jucca 0 Denunciar post Postado Novembro 29, 2008 Olá amigos Primeiro de tudo parabéns pelo fórum que sempre é muito bom, ajudando a comunidade. É chover no molhado, mas nunca é demais agradecer a todos. :clap: Tenho algumas máquinas, mas vou postar aqui um hijackthis para uma delas, vou resolver uma a uma com calma. Tenho tido várias mensagens de anti-virus (uso Norton Corporate 10), remetendo aos mesmos vírus. Vejam abaixo uma tela da quarentena do anti-virus. Minha System32 está bastante contaminada. Gostaria de resolver este problema. Grato Jucca --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:07:08, on 29/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\csrcs.exe C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\PowerISO\PWRISOVM.EXE C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\TrojanHunter 4.2\THGuard.exe C:\ARQUIV~1\SYMANT~1\vptray.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe C:\Arquivos de programas\Microsoft Money\System\reminder.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe C:\Arquivos de programas\Clipdiary\clipdiary.exe C:\Arquivos de programas\SpeedFan\speedfan.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\INTERNAT.EXE C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe C:\HiJackThis.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\net.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [THGuard] "C:\Arquivos de programas\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\\vptray.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121308 serial=DR12CCZ-5856916-JJL lang=BP O4 - HKLM\..\Run: [Microsoft® System Manager] C:\WINDOWS\system32\sysmgr.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uniClipper] "C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe" O4 - HKCU\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [clipdiary] C:\Arquivos de programas\Clipdiary\clipdiary.exe O4 - Startup: EverNote.lnk = C:\Arquivos de programas\EverNote\EverNote\EverNote.exe O4 - Startup: SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Sothink SWF Decompiler - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B96174AB-569F-4045-9393-488AC11AC307}: NameServer = 192.168.1.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 15927 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Novembro 29, 2008 Olá jucca, seja bem vindo ao fórum. Siga as instruções das etapas abaixo aqui. 1ª Etapa Sugiro que salve ou imprima estas instruções abaixo. pois não terá acesso à Internet para acompanhar as instruções desta página. - Faça o download do SDFix e salve no desktop; ● Dê um duplo clique no SDFix.exe e a ferramenta será instalada em C:\SDFix. Mas não o execute ainda; ● Reinicie seu computador seu computador em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro) - Sem Rede; ● Entre na pasta do SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat; ● Tecle Y para que a ferramenta inicie o processo de remoção; ● Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Então pressione qualquer. Seu computador será reiniciado automaticamente; ● Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla novamente; ● Uma janela com o relatório do SDFix irá aparecer; ● O log abrirá automaticamente para você. Estará salvo na pasta do SDFix com o nome Report.txt; 2ª Etapa - Faça o download do ComboFix e salve-o na área de trabalho; ● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus; ● Duplo clique no ícone combofix.exe para iniciar o scan; ● Leia o contrato que aparecerá e clique em Sim para continuar; ● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim; ● Aguarde enquanto o ComboFix faz o scan; ● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento; ● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta; ● Se quiser sair ou parar o ComboFix, tecle N; ● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde; ● Será gerado um log em C:\ComboFix.txt. Em sua próxima resposta, cole os logs do SDFix e ComboFix. Compartilhar este post Link para o post Compartilhar em outros sites
jucca 0 Denunciar post Postado Novembro 30, 2008 Olá Aqui vão os logs SDFix e Combofix Grato pela ajuda e vamos em frente Julio SDFix: Version 1.240 Run by ZERO on dom 30/11/2008 at 03:02 Microsoft Windows XP [versÆo 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\134772~1 - Deleted C:\WINDOWS\lsass.exe - Deleted C:\WINDOWS\system32\csrcs.exe - Deleted C:\WINDOWS\system32\msvcrt2.dll - Deleted C:\WINDOWS\system32\rs32net.exe - Deleted C:\WINDOWS\system32\SysMgr.exe - Deleted C:\WINDOWS\SYSTEM32\TDSSBRSR.dll - Deleted C:\WINDOWS\SYSTEM32\TDSSRIQP.dll - Deleted C:\WINDOWS\SYSTEM32\TDSSOSVD.dat - Deleted Removing Temp Files ADS Check : ComboFix 08-11-29.03 - ZERO 2008-11-30 3:27:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1382 [GMT -2:00] Executando de: c:\documents and settings\ZERO\Desktop\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AutoRun.inf c:\windows\system32\drivers\c6280cc2.sys c:\windows\system32\tscrip22.dll J:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_c6280cc2 (((((((((((((((( Arquivos/Ficheiros criados de 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))) . 2008-11-30 02:57 . 2008-11-30 02:57 <DIR> d-------- c:\windows\ERUNT 2008-11-30 02:56 . 2008-11-30 03:15 <DIR> d-------- C:\SDFix 2008-11-30 02:36 . 2008-11-30 02:36 <DIR> d-------- c:\arquivos de programas\ISL 2008-11-30 02:12 . 2008-11-30 02:12 <DIR> d-------- c:\documents and settings\ZERO\Dados de aplicativos\Nik Software 2008-11-30 02:08 . 2008-11-30 02:08 <DIR> d-------- c:\windows\MSSecurityNS 2008-11-30 02:08 . 2008-11-30 02:08 <DIR> d-------- c:\windows\MSSecurityNi 2008-11-30 02:06 . 2008-11-30 02:06 <DIR> d-------- c:\documents and settings\ZERO\Dados de aplicativos\RetouchPilot 2008-11-30 02:01 . 2008-11-30 02:01 <DIR> d-------- c:\arquivos de programas\Two Pilots 2008-11-30 02:01 . 2008-11-30 02:02 <DIR> d-------- c:\arquivos de programas\Retouch Pilot 2008-11-29 15:05 . 2008-11-29 15:05 401,720 --a------ C:\HiJackThis.exe 2008-11-29 14:36 . 2008-11-29 14:36 120,354 --a------ c:\windows\system32\panama.exe 2008-11-28 15:20 . 2008-11-28 15:20 64,000 --a------ C:\apqgf.exe 2008-11-28 15:20 . 2008-11-28 15:20 9,728 --a------ c:\windows\system32\terum.exe 2008-11-28 15:20 . 2008-11-28 15:20 705 --a------ C:\mggiu.exe 2008-11-28 15:20 . 2008-11-28 15:20 705 --a------ C:\kuvj.exe 2008-11-24 21:15 . 2008-11-24 21:15 0 -rahs---- C:\khr 2008-11-24 21:11 . 2008-11-30 02:53 420,268 --a------ c:\windows\system32\cftm.exe 2008-11-24 14:09 . 2008-11-24 14:09 <DIR> dr------- c:\documents and settings\LocalService\Favoritos 2008-11-16 17:59 . 2008-11-16 17:59 <DIR> d-------- c:\documents and settings\ZERO\Dados de aplicativos\VitySoft 2008-11-16 17:02 . 2008-11-16 17:02 <DIR> d-------- c:\documents and settings\Demon\Meus documentos 2008-11-16 17:02 . 2008-11-16 17:02 <DIR> d-------- c:\documents and settings\Demon 2008-11-15 03:38 . 2008-11-15 03:43 <DIR> d-------- c:\documents and settings\ZERO\Dados de aplicativos\ConceptDraw MINDMAP 5 Professional 2008-11-15 03:38 . 2008-11-15 03:38 <DIR> d-------- c:\arquivos de programas\CS Odessa 2008-11-02 12:57 . 2008-11-02 13:02 <DIR> d-------- c:\arquivos de programas\SopCast 2008-11-02 12:50 . 2008-11-02 12:50 <DIR> d-------- c:\documents and settings\ZERO\Dados de aplicativos\PPLive 2008-11-02 12:50 . 2008-11-02 16:02 <DIR> d-------- c:\arquivos de programas\PPLive 2008-11-02 12:36 . 2008-11-02 12:36 360,320 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2008-11-01 22:05 . 2008-11-01 22:58 <DIR> d-------- C:\SPIDERWICK_CHRONICLES_BRAZIL 2008-11-01 22:00 . 2008-11-01 22:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink 2008-11-01 22:00 . 2008-11-01 22:00 <DIR> d-------- c:\arquivos de programas\DVD Shrink 2008-10-30 01:10 . 2008-10-30 01:10 <DIR> d-------- c:\arquivos de programas\RAYflect 2008-10-28 01:34 . 2008-11-30 03:23 <DIR> d-------- c:\documents and settings\ZERO\Dados de aplicativos\clipdiary 2008-10-28 01:34 . 2008-10-28 01:34 <DIR> d-------- c:\arquivos de programas\Clipdiary 2008-10-26 00:49 . 2008-10-26 00:49 <DIR> d-------- c:\arquivos de programas\GameHouse 2008-10-25 18:12 . 2008-10-25 18:12 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Trymedia 2008-10-25 18:04 . 2008-10-25 18:12 <DIR> d-------- c:\arquivos de programas\GTR400 2008-10-25 17:10 . 2008-10-25 17:10 <DIR> d-------- c:\arquivos de programas\Real Alternative 2008-10-24 23:24 . 2008-10-25 16:31 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-10-22 20:09 . 