\\ Verificação completa em 22:46:32

[ UAC => 1 ]

[mehira 0]

Logfile of HijackThis v1.99.1

Scan saved at 23:20:54, on 03/11/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16681)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Panda Software\Panda Antivirus 2007\ApVxdWin.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\YUNiTI\YUNiTI.exe

C:\Program Files\Oi Internet\discaoi.exe

C:\Windows\system32\igfxsrvc.exe

c:\program files\panda software\panda antivirus 2007\WebProxy.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\DAP\DAP.EXE

C:\Program Files\WinRAR\WinRAR.exe

C:\Users\Isabel\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[mehira 0]

-----------\\ ToolBar S&D 1.2.4 XP/Vista

 

Microsoft® Windows Vista™ Starter ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Celeron® CPU 430 @ 1.80GHz )

BIOS : BIOS Date: 04/28/07 13:57:25 Ver: 08.00.10

USER : Isabel ( Administrator )

BOOT : Normal boot

Antivirus : Panda Antivirus 2007 2.01.00 (Activated)

C:\ (Local Disk) - NTFS - Total:149 Go (Free:111 Go)

D:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )

Option : [2] ( 03/11/2008|23:30 )

 

[ UAC => 1 ]

 

-----------\\ REMOVIDOS

 

Deletado! - C:\Program Files\AskSBar\bar

Deletado! - C:\Program Files\AskSBar\SrchAstt

Deletado! - C:\Program Files\AskSBar

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.orkut.com/"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\Users\Isabel\Documents\Bases e montagens\adobe_audition_v1[1].5\Keygen.exe

 

 

[ UAC => 1 ]

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 03/11/2008|23:32 - Option : [2]

 

-----------\\ Verificação completa em 23:32:01,14

[DigRam 144]

Bom Dia! mehira

 

<@> Baixe: < ComboFix.exe >

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N".

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[mehira 0]

AI,OQ É Q ESSE PC TEM HEM?

PQ TANTA COISA? :unsure:

 

ComboFix 08-11-05.02 - Isabel 2008-11-10 9:49:42.1 - NTFSx86

Microsoft® Windows Vista™ Starter 6.0.6000.0.1252.1.1046.18.526 [GMT -2:00]

Executando de: c:\users\Isabel\Documents\My Completed Downloads\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\Isabel\AppData\Roaming\inst.exe

c:\windows\system32\x64

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-10 to 2008-11-10 ))))))))))))))))))))))))))))

.

 

Nenhum ficheiro/arquivo criado durante este período

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-10 08:45 --------- d-----w c:\users\Isabel\AppData\Roaming\Hamachi

2008-11-10 08:42 12,104,216 ----a-w C:\$Persi0.sys

2008-11-10 08:42 --------- d---a-w c:\programdata\TEMP

2008-06-18 22:55 47,360 ----a-w c:\users\Isabel\AppData\Roaming\pcouffin.sys

2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2004-11-07 14:31 51,712 ----a-w c:\users\Isabel\NFSU2Nitro.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "c:\program files\speed-bit\tbspee.dll" [2007-07-31 1391640]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-05-06 66912]

 

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

 

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2008-05-06 10:47 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

2007-07-31 17:33 1391640 --a------ c:\program files\speed-bit\tbspee.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "c:\program files\speed-bit\tbspee.dll" [2007-07-31 1391640]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "c:\program files\speed-bit\tbspee.dll" [2007-07-31 1391640]

 

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"chic mags"="c:\programdata\soapitchitch.y4e4mq" [X]

"Long Internet Team Stupid"="c:\programdata\Browse Third Exit.3yvs9u" [X]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 3739672]

"YUNiTI"="c:\program files\YUNiTI\YUNiTI.exe" [2007-06-01 864256]

"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"APVXDWIN"="c:\program files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" [2007-01-25 321072]

"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-05-06 3053056]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-11 c:\windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-04-05 c:\windows\SkyTel.exe]

 

c:\users\Isabel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-06-07 624416]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Discador Oi Internet.lnk - c:\program files\Oi Internet\discaoi.exe [2005-07-21 1349120]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2006-07-14 13:46 45056 c:\windows\System32\avldr.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{352292ED-53AF-4134-BC7A-389F6ED70196}"= c:\program files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)

"{FB242B38-0CB5-4F3E-837D-8FB5BD01A736}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator

"{0AD354B9-F747-4042-9ADB-E268DB71AD85}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator

"TCP Query User{A85CA19F-3FA9-4929-BC03-F7423B2BD111}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher

"UDP Query User{96C9845B-04FB-4EEF-9996-B465EAD06094}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher

"TCP Query User{88B56FE9-A7D9-4911-A065-4A07B3E40A8E}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher

"UDP Query User{9CD41383-4DBC-4F34-9AB7-D87983F979DA}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher

"TCP Query User{BB095178-93FD-4DCD-81FC-23B9E7B7A521}c:\\users\\isabel\\documents\\my completed downloads\\gustop v0.32.exe"= UDP:c:\users\isabel\documents\my completed downloads\gustop v0.32.exe:gustop v0.32.exe

"UDP Query User{0490B509-AB50-4850-9066-4858D4099B5C}c:\\users\\isabel\\documents\\my completed downloads\\gustop v0.32.exe"= TCP:c:\users\isabel\documents\my completed downloads\gustop v0.32.exe:gustop v0.32.exe

"{890019A4-A07C-4044-96E2-091F0547F3A3}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService

"{AED7BF15-608F-4744-B32B-A8696414E1A4}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService

"TCP Query User{7A98F7D9-AA64-45ED-8927-F1764B8EE16C}c:\\users\\isabel\\desktop\\need for speed underground 2\\speed2.exe"= UDP:c:\users\isabel\desktop\need for speed underground 2\speed2.exe:speed2.exe

"UDP Query User{464A4368-D607-4596-9798-101F2738BD3D}c:\\users\\isabel\\desktop\\need for speed underground 2\\speed2.exe"= TCP:c:\users\isabel\desktop\need for speed underground 2\speed2.exe:speed2.exe

"{1BC9AF78-2FBC-424E-9219-7EC8C9D26D7E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{4C117FF1-40A4-4A8A-AD68-D0305EF39639}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{D0C683DB-EF66-4C2A-82E5-EDEF1A8A9312}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{07D27CCA-459F-486C-8027-8D306FE55977}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{835C6C16-906D-4739-B2BF-FE167A056265}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{FBADD5EF-0CD9-4F6E-AF48-4DFE344082A4}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"UDP Query User{57D77CB8-FDD7-4934-9B72-BB8D33BA76E5}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"TCP Query User{27CFC411-FFEA-401A-918B-74A67EF0AEA9}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"UDP Query User{6867A5E4-0C40-4D4F-9DC0-C750660466ED}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon

"TCP Query User{A1142467-BD23-45A4-BE6D-BE9AB41B38D1}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2

"UDP Query User{00DA38CC-EB5B-48E4-BD63-FE1ADDE93684}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2

"TCP Query User{00D0B14B-38AB-48AA-B402-D7EBEAECD4F5}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client

"UDP Query User{969775BF-E53E-4F0A-84BB-31D3C1C81B59}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client

 

R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2006-11-28 127896]

R2 AmFSM;Panda Anti-Virus Filesystem Minifilter;c:\windows\system32\Drivers\amm8660.sys [2006-12-15 34816]

R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Software\Panda Antivirus 2007\PskSvc.exe [2007-01-24 27184]

R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2007-06-12 27648]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{151edf40-4366-11dd-a710-001e8c587b5f}]

\shell\AutoRun\command - E:\NTrun.exe

\shell\explore\Command - E:\NTrun.exe

\shell\open\Command - E:\NTrun.exe

 

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

 

4308-06-14 c:\windows\Tasks\User_Feed_Synchronization-{E442A369-8FE4-4DED-BF6B-8E917652119F}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 07:45]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Notify-DfLogon - LogonDll.dll

 

 

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\users\Isabel\AppData\Roaming\Mozilla\Firefox\Profiles\uchnf1fi.default\

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-10 09:54:53

Windows 6.0.6000 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

**************************************************************************

.

Tempo para conclusão: 2008-11-10 9:59:00

ComboFix-quarantined-files.txt 2008-11-10 11:57:57

 

Pré-execução: O sistema não pode encontrar o texto correspondente à mensagem de número 0x2379 no arquivo de mensagens para Application.

Pós execução: 119,311,925,248 bytes disponíveis

 

135 --- E O F --- 2008-06-21 07:32:55

[mehira 0]

HIJACKTHIS

.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O1 - Hosts: ::1 localhost

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [chic mags] "C:\ProgramData\soapitchitch.y4e4mq"

O4 - HKCU\..\Run: [Long Internet Team Stupid] "C:\ProgramData\Browse Third Exit.3yvs9u"

O4 - HKCU\..\Run: [YUNiTI] "C:\Program Files\YUNiTI\YUNiTI.exe"

O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe

O4 - Global Startup: Discador Oi Internet.lnk = C:\Program Files\Oi Internet\discaoi.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7B47DE8A-D81B-40D2-86D7-CC7F7C5FFF74}: NameServer = 200.223.0.83 200.223.0.84

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: avldr - C:\Windows\SYSTEM32\avldr.dll

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrvx86.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PskSvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

[DigRam 144]

Bom Dia! mehira

 

AI,OQ É Q ESSE PC TEM HEM?

PQ TANTA COISA?

<!> Infecções por Lops e a ação de uma barra maliciosa. ( AskSBar )

 

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{151edf40-4366-11dd-a710-001e8c587b5f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"chic mags"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Long Internet Team Stupid"=-

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

[-HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.