2008-11-29 22:45 54,156 --ah----- c:\windows\QTFont.qfn 2008-10-22 20:09 . 2008-10-22 20:09 1,409 --a------ c:\windows\QTFont.for 2008-10-07 12:44 . 2008-10-07 12:44 <DIR> d-------- c:\arquivos de programas\Xara 2008-10-05 14:26 . 2008-10-05 14:26 552 --a------ c:\windows\system32\d3d8caps.dat . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-30 05:31 --------- d-----w c:\documents and settings\LocalService\Dados de aplicativos\VMware 2008-11-30 05:31 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\VMware 2008-11-30 05:29 --------- d-----w c:\arquivos de programas\Symantec AntiVirus 2008-11-30 05:20 --------- d-----w c:\documents and settings\ZERO\Dados de aplicativos\Skype 2008-11-30 05:19 --------- d-----w c:\documents and settings\ZERO\Dados de aplicativos\VMware 2008-11-30 05:19 --------- d-----w c:\arquivos de programas\SpeedFan 2008-11-30 04:45 --------- d-----w c:\arquivos de programas\LogMeIn 2008-11-30 04:36 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2008-11-30 03:21 --------- d-----w c:\documents and settings\ZERO\Dados de aplicativos\OpenOffice.org3 2008-11-29 16:06 --------- d-----w c:\arquivos de programas\Mozilla Thunderbird 2008-11-28 18:19 3,764 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2008-11-18 18:53 --------- d-----w c:\documents and settings\ZERO\Dados de aplicativos\XnView 2008-11-14 00:16 --------- d-----w c:\documents and settings\ZERO\Dados de aplicativos\dvdcss 2008-11-13 00:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2008-11-02 14:36 360,320 ----a-w c:\windows\system32\drivers\TCPIP.SYS 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-07 20:41 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-10-07 14:44 --------- d-----w c:\arquivos de programas\Common files 2008-09-16 01:32 4 --sh--r c:\documents and settings\All Users\Dados de aplicativos\sysqcl1129139270.dat 2008-09-10 19:09 44,544 ------w c:\windows\AWuninstall.exe 2008-09-10 13:36 286,720 ----a-w c:\windows\iun502.exe 2008-08-14 03:05 8 --sh--r c:\documents and settings\All Users\Dados de aplicativos\0A1F9A2666.sys 2008-02-28 17:30 8,784 ----a-w c:\arquivos de programas\mozilla firefox\plugins\ractrlkeyhook.dll 2008-02-28 17:33 245,408 ----a-w c:\arquivos de programas\mozilla firefox\plugins\unicows.dll 2008-06-07 04:57 56 --sh--r c:\windows\system32\4ABB899B99.sys . ------- Sigcheck ------- 2007-10-30 14:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 08:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 09:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 09:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB941644$\tcpip.sys 2007-10-30 15:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys 2008-04-13 17:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\tcpip.sys 2008-11-02 12:36 360320 3adce4790f591bf160a94f6f08039577 c:\windows\system32\dllcache\TCPIP.SYS 2008-11-02 12:36 360320 3adce4790f591bf160a94f6f08039577 c:\windows\system32\drivers\TCPIP.SYS . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208] "Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2006-10-13 20058152] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560] "UniClipper"="c:\arquivos de programas\EverNote\EverNote\UniClipper.exe" [2007-12-11 1078208] "Reminder"="c:\arquivos de programas\Microsoft Money\System\reminder.exe" [1998-07-25 36864] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208] "Google Update"="c:\documents and settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-08 133104] "VisualTaskTips"="c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2006-07-31 36864] "clipdiary"="c:\arquivos de programas\Clipdiary\clipdiary.exe" [2007-05-22 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-28 7110656] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-28 86016] "ccApp"="c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2006-03-07 53408] "PWRISOVM.EXE"="c:\arquivos de programas\PowerISO\PWRISOVM.EXE" [2007-08-06 200704] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\arquivos de programas\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "vmware-tray"="c:\arquivos de programas\VMware\VMware Workstation\vmware-tray.exe" [2007-05-01 68400] "VMware hqtray"="c:\arquivos de programas\VMware\VMware Workstation\hqtray.exe" [2007-05-01 56112] "LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048] "ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "THGuard"="c:\arquivos de programas\TrojanHunter 4.2\THGuard.exe" [2005-02-19 1089024] "vptray"="c:\arquiv~1\SYMANT~1\\vptray.exe" [2006-03-17 124656] "CorelDRAW Graphics Suite 11b"="c:\arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 729088] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe] "nwiz"="nwiz.exe" [2005-12-28 c:\windows\system32\nwiz.exe] c:\documents and settings\ZERO\Menu Iniciar\Programas\Inicializar\ EverNote.lnk - c:\arquivos de programas\EverNote\EverNote\EverNote.exe [2008-06-07 4008384] SpeedFan.lnk - c:\arquivos de programas\SpeedFan\speedfan.exe [2005-09-13 2469376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^ZERO^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk] path=c:\documents and settings\ZERO\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^ZERO^Menu Iniciar^Programas^Inicializar^OpenOffice.org 3.0.lnk] path=c:\documents and settings\ZERO\Menu Iniciar\Programas\Inicializar\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^ZERO^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk] path=c:\documents and settings\ZERO\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a------ 2004-12-14 03:12 483328 c:\arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage] --a------ 2007-11-05 12:12 884176 c:\arquivos de programas\AdVantage\AdVantage.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DUESystray] --a------ 2001-10-30 20:45 106496 c:\arquivos de programas\DUE\DUESysTrayCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] --a------ 2007-08-24 04:18 437160 c:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 08:00 33648 c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2005-10-20 15:45 871936 c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2008-07-24 15:22 243072 c:\arquivos de programas\IncrediMail\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 14:24 1694208 c:\arquivos de programas\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-29 00:37 413696 c:\arquivos de programas\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Arquivos de programas\\MiniRacingOnline\\MiniRacingOnLine.exe"= "c:\\Arquivos de programas\\PHP Expert Editor 4.2\\phpxedit.exe"= "c:\\Arquivos de programas\\PHP Expert Editor 4.2\\DBG\\DbgListener.exe"= "c:\\Arquivos de programas\\PPLive\\PPLive.exe"= "c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"= "c:\\Arquivos de programas\\SopCast\\SopCast.exe"= "c:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6500:TCP"= 6500:TCP:6500 "6500:UDP"= 6500:UDP:6500 R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\arquivos de programas\LogMeIn\x86\RaInfo.sys [2007-04-17 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-06-07 47640] R2 PSI_SVC_2;Protexis Licensing V2;"c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe" [2007-07-24 185632] S3 D301bus;GW01 USB WMC Bus Driver (WDM);c:\windows\system32\DRIVERS\D301bus.sys [2008-09-15 83328] S3 D301mdfl;GW01 USB WMC Modem Filter;c:\windows\system32\DRIVERS\D301mdfl.sys [2008-09-15 14976] S3 D301mdm;GW01 USB WMC Modem Driver;c:\windows\system32\DRIVERS\D301mdm.sys [2008-09-15 109824] S3 D301mgmt;GW01 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\D301mgmt.sys [2008-09-15 103808] S3 d301nd5;GW01 USB WMC Ethernet GW (NDIS);c:\windows\system32\DRIVERS\d301nd5.sys [2008-09-15 24832] S3 D301obex;GW01 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\D301obex.sys [2008-09-15 99840] S3 d301unic;GW01 USB WMC Ethernet GW (WDM);c:\windows\system32\DRIVERS\d301unic.sys [2008-09-15 105728] S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice [2008-09-11 24635] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [] S4 LMIRfsClientNP;LMIRfsClientNP; [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03c01bec-46c5-11dd-83fd-005056c00008}] \Shell\AutoRun\command - v.cmd \Shell\explore\Command - v.cmd \Shell\open\Command - v.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47ac14ea-5fe4-11dd-842d-005056c00008}] \Shell\AutoRun\command - J:\e.com \Shell\explore\Command - J:\e.com \Shell\open\Command - J:\e.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce024516-51a8-11dd-8416-005056c00008}] \Shell\Auto\command - msnmsgr.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e05882f5-a5a8-11dd-84a9-005056c00008}] \Shell\AutoRun\command - E:\vinaaj.exe \Shell\explore\Command - E:\vinaaj.exe \Shell\open\Command - E:\vinaaj.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8868756-9c4b-11dd-849e-005056c00008}] \Shell\AutoRun\command - E:\0u.cmd \Shell\explore\Command - E:\0u.cmd \Shell\open\Command - E:\0u.cmd . Conteúdo da pasta 'Tarefas Agendadas' 2008-11-28 c:\windows\Tasks\1-Click Maintenance.job - c:\arquivos de programas\TuneUp Utilities 2008\OneClick.exe [2008-01-08 14:31] 2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57] 2008-11-30 c:\windows\Tasks\Copia.job - c:\bat\Copia.bat [2007-05-13 09:15] 2008-11-30 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\ZERO\Configura [] . - - - - ORFÃOS REMOVIDOS - - - - HKLM-Run-Microsoft® System Manager - c:\windows\system32\sysmgr.exe MSConfigStartUp-DVD43 - c:\arquivos de programas\DVD Region+CSS Free\DVDRegionFree.exe . ------- Scan Suplementar ------- . FireFox -: Profile - c:\documents and settings\ZERO\Dados de aplicativos\Mozilla\Firefox\Profiles\xe4g2bkb.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.netvibes.com/#Geral FF -: plugin - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\npRACtrl.dll FF -: plugin - c:\arquivos de programas\Yahoo!\Common\npyaxmpb.dll FF -: plugin - c:\documents and settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\1.2.131.27\npGoogleOneClick6.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-30 03:32:16 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(1592) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe c:\arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe c:\arquivos de programas\Symantec AntiVirus\DefWatch.exe c:\arquivos de programas\LogMeIn\x86\ramaint.exe c:\arquivos de programas\LogMeIn\x86\LogMeIn.exe c:\arquivos de programas\LogMeIn\x86\LMIGuardian.exe c:\arquivos de programas\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\wdfmgr.exe c:\arquivos de programas\VMware\VMware Workstation\vmware-authd.exe c:\arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe c:\windows\system32\vmnat.exe c:\windows\system32\vmnetdhcp.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\arquivos de programas\LogMeIn\x86\LMIGuardian.exe c:\arquiv~1\SYMANT~1\VPTray.exe c:\windows\system32\wscntfy.exe c:\windows\system32\internat.exe c:\arquivos de programas\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Tempo para conclusão: 2008-11-30 3:35:55 - Máquina reiniciou ComboFix-quarantined-files.txt 2008-11-30 05:35:52 Pré-execução: 18 pasta(s) 84.982.591.488 bytes disponíveis Pós execução: 18 pasta(s) 84,889,456,640 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 306 --- E O F --- 2008-11-13 00:10:22 Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Novembro 30, 2008 Delete a pasta C:\Qoobox e o log C:\ComboFix.txt. Conecte seu pen drive, MP3, MP4, ou qualquer outro tipo de mídia removível que tenha, na(s) entrada(s) USB do computador. Selecione e copie este texto aqui abaixo dentro do quote. Cole-o dentro do bloco de notas de seu computador e salve-o na área de trabalho com o nome de CFScript.txt File::c:\windows\system32\panama.exe C:\apqgf.exe c:\windows\system32\terum.exe C:\mggiu.exe C:\kuvj.exe C:\khr c:\windows\system32\cftm.exe c:\documents and settings\All Users\Dados de aplicativos\sysqcl1129139270.dat c:\documents and settings\All Users\Dados de aplicativos\0A1F9A2666.sys c:\arquivos de programas\AdVantage\AdVantage.exe c:\windows\Tasks\Copia.job c:\bat\Copia.bat Folder:: C:\SDFix C:\Arquivos de programas\AdVantage Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03c01bec-46c5-11dd-83fd-005056c00008}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47ac14ea-5fe4-11dd-842d-005056c00008}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce024516-51a8-11dd-8416-005056c00008}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e05882f5-a5a8-11dd-84a9-005056c00008}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8868756-9c4b-11dd-849e-005056c00008}] DirLook:: C:\SPIDERWICK_CHRONICLES_BRAZIL FileLook:: c:\windows\system32\4ABB899B99.sys Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta: ● Se for solicitado à você, pressione Enter para iniciar o processo de remoção; ● Não use o mouse nem o teclado quando o ComboFix estiver rodando; ● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt; ● Seu computador será reiniciado automaticamente; Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis. Compartilhar este post Link para o post Compartilhar em outros sites
jucca 0 Denunciar post Postado Novembro 30, 2008 Não entendi sobre ligar dispositivos USB. Nesta máquina não tenho a inicialização automática de unidade, que abre os mal-fadados autorun.inf. Tenho vários HDs externos (3) e vários pen drives (2). Os mais provavelmente contaminados estavam ligados quando fiz este último procedimento. Abaixo logs ComboFix e Hijackthis Até :thumbsup: ComboFix 08-11-29.03 - ZERO 2008-11-30 16:56:26.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1296 [GMT -2:00] Executando de: c:\documents and settings\ZERO\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\ZERO\Desktop\CFScript.txt * Criado um novo ponto de restauro FILE :: C:\apqgf.exe c:\arquivos de programas\AdVantage\AdVantage.exe c:\bat\Copia.bat c:\documents and settings\All Users\Dados de aplicativos\0A1F9A2666.sys c:\documents and settings\All Users\Dados de aplicativos\sysqcl1129139270.dat C:\khr C:\kuvj.exe C:\mggiu.exe c:\windows\system32\cftm.exe c:\windows\system32\panama.exe c:\windows\system32\terum.exe c:\windows\Tasks\Copia.job . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\apqgf.exe c:\arquivos de programas\AdVantage c:\arquivos de programas\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest c:\arquivos de programas\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png c:\arquivos de programas\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf c:\arquivos de programas\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js c:\arquivos de programas\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul c:\arquivos de programas\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc c:\arquivos de programas\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd c:\arquivos de programas\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc c:\arquivos de programas\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt c:\arquivos de programas\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll c:\arquivos de programas\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js c:\arquivos de programas\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf c:\arquivos de programas\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc c:\arquivos de programas\AdVantage\AdVantage.db c:\arquivos de programas\AdVantage\AdVantage.exe c:\arquivos de programas\AdVantage\AdVantage.htm c:\arquivos de programas\AdVantage\AdVUninst.exe c:\arquivos de programas\AdVantage\ffext.mod c:\arquivos de programas\AdVantage\TR.dll c:\arquivos de programas\AdVantage\user.db c:\bat\Copia.bat c:\documents and settings\All Users\Dados de aplicativos\0A1F9A2666.sys c:\documents and settings\All Users\Dados de aplicativos\sysqcl1129139270.dat C:\khr C:\kuvj.exe C:\mggiu.exe C:\SDFix c:\sdfix\Add_DBFix_RunOnce_key.inf c:\sdfix\AdminCheck2.txt c:\sdfix\apps\assosfix.reg c:\sdfix\apps\Cghtme.exe c:\sdfix\apps\cliptext.exe c:\sdfix\apps\CSweg.exe c:\sdfix\apps\DBFix.inf c:\sdfix\apps\download.exe c:\sdfix\apps\dummy.sys c:\sdfix\apps\Enable_Command_Prompt.inf c:\sdfix\apps\Enable_Command_Prompt.reg c:\sdfix\apps\ERDNT.E_E c:\sdfix\apps\ERDNTDOS.LOC c:\sdfix\apps\ERDNTWIN.LOC c:\sdfix\apps\ERUNT.EXE c:\sdfix\apps\ERUNT.LOC c:\sdfix\apps\fix.reg c:\sdfix\apps\FixBeep.reg c:\sdfix\apps\FixBH.reg c:\sdfix\apps\FixComponents.reg c:\sdfix\apps\FIXCU.reg c:\sdfix\apps\FIXLM.reg c:\sdfix\apps\FixPath.exe c:\sdfix\apps\FixRedir.reg c:\sdfix\apps\FixSchedule.reg c:\sdfix\apps\FixWebCheck.reg c:\sdfix\apps\fixXP.reg c:\sdfix\apps\FixXPsp2.reg c:\sdfix\apps\grep.exe c:\sdfix\apps\HaxdFix.reg c:\sdfix\apps\HPFix.reg c:\sdfix\apps\HPFix2.reg c:\sdfix\apps\HPFix3.reg c:\sdfix\apps\HPFix4.reg c:\sdfix\apps\HPFix5.reg c:\sdfix\apps\HPFix6.reg c:\sdfix\apps\HPFix7.reg c:\sdfix\apps\HPFix8.reg c:\sdfix\apps\HPFix9.reg c:\sdfix\apps\Installed.txt c:\sdfix\apps\isadmin.exe c:\sdfix\apps\leg2.txt c:\sdfix\apps\legacy.txt c:\sdfix\apps\legacybk.txt c:\sdfix\apps\locate.com c:\sdfix\apps\LS.exe c:\sdfix\apps\MD5File.exe c:\sdfix\apps\moveex.exe c:\sdfix\apps\MyGcpvFix.reg c:\sdfix\apps\MyGkFix2.reg c:\sdfix\apps\Process.exe c:\sdfix\apps\procs.exe c:\sdfix\apps\psservice.exe c:\sdfix\apps\Rem.txt c:\sdfix\apps\Rem2.txt c:\sdfix\apps\Replace\regedit.exe c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT c:\sdfix\apps\Replace\w2k\beep.sys c:\sdfix\apps\Replace\w2k\command.com c:\sdfix\apps\Replace\w2k\command.PIF c:\sdfix\apps\Replace\w2k\CONFIG.NT c:\sdfix\apps\Replace\w2k\null.sys c:\sdfix\apps\Replace\xp\AUTOEXEC.NT c:\sdfix\apps\Replace\xp\beep.sys c:\sdfix\apps\Replace\xp\command.com c:\sdfix\apps\Replace\xp\command.PIF c:\sdfix\apps\Replace\xp\CONFIG.NT c:\sdfix\apps\Replace\xp\null.sys c:\sdfix\apps\Reset_AppInit_DLLs.reg c:\sdfix\apps\RestartIt!.exe c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg c:\sdfix\apps\Restore_SecurityCenter.reg c:\sdfix\apps\Restore_SharedAccess.reg c:\sdfix\apps\sc.exe c:\sdfix\apps\sed.exe c:\sdfix\apps\SF.exe c:\sdfix\apps\shutdown.exe c:\sdfix\apps\srv2.txt c:\sdfix\apps\srv2bk.txt c:\sdfix\apps\svc.txt c:\sdfix\apps\svcbk.txt c:\sdfix\apps\Swreg.exe c:\sdfix\apps\swsc.exe c:\sdfix\apps\UnRAR.exe c:\sdfix\apps\unzip.exe c:\sdfix\apps\vfind.exe c:\sdfix\apps\WINMSG.EXE c:\sdfix\apps\winsec.reg c:\sdfix\apps\zip.exe c:\sdfix\attrib.exe c:\sdfix\backups\backupreg.zip c:\sdfix\backups\backups.zip c:\sdfix\beepFA0.TXT c:\sdfix\beepFA1.TXT c:\sdfix\beepFA2.TXT c:\sdfix\beepFA3.TXT c:\sdfix\beepFA4.TXT c:\sdfix\beepxcodec0.TXT c:\sdfix\beepxcodec1.TXT c:\sdfix\beepxcodec2.TXT c:\sdfix\beepxcodec3.TXT c:\sdfix\beepxcodec4.TXT c:\sdfix\bpTEST1.TXT c:\sdfix\bpTEST3.TXT c:\sdfix\catchme.exe c:\sdfix\Catchme.log c:\sdfix\CheckRuns.txt c:\sdfix\Checkusersdir1a.txt c:\sdfix\Checkusersdir2a.txt c:\sdfix\clean.reg c:\sdfix\cleanD.reg c:\sdfix\DBFix.bat c:\sdfix\delavi0.txt c:\sdfix\delzip0.txt c:\sdfix\dest.txt c:\sdfix\dnif.exe c:\sdfix\dummy.exe c:\sdfix\dummy.sys c:\sdfix\editreg.exe c:\sdfix\FilekillList1.txt c:\sdfix\FileList1.txt c:\sdfix\FileList2.txt c:\sdfix\Find.txt c:\sdfix\Findav2009.txt c:\sdfix\Findav2009a.txt c:\sdfix\Findbhos1.txt c:\sdfix\FindIRCBrute.txt c:\sdfix\Findroguerun1.txt c:\sdfix\Findrun002.txt c:\sdfix\Findrun002a.txt c:\sdfix\Findrun30.txt c:\sdfix\Findrun31.txt c:\sdfix\Findrun31a.txt c:\sdfix\Findrun31b.txt c:\sdfix\Findrun32.txt c:\sdfix\Findrunbifrose1.txt c:\sdfix\Findrunbot1.txt c:\sdfix\FindrunDW_Start.txt c:\sdfix\Findzip.txt c:\sdfix\HOSTS c:\sdfix\Patched2a.txt c:\sdfix\Patched2b.txt c:\sdfix\Patched2c.txt c:\sdfix\RemLat.txt c:\sdfix\Remlat1.txt c:\sdfix\Remlat2.txt c:\sdfix\Remlat3.txt c:\sdfix\Remlat4.txt c:\sdfix\Remlat6a.txt c:\sdfix\Remlat6b.txt c:\sdfix\Remlat6c.txt c:\sdfix\Remlat6d.txt c:\sdfix\Report.txt c:\sdfix\rtsdnif.exe c:\sdfix\RunThis.bat c:\sdfix\SDFIX_ReadMe_Online.url c:\sdfix\TESTADS1.txt c:\sdfix\TESTADS2.txt c:\sdfix\TESTADS3.txt c:\sdfix\TESTADS4.txt c:\sdfix\TESTADS5.txt c:\sdfix\TESTADS6.txt c:\sdfix\TESTClbtds2.txt c:\sdfix\TESTClbtds3A.txt c:\sdfix\TESTSecProar.txt c:\sdfix\TESTspreadbot1.TXT c:\sdfix\TESTspreadbot2.TXT c:\sdfix\TESTspreadbot3.TXT c:\sdfix\TESTstartupusr.TXT c:\sdfix\TESTtdsss1.TXT c:\sdfix\TESTtdsss1a.TXT c:\sdfix\TESTtdsss1b.TXT c:\sdfix\TESTtdsss2.TXT c:\sdfix\TESTtdsss2a.TXT c:\sdfix\TESTtdsss2b.TXT c:\sdfix\TESTtdsss2c.TXT c:\sdfix\TESTtdsss2d.TXT c:\sdfix\TESTtdsss2e.TXT c:\sdfix\TESTtdsss2f.TXT c:\sdfix\TESTtdsss2g.TXT c:\sdfix\TESTtdsss2h.TXT c:\sdfix\userinfix.reg c:\sdfix\W2K_VirusAlert_Repair.inf c:\sdfix\XP_VirusAlert_Repair.inf c:\windows\system32\cftm.exe c:\windows\system32\panama.exe c:\windows\system32\terum.exe c:\windows\Tasks\Copia.job . (((((((((((((((( Arquivos/Ficheiros criados de 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))) . 2008-11-30 02:57 . 2008-11-30 02:57 <DIR> d-------- c:\windows\ERUNT 2008-11-30 02:36 . 2008-11-30 02:36 <DIR> d-------- c:\arquivos de programas\ISL 2008-11-30 02:12 . 2008-11-30 02:12 <DIR> d-------- c:\documents and settings\ZERO\Dados de aplicativos\Nik Software 2008-11-30 02:08 . 2008-11-30 02:08 <DIR> d-------- c:\windows\MSSecurityNS 2008-11-30 02:08 . 2008-11-30 02:08 <DIR> d-------- c:\windows\MSSecurityNi 2008-11-30 02:06 . 2008-11-30 02:06 <DIR> d-------- c:\documents and settings\ZERO\Dados de aplicativos\RetouchPilot 2008-11-30 02:01 . 2008-11-30 02:01 <DIR> d-------- c:\arquivos de programas\Two Pilots 2008-11-30 02:01 . 2008-11-30 02:02 <DIR> d-------- c:\arquivos de programas\Retouch Pilot 2008-11-29 15:05 . 2008-11-29 15:05 401,720 --a------ C:\HiJackThis.exe 2008-11-24 14:09 . 2008-11-24 14:09 <DIR> dr------- c:\documents and settings\LocalService\Favoritos 2008-11-16 17:59 . 2008-11-16 17:59 <DIR> d-------- c:\documents and settings\ZERO\Dados de aplicativos\VitySoft 2008-11-16 17:02 . 2008-11-16 17:02 <DIR> d-------- c:\documents and settings\Demon\Meus documentos 2008-11-16 17:02 . 2008-11-16 17:02 <DIR> d-------- c:\documents and settings\Demon 2008-11-15 03:38 . 2008-11-15 03:43 <DIR> d-------- c:\documents and settings\ZERO\Dados de aplicativos\ConceptDraw MINDMAP 5 Professional 2008-11-15 03:38 . 2008-11-15 03:38 <DIR> d-------- c:\arquivos de programas\CS Odessa 2008-11-02 12:57 . 2008-11-02 13:02 <DIR> d-------- c:\arquivos de programas\SopCast 2008-11-02 12:50 . 2008-11-02 12:50 <DIR> d-------- c:\documents and settings\ZERO\Dados de aplicativos\PPLive 2008-11-02 12:50 . 2008-11-02 16:02 <DIR> d-------- c:\arquivos de programas\PPLive 2008-11-02 12:36 . 2008-11-02 12:36 360,320 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2008-11-01 22:05 . 2008-11-01 22:58 <DIR> d-------- C:\SPIDERWICK_CHRONICLES_BRAZIL 2008-11-01 22:00 . 2008-11-01 22:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink 2008-11-01 22:00 . 2008-11-01 22:00 <DIR> d-------- c:\arquivos de programas\DVD Shrink 2008-10-30 01:10 . 2008-10-30 01:10 <DIR> d-------- c:\arquivos de programas\RAYflect 2008-10-28 01:34 . 2008-11-30 16:53 <DIR> d-------- c:\documents and settings\ZERO\Dados de aplicativos\clipdiary 2008-10-28 01:34 . 2008-10-28 01:34 <DIR> d-------- c:\arquivos de programas\Clipdiary 2008-10-26 00:49 . 2008-10-26 00:49 <DIR> d-------- c:\arquivos de programas\GameHouse 2008-10-25 18:12 . 2008-10-25 18:12 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Trymedia 2008-10-25 18:04 . 2008-10-25 18:12 <DIR> d-------- c:\arquivos de programas\GTR400 2008-10-25 17:10 . 2008-10-25 17:10 <DIR> d-------- c:\arquivos de programas\Real Alternative 2008-10-24 23:24 . 2008-10-25 16:31 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-10-22 20:09 . 2008-11-29 22:45 54,156 --ah----- c:\windows\QTFont.qfn 2008-10-22 20:09 . 2008-10-22 20:09 1,409 --a------ c:\windows\QTFont.for 2008-10-07 12:44 . 2008-10-07 12:44 <DIR> d-------- c:\arquivos de programas\Xara 2008-10-05 14:26 . 2008-10-05 14:26 552 --a------ c:\windows\system32\d3d8caps.dat . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-30 18:59 --------- d-----w c:\documents and settings\ZERO\Dados de aplicativos\Skype 2008-11-30 18:50 --------- d-----w c:\arquivos de programas\Symantec AntiVirus 2008-11-30 18:50 --------- d-----w c:\arquivos de programas\SpeedFan 2008-11-30 18:49 --------- d-----w c:\documents and settings\ZERO\Dados de aplicativos\VMware 2008-11-30 18:48 --------- d-----w c:\documents and settings\LocalService\Dados de aplicativos\VMware 2008-11-30 18:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\VMware 2008-11-30 04:45 --------- d-----w c:\arquivos de programas\LogMeIn 2008-11-30 04:36 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information 2008-11-30 03:21 --------- d-----w c:\documents and settings\ZERO\Dados de aplicativos\OpenOffice.org3 2008-11-29 16:06 --------- d-----w c:\arquivos de programas\Mozilla Thunderbird 2008-11-28 18:19 3,764 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2008-11-18 18:53 --------- d-----w c:\documents and settings\ZERO\Dados de aplicativos\XnView 2008-11-14 00:16 --------- d-----w c:\documents and settings\ZERO\Dados de aplicativos\dvdcss 2008-11-13 00:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2008-11-07 00:07 4,598 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-11-02 14:36 360,320 ----a-w c:\windows\system32\drivers\TCPIP.SYS 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 22:35 87,352 ----a-w c:\windows\system32\LMIinit.dll 2008-10-16 22:35 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll 2008-10-16 22:35 28,984 ----a-w c:\windows\system32\LMIport.dll 2008-10-16 22:35 23,736 ----a-w c:\windows\system32\lmimirr.dll 2008-10-16 22:35 10,040 ----a-w c:\windows\system32\lmimirr2.dll 2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 16:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 16:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-07 20:41 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-10-07 14:44 --------- d-----w c:\arquivos de programas\Common files 2008-09-30 18:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:40 1,846,144 ----a-w c:\windows\system32\win32k.sys 2008-09-10 19:09 44,544 ------w c:\windows\AWuninstall.exe 2008-09-10 13:36 286,720 ----a-w c:\windows\iun502.exe 2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-29 22:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll 2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-14 13:45 2,140,160 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 13:45 2,019,840 ----a-w c:\windows\system32\ntkrnlpa.exe 2008-02-28 17:30 8,784 ----a-w c:\arquivos de programas\mozilla firefox\plugins\ractrlkeyhook.dll 2008-02-28 17:33 245,408 ----a-w c:\arquivos de programas\mozilla firefox\plugins\unicows.dll 2008-06-07 04:57 56 --sh--r c:\windows\system32\4ABB899B99.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\4ABB899B99.sys -- Not a PE file. MD5: b8eb6b567fbd50abe0b6ea7dc06db2ae ---- Directory of C:\SPIDERWICK_CHRONICLES_BRAZIL ---- 2008-11-01 22:58 518801408 --a------ c:\spiderwick_chronicles_brazil\VTS_04_1.VOB 2008-11-01 22:58 22528 --a------ c:\spiderwick_chronicles_brazil\VTS_04_0.IFO 2008-11-01 22:58 22528 --a------ c:\spiderwick_chronicles_brazil\VTS_04_0.BUP 2008-11-01 22:58 18432 --a------ c:\spiderwick_chronicles_brazil\VIDEO_TS.IFO 2008-11-01 22:58 18432 --a------ c:\spiderwick_chronicles_brazil\VIDEO_TS.BUP 2008-11-01 22:53 498989056 --a------ c:\spiderwick_chronicles_brazil\VTS_03_4.VOB 2008-11-01 22:53 116736 --a------ c:\spiderwick_chronicles_brazil\VTS_03_0.IFO 2008-11-01 22:53 116736 --a------ c:\spiderwick_chronicles_brazil\VTS_03_0.BUP 2008-11-01 22:48 1073739776 --a------ c:\spiderwick_chronicles_brazil\VTS_03_3.VOB 2008-11-01 22:36 1073739776 --a------ c:\spiderwick_chronicles_brazil\VTS_03_2.VOB 2008-11-01 22:24 1073739776 --a------ c:\spiderwick_chronicles_brazil\VTS_03_1.VOB 2008-11-01 22:11 222068736 --a------ c:\spiderwick_chronicles_brazil\VTS_03_0.VOB 2008-11-01 22:08 22528 --a------ c:\spiderwick_chronicles_brazil\VTS_02_0.IFO 2008-11-01 22:08 22528 --a------ c:\spiderwick_chronicles_brazil\VTS_02_0.BUP 2008-11-01 22:08 204797952 --a------ c:\spiderwick_chronicles_brazil\VTS_02_1.VOB 2008-11-01 22:06 929792 --a------ c:\spiderwick_chronicles_brazil\VIDEO_TS.VOB 2008-11-01 22:06 65536 --a------ c:\spiderwick_chronicles_brazil\VTS_01_1.VOB 2008-11-01 22:06 14336 --a------ c:\spiderwick_chronicles_brazil\VTS_01_0.IFO 2008-11-01 22:06 14336 --a------ c:\spiderwick_chronicles_brazil\VTS_01_0.BUP 2008-11-01 22:06 13582336 --a------ c:\spiderwick_chronicles_brazil\VTS_02_0.VOB ------- Sigcheck ------- 2007-10-30 14:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 08:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 09:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 09:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB941644$\tcpip.sys 2007-10-30 15:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys 2008-04-13 17:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\tcpip.sys 2008-11-02 12:36 360320 3adce4790f591bf160a94f6f08039577 c:\windows\system32\dllcache\TCPIP.SYS 2008-11-02 12:36 360320 3adce4790f591bf160a94f6f08039577 c:\windows\system32\drivers\TCPIP.SYS . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208] "Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2006-10-13 20058152] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560] "UniClipper"="c:\arquivos de programas\EverNote\EverNote\UniClipper.exe" [2007-12-11 1078208] "Reminder"="c:\arquivos de programas\Microsoft Money\System\reminder.exe" [1998-07-25 36864] "MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208] "Google Update"="c:\documents and settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-09-08 133104] "VisualTaskTips"="c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2006-07-31 36864] "clipdiary"="c:\arquivos de programas\Clipdiary\clipdiary.exe" [2007-05-22 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-28 7110656] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-28 86016] "ccApp"="c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2006-03-07 53408] "PWRISOVM.EXE"="c:\arquivos de programas\PowerISO\PWRISOVM.EXE" [2007-08-06 200704] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\arquivos de programas\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "vmware-tray"="c:\arquivos de programas\VMware\VMware Workstation\vmware-tray.exe" [2007-05-01 68400] "VMware hqtray"="c:\arquivos de programas\VMware\VMware Workstation\hqtray.exe" [2007-05-01 56112] "LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048] "ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "THGuard"="c:\arquivos de programas\TrojanHunter 4.2\THGuard.exe" [2005-02-19 1089024] "vptray"="c:\arquiv~1\SYMANT~1\\vptray.exe" [2006-03-17 124656] "CorelDRAW Graphics Suite 11b"="c:\arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 729088] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe] "nwiz"="nwiz.exe" [2005-12-28 c:\windows\system32\nwiz.exe] c:\documents and settings\ZERO\Menu Iniciar\Programas\Inicializar\ EverNote.lnk - c:\arquivos de programas\EverNote\EverNote\EverNote.exe [2008-06-07 4008384] SpeedFan.lnk - c:\arquivos de programas\SpeedFan\speedfan.exe [2005-09-13 2469376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^ZERO^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk] path=c:\documents and settings\ZERO\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^ZERO^Menu Iniciar^Programas^Inicializar^OpenOffice.org 3.0.lnk] path=c:\documents and settings\ZERO\Menu Iniciar\Programas\Inicializar\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^ZERO^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk] path=c:\documents and settings\ZERO\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a------ 2004-12-14 03:12 483328 c:\arquivos de programas\Adobe\Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DUESystray] --a------ 2001-10-30 20:45 106496 c:\arquivos de programas\DUE\DUESysTrayCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] --a------ 2007-08-24 04:18 437160 c:\arquiv~1\ARQUIV~1\MICROS~1\DW\DWTRIG20.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 08:00 33648 c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2005-10-20 15:45 871936 c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail] --a------ 2008-07-24 15:22 243072 c:\arquivos de programas\IncrediMail\bin\IncMail.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 14:24 1694208 c:\arquivos de programas\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-29 00:37 413696 c:\arquivos de programas\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe"= "c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Arquivos de programas\\MiniRacingOnline\\MiniRacingOnLine.exe"= "c:\\Arquivos de programas\\PHP Expert Editor 4.2\\phpxedit.exe"= "c:\\Arquivos de programas\\PHP Expert Editor 4.2\\DBG\\DbgListener.exe"= "c:\\Arquivos de programas\\PPLive\\PPLive.exe"= "c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"= "c:\\Arquivos de programas\\SopCast\\SopCast.exe"= "c:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6500:TCP"= 6500:TCP:6500 "6500:UDP"= 6500:UDP:6500 R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\arquivos de programas\LogMeIn\x86\RaInfo.sys [2007-04-17 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-06-07 47640] R2 PSI_SVC_2;Protexis Licensing V2;"c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe" [2007-07-24 185632] S3 D301bus;GW01 USB WMC Bus Driver (WDM);c:\windows\system32\DRIVERS\D301bus.sys [2008-09-15 83328] S3 D301mdfl;GW01 USB WMC Modem Filter;c:\windows\system32\DRIVERS\D301mdfl.sys [2008-09-15 14976] S3 D301mdm;GW01 USB WMC Modem Driver;c:\windows\system32\DRIVERS\D301mdm.sys [2008-09-15 109824] S3 D301mgmt;GW01 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\D301mgmt.sys [2008-09-15 103808] S3 d301nd5;GW01 USB WMC Ethernet GW (NDIS);c:\windows\system32\DRIVERS\d301nd5.sys [2008-09-15 24832] S3 D301obex;GW01 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\D301obex.sys [2008-09-15 99840] S3 d301unic;GW01 USB WMC Ethernet GW (WDM);c:\windows\system32\DRIVERS\d301unic.sys [2008-09-15 105728] S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice [2008-09-11 24635] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [] S4 LMIRfsClientNP;LMIRfsClientNP; [] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Conteúdo da pasta 'Tarefas Agendadas' 2008-11-28 c:\windows\Tasks\1-Click Maintenance.job - c:\arquivos de programas\TuneUp Utilities 2008\OneClick.exe [2008-01-08 14:31] 2008-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57] 2008-11-30 c:\windows\Tasks\GoogleUpdateTaskUser.job - c:\documents and settings\ZERO\Configura [] . - - - - ORFÃOS REMOVIDOS - - - - HKLM-Run-Microsoft® System Manager - c:\windows\system32\sysmgr.exe ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-30 16:59:41 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mchInjDrv] "ImagePath"="\??\c:\docume~1\ZERO\CONFIG~1\Temp\mc21.tmp" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(1572) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Tempo para conclusão: 2008-11-30 17:00:31 ComboFix-quarantined-files.txt 2008-11-30 19:00:28 Pré-execução: 18 pasta(s) 84.604.121.088 bytes disponíveis Pós execução: 17 pasta(s) 84,579,889,152 bytes disponíveis 506 --- E O F --- 2008-11-13 00:10:22 ---------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:13:11, on 30/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wdfmgr.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\Arquivos de programas\PowerISO\PWRISOVM.EXE C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\TrojanHunter 4.2\THGuard.exe C:\ARQUIV~1\SYMANT~1\vptray.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe C:\Arquivos de programas\Microsoft Money\System\reminder.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe C:\Arquivos de programas\Clipdiary\clipdiary.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\SpeedFan\speedfan.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\INTERNAT.EXE C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [THGuard] "C:\Arquivos de programas\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\\vptray.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121308 serial=DR12CCZ-5856916-JJL lang=BP O4 - HKLM\..\Run: [Microsoft® System Manager] C:\WINDOWS\system32\sysmgr.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uniClipper] "C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe" O4 - HKCU\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [clipdiary] C:\Arquivos de programas\Clipdiary\clipdiary.exe O4 - Startup: EverNote.lnk = C:\Arquivos de programas\EverNote\EverNote\EverNote.exe O4 - Startup: SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Sothink SWF Decompiler - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B96174AB-569F-4045-9393-488AC11AC307}: NameServer = 192.168.1.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (idrivert) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 15956 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Novembro 30, 2008 Delete a pasta C:\Qoobox. - Faça o download do Malwarebytes Anti-Malware e salve-o no desktop; ● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil); ● No meio da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir; ● Após a instalação execute o programa; ● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação; ● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você; ● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover; ● O log pode ser consultado clicando em Logs do menu principal também; Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis. Compartilhar este post Link para o post Compartilhar em outros sites
jucca 0 Denunciar post Postado Novembro 30, 2008 Já limpei a QUARENTENA do Mawarebytes: --- Malwarebytes' Anti-Malware 1.30 Versão do banco de dados: 1439 Windows 5.1.2600 Service Pack 2 30/11/2008 19:31:21 mbam-log-2008-11-30 (19-31-21).txt Tipo de Verificação: Completa (C:\|) Objetos verificados: 181977 Tempo decorrido: 40 minute(s), 34 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 1 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 6 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® System Manager (Backdoor.Bot) -> Quarantined and deleted successfully. Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\System Volume Information\_restore{9410800B-655E-4AFD-9132-3C35C6091CC7}\RP217\A0052296.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{9410800B-655E-4AFD-9132-3C35C6091CC7}\RP217\A0052290.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{9410800B-655E-4AFD-9132-3C35C6091CC7}\RP217\A0052291.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{9410800B-655E-4AFD-9132-3C35C6091CC7}\RP218\A0053354.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{9410800B-655E-4AFD-9132-3C35C6091CC7}\RP219\A0054427.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{9410800B-655E-4AFD-9132-3C35C6091CC7}\RP219\A0054428.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. ------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:35:30, on 30/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wdfmgr.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\Arquivos de programas\PowerISO\PWRISOVM.EXE C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\Arquivos de programas\TrojanHunter 4.2\THGuard.exe C:\ARQUIV~1\SYMANT~1\vptray.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe C:\Arquivos de programas\Microsoft Money\System\reminder.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe C:\Arquivos de programas\Clipdiary\clipdiary.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\SpeedFan\speedfan.exe C:\WINDOWS\system32\INTERNAT.EXE C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe C:\Arquivos de programas\Webteh\BSplayer\bsplayer.exe C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [THGuard] "C:\Arquivos de programas\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\\vptray.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121308 serial=DR12CCZ-5856916-JJL lang=BP O4 - HKLM\..\Run: [Microsoft® System Manager] C:\WINDOWS\system32\sysmgr.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uniClipper] "C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe" O4 - HKCU\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [clipdiary] C:\Arquivos de programas\Clipdiary\clipdiary.exe O4 - Startup: EverNote.lnk = C:\Arquivos de programas\EverNote\EverNote\EverNote.exe O4 - Startup: SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Sothink SWF Decompiler - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B96174AB-569F-4045-9393-488AC11AC307}: NameServer = 192.168.1.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (idrivert) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 16214 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Novembro 30, 2008 Vá em Iniciar > Executar, digite: sysdm.cpl e tecle Enter. Clique na aba Restauração do Sistema e marque a opção Desativar restauração do sistema > OK. Volte a desmarcar esta opção quando terminarmos aqui. - Faça o download do Avenger e salve-o no desktop; ● Extraia o conteúdo do zip para o desktop; ● Selecione e copie o texto aqui abaixo: Files to delete:C:\WINDOWS\system32\sysmgr.exe Registry values to delete: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |Microsoft® System Manager ● Execute o programa Avenger, dando dois cliques em avenger.exe; ● Clique no menu Load Script > Paste from Clipboard; ● Clique no botão Execute > Yes > OK; ● Seu computador será reiniciado; ● Reinicie em Modo de Segurança (segurando a tecla F8 na inicialização e escolhendo a opção Modo Seguro no menu); ● Já em Modo Seguro, abra o HijackThis e clique em Do a system scan only. Marque a entrada abaixo no log e clique no botão Fix Checked. O4 - HKLM\..\Run: [Microsoft® System Manager] C:\WINDOWS\system32\sysmgr.exe ● Será gerado um log em C:\avenger.txt Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis. Compartilhar este post Link para o post Compartilhar em outros sites
jucca 0 Denunciar post Postado Novembro 30, 2008 Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\system32\sysmgr.exe" not found! Deletion of file "C:\WINDOWS\system32\sysmgr.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not delete registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® System Manager" Deletion of registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® System Manager" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. --- Hijackthis no Mode Seguro Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:48:26, on 30/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [THGuard] "C:\Arquivos de programas\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\\vptray.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121308 serial=DR12CCZ-5856916-JJL lang=BP O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uniClipper] "C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe" O4 - HKCU\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [clipdiary] C:\Arquivos de programas\Clipdiary\clipdiary.exe O4 - Startup: EverNote.lnk = C:\Arquivos de programas\EverNote\EverNote\EverNote.exe O4 - Startup: SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Sothink SWF Decompiler - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B96174AB-569F-4045-9393-488AC11AC307}: NameServer = 192.168.1.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (idrivert) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 13417 bytes --- Hijackthis no Modo Normal Reiniciado Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:57:33, on 30/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wdfmgr.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\Arquivos de programas\PowerISO\PWRISOVM.EXE C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\ARQUIV~1\SYMANT~1\vptray.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe C:\Arquivos de programas\Microsoft Money\System\reminder.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe C:\Arquivos de programas\Clipdiary\clipdiary.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\SpeedFan\speedfan.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\INTERNAT.EXE C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [THGuard] "C:\Arquivos de programas\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\\vptray.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121308 serial=DR12CCZ-5856916-JJL lang=BP O4 - HKLM\..\Run: [Microsoft® System Manager] C:\WINDOWS\system32\sysmgr.exe O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uniClipper] "C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe" O4 - HKCU\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [clipdiary] C:\Arquivos de programas\Clipdiary\clipdiary.exe O4 - Startup: EverNote.lnk = C:\Arquivos de programas\EverNote\EverNote\EverNote.exe O4 - Startup: SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Sothink SWF Decompiler - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B96174AB-569F-4045-9393-488AC11AC307}: NameServer = 192.168.1.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (idrivert) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 16029 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Dezembro 1, 2008 Por favor, rode novamente o SDFix como lhe passei da primeira vez e poste o log dele aqui juntamente com um novo do HijackThis. - Faça o download do SDFix e salve no desktop; ● Dê um duplo clique no SDFix.exe e a ferramenta será instalada em C:\SDFix. Mas não o execute ainda; ● Reinicie seu computador seu computador em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro); ● Entre na pasta do SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat; ● Tecle Y para que a ferramenta inicie o processo de remoção; ● Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Então pressione qualquer. Seu computador será reiniciado automaticamente; ● Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla novamente; ● Uma janela com o relatório do SDFix irá aparecer; ● O log abrirá automaticamente para você. Estará salvo na pasta do SDFix com o nome Report.txt; Faça um novo log do HijackThis e cole na sua próxima resposta, juntamente com o log do SDFix. Compartilhar este post Link para o post Compartilhar em outros sites
jucca 0 Denunciar post Postado Dezembro 1, 2008 SDFix: Version 1.240 Run by ZERO on seg 01/12/2008 at 10:39 Microsoft Windows XP [versÆo 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-01 10:51:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"="C:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe"="C:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail" "C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"="C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\\Arquivos de programas\\MiniRacingOnline\\MiniRacingOnLine.exe"="C:\\Arquivos de programas\\MiniRacingOnline\\MiniRacingOnLine.exe:*:Enabled:MiniRacingOnLine" "C:\\Arquivos de programas\\PHP Expert Editor 4.2\\phpxedit.exe"="C:\\Arquivos de programas\\PHP Expert Editor 4.2\\phpxedit.exe:*:Enabled:PHP Expert Editor" "C:\\Arquivos de programas\\PHP Expert Editor 4.2\\DBG\\DbgListener.exe"="C:\\Arquivos de programas\\PHP Expert Editor 4.2\\DBG\\DbgListener.exe:*:Enabled:Listener for php debugger DBG" "C:\\Arquivos de programas\\PPLive\\PPLive.exe"="C:\\Arquivos de programas\\PPLive\\PPLive.exe:*:Enabled:PPLive" "C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"="C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver" "C:\\Arquivos de programas\\SopCast\\SopCast.exe"="C:\\Arquivos de programas\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application" "C:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe"="C:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe:*:Enabled:Java Platform SE binary" "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : Files with Hidden Attributes : Sat 25 Oct 2008 227,013 ...H. --- "C:\Arquivos de programas\GTR400\Uninstall.exe" Sat 7 Jun 2008 56 ..SHR --- "C:\WINDOWS\system32\4ABB899B99.sys" Thu 6 Nov 2008 4,598 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Sat 31 Aug 2002 1,696 A..H. --- "C:\WINDOWS\system32\msisl$.dll" Sun 30 Nov 2008 8 ..SHR --- "C:\Documents and Settings\All Users\Dados de aplicativos\0A1F9A2666.sys" Mon 1 Dec 2008 3,764 A.SH. --- "C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:29:29, on 1/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wdfmgr.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\Arquivos de programas\PowerISO\PWRISOVM.EXE C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\rundll32.exe C:\ARQUIV~1\SYMANT~1\vptray.exe C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe C:\Arquivos de programas\Microsoft Money\System\reminder.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe C:\Arquivos de programas\Clipdiary\clipdiary.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\EverNote\EverNote\EverNote.exe C:\Arquivos de programas\SpeedFan\speedfan.exe C:\WINDOWS\system32\INTERNAT.EXE C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [THGuard] "C:\Arquivos de programas\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\\vptray.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121308 serial=DR12CCZ-5856916-JJL lang=BP O4 - HKLM\..\Run: [Microsoft® System Manager] C:\WINDOWS\system32\sysmgr.exe O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uniClipper] "C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe" O4 - HKCU\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [clipdiary] C:\Arquivos de programas\Clipdiary\clipdiary.exe O4 - HKCU\..\Run: [uSBFireWall] C:\Program Files\Net Studio\USB_FW.exe O4 - Startup: EverNote.lnk = C:\Arquivos de programas\EverNote\EverNote\EverNote.exe O4 - Startup: SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Sothink SWF Decompiler - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B96174AB-569F-4045-9393-488AC11AC307}: NameServer = 192.168.1.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (idrivert) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 16118 bytes Compartilhar este post Link para o post Compartilhar em outros sites
jucca 0 Denunciar post Postado Dezembro 1, 2008 Toda vez que volta do Modo Seguro sem rede, dá uma entrada nova no registro do sysmgr.exe que tá na system32 e também do checkout.exe, que diz que tá em c:/, lá não tem nada. Tenho um verificador de entradas no registro (Spybot Search & Destroy) e neguei as seguintes entradas após reiniciar: 1/12/2008 10:29:30 Negado (based on user decision) value "Cleanup" (new data: "") apagado in System Startup global entry! 1/12/2008 11:05:35 Negado (based on user decision) value "Microsoft® System Manager" (new data: "") apagado in System Startup global entry! 1/12/2008 11:05:42 Negado (based on user decision) value "Cleanup" (new data: "") apagado in System Startup global entry! Veja se isto ajuda Obrigado até aqui Jucca. SDFix: Version 1.240 Run by ZERO on seg 01/12/2008 at 10:39 Microsoft Windows XP [versÆo 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-01 10:51:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"="C:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe"="C:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail" "C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"="C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\\Arquivos de programas\\MiniRacingOnline\\MiniRacingOnLine.exe"="C:\\Arquivos de programas\\MiniRacingOnline\\MiniRacingOnLine.exe:*:Enabled:MiniRacingOnLine" "C:\\Arquivos de programas\\PHP Expert Editor 4.2\\phpxedit.exe"="C:\\Arquivos de programas\\PHP Expert Editor 4.2\\phpxedit.exe:*:Enabled:PHP Expert Editor" "C:\\Arquivos de programas\\PHP Expert Editor 4.2\\DBG\\DbgListener.exe"="C:\\Arquivos de programas\\PHP Expert Editor 4.2\\DBG\\DbgListener.exe:*:Enabled:Listener for php debugger DBG" "C:\\Arquivos de programas\\PPLive\\PPLive.exe"="C:\\Arquivos de programas\\PPLive\\PPLive.exe:*:Enabled:PPLive" "C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"="C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver" "C:\\Arquivos de programas\\SopCast\\SopCast.exe"="C:\\Arquivos de programas\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application" "C:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe"="C:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\javaw.exe:*:Enabled:Java Platform SE binary" "C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : Files with Hidden Attributes : Sat 25 Oct 2008 227,013 ...H. --- "C:\Arquivos de programas\GTR400\Uninstall.exe" Sat 7 Jun 2008 56 ..SHR --- "C:\WINDOWS\system32\4ABB899B99.sys" Thu 6 Nov 2008 4,598 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Sat 31 Aug 2002 1,696 A..H. --- "C:\WINDOWS\system32\msisl$.dll" Sun 30 Nov 2008 8 ..SHR --- "C:\Documents and Settings\All Users\Dados de aplicativos\0A1F9A2666.sys" Mon 1 Dec 2008 3,764 A.SH. --- "C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:29:29, on 1/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wdfmgr.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\Arquivos de programas\PowerISO\PWRISOVM.EXE C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\rundll32.exe C:\ARQUIV~1\SYMANT~1\vptray.exe C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe C:\Arquivos de programas\Microsoft Money\System\reminder.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe C:\Arquivos de programas\Clipdiary\clipdiary.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\EverNote\EverNote\EverNote.exe C:\Arquivos de programas\SpeedFan\speedfan.exe C:\WINDOWS\system32\INTERNAT.EXE C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [THGuard] "C:\Arquivos de programas\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\\vptray.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121308 serial=DR12CCZ-5856916-JJL lang=BP O4 - HKLM\..\Run: [Microsoft® System Manager] C:\WINDOWS\system32\sysmgr.exe O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uniClipper] "C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe" O4 - HKCU\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [clipdiary] C:\Arquivos de programas\Clipdiary\clipdiary.exe O4 - HKCU\..\Run: [uSBFireWall] C:\Program Files\Net Studio\USB_FW.exe O4 - Startup: EverNote.lnk = C:\Arquivos de programas\EverNote\EverNote\EverNote.exe O4 - Startup: SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Sothink SWF Decompiler - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B96174AB-569F-4045-9393-488AC11AC307}: NameServer = 192.168.1.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (idrivert) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 16118 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Dezembro 1, 2008 Acesse o site VirusTotal e envie este arquivo C:\cleanup.exe para o site analisar. Copie e cole o link que estará em frente ao nome Permalink aqui. OBS: Caso não encontre o arquivo, ative a opção de ver pastas e arquivos ocultos no PC. Meu Computador > Ferramentas > Opções de pasta > Modo de Exibição > Mostrar pastas e arquivos ocultos. Execute o HijackThis e clique em Do a system scan only. Marque a entrada abaixo e clique em Fix Checked. O4 - HKLM\..\Run: [Microsoft® System Manager] C:\WINDOWS\system32\sysmgr.exe Localize e delete este arquivo acima (sysmgr.exe) também de seu computador. Compartilhar este post Link para o post Compartilhar em outros sites
jucca 0 Denunciar post Postado Dezembro 1, 2008 Olá MGuitar Fiz algumas confusões aqui com meu registrador de registro. Eu acabei achando que o registro estava voltando, mas ele estava pedindo confirmação para que eu apagasse aquela linha que tu pedia. Depois de confirmar, os erros desapareceram. Acredito que agora esteja limpo, porque não achei os arquivos nas pastas nem desocultando Assim ficou o HijackThis Grato Jucca --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:16:34, on 1/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\wdfmgr.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe C:\Arquivos de programas\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe C:\ARQUIV~1\SYMANT~1\vptray.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe C:\Arquivos de programas\Microsoft Money\System\reminder.exe C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe C:\Arquivos de programas\Clipdiary\clipdiary.exe C:\Arquivos de programas\SpeedFan\speedfan.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\INTERNAT.EXE C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Arquivos de programas\BS.Player ControlBar\BSToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Arquivos de programas\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [vmware-tray] C:\Arquivos de programas\VMware\VMware Workstation\vmware-tray.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Arquivos de programas\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [THGuard] "C:\Arquivos de programas\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\\vptray.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121308 serial=DR12CCZ-5856916-JJL lang=BP O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uniClipper] "C:\Arquivos de programas\EverNote\EverNote\UniClipper.exe" O4 - HKCU\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ZERO\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [VisualTaskTips] C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [clipdiary] C:\Arquivos de programas\Clipdiary\clipdiary.exe O4 - HKCU\..\Run: [uSBFireWall] C:\Program Files\Net Studio\USB_FW.exe O4 - Startup: EverNote.lnk = C:\Arquivos de programas\EverNote\EverNote\EverNote.exe O4 - Startup: SpeedFan.lnk = C:\Arquivos de programas\SpeedFan\speedfan.exe O8 - Extra context menu item: Add to EverNote - res://C:\Arquivos de programas\EverNote\EverNote\enbar.dll/2000 O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Sothink SWF Decompiler - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Arquivos de programas\PPLive\PPLive.exe O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Arquivos de programas\EverNote\EverNote\enbar.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B96174AB-569F-4045-9393-488AC11AC307}: NameServer = 192.168.1.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (idrivert) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Arquivos de programas\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Arquivos de programas\Arquivos comuns\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 15900 bytes Compartilhar este post Link para o post Compartilhar em outros sites
MGuitar 11 Denunciar post Postado Dezembro 2, 2008 Ok, o log está limpo. Vá em Iniciar > Executar, digite: combofix /u e tecle Enter. na outra janela clique em Executar para remover a ferramenta. Remova o SDFix e sua pasta também. Sugiro que faça uma limpeza na máquina. Baixe o CCleaner e instale o programa (sem instalar a barra do Yahoo Toolbar). Execute o programa e clique em Analisar > Executar Limpeza. Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados. Há algum problema na máquina ainda? Compartilhar este post Link para o post Compartilhar em outros sites
jucca 0 Denunciar post Postado Dezembro 2, 2008 Olá MGuitar Não. Acredito que agora está OK. MUITO OBRIGADO é o mínimo do mínimo que precisamos dizer para vocês que nos ajudam a não formatar as máquinas toda hora. Espero poder ajudar desta forma a vocês também. Abraço a todos Jucca Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 2, 2008 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
