[Resolvido!] - Pc com trojan vundo GBD

[sandraax 0]

Ola´

preciso de ajuda

o meu net está muito lenta, o anti virus ( Bit Defender) acusa a detecção de trojan vundo GBD e adware fake antivirus. Através do hijackthis, pensei que tinha resolvido o problema, mas afinal ele continua lá.

vou aqui deixar o log do hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:31:04, on 04-12-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\oodag.exe

C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\Programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatchTray.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxMediaDB.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatch.exe

C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programas\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe

C:\Programas\BitDefender\BitDefender 2008\vsserv.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programas\MSN Messenger\usnsvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programas\BitDefender\BitDefender 2008\bdagent.exe

C:\Programas\BitDefender\BitDefender 2008\seccenter.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.2.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programas\BitDefender\BitDefender 2008\IEToolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WATCHPNP_Samsung] watchPnp.exe Samsung

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SC6.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [Automático EPSON Stylus DX4000 Series em GRAMELACAR] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SB6.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AVFX Engine] C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Programas\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Programas\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe (User 'Default user')

O4 - Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O20 - AppInit_DLLs: srtouq.dll

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programas\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatch.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programas\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 8775 bytes

 

Preciso de ajuda com urgencia, e ja agora podem-me explicar o que é que estes virus fazem ao pc? são muito perigosos????

[DigRam 144]

Bom Dia! sandraax

 

<@> Baixe: < ComboFix.exe >

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[sandraax 0]

Olá Bom dia!!

 

obrigada pela rapidez da resposta

 

entao aqui vai o relatorio do combo fix e o do hijack

 

 

ComboFix 08-12-04.04 - Gramela 2008-12-05 10:20:50.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.469 [GMT 0:00]

Executando de: c:\documents and settings\Gramela\Ambiente de trabalho\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\All Users\Application Data\Starware347

c:\documents and settings\All Users\Application Data\Starware347\buttons\FindIt.bmp

c:\documents and settings\All Users\Application Data\Starware347\buttons\FindItHot.bmp

c:\documents and settings\All Users\Application Data\Starware347\buttons\findithotxp.png

c:\documents and settings\All Users\Application Data\Starware347\buttons\finditxp.png

c:\documents and settings\All Users\Application Data\Starware347\buttons\Highlight.bmp

c:\documents and settings\All Users\Application Data\Starware347\buttons\HighlightHot.bmp

c:\documents and settings\All Users\Application Data\Starware347\buttons\highlighthotxp.png

c:\documents and settings\All Users\Application Data\Starware347\buttons\highlightxp.png

c:\documents and settings\All Users\Application Data\Starware347\buttons\jokesearch.bmp

c:\documents and settings\All Users\Application Data\Starware347\buttons\pranks.bmp

c:\documents and settings\All Users\Application Data\Starware347\buttons\starware_toolbar_icon.bmp

c:\documents and settings\All Users\Application Data\Starware347\contexts\error.xml

c:\documents and settings\All Users\Application Data\Starware347\contexts\related.xml

c:\documents and settings\All Users\Application Data\Starware347\contexts\travel.xml

c:\documents and settings\Gramela\Application Data\Starware347

c:\documents and settings\Gramela\Application Data\Starware347\Manager\ManagerOptions.xml

c:\documents and settings\Gramela\Application Data\Starware347\Manager\ManagerOptions.xml.backup

c:\recycled\Recycled

c:\windows\fmark2.dat

c:\windows\Fonts\acrsecB.fon

c:\windows\Fonts\acrsecI.fon

c:\windows\fxstaller.exe

c:\windows\IE4 Error Log.txt

c:\windows\system32\_000228_.tmp.dll

c:\windows\system32\_004768_.tmp.dll

c:\windows\system32\_004769_.tmp.dll

c:\windows\system32\_004770_.tmp.dll

c:\windows\system32\_004771_.tmp.dll

c:\windows\system32\_004778_.tmp.dll

c:\windows\system32\_004779_.tmp.dll

c:\windows\system32\_004780_.tmp.dll

c:\windows\system32\_004781_.tmp.dll

c:\windows\system32\_004783_.tmp.dll

c:\windows\system32\_004784_.tmp.dll

c:\windows\system32\_004787_.tmp.dll

c:\windows\system32\_004788_.tmp.dll

c:\windows\system32\_004790_.tmp.dll

c:\windows\system32\_004791_.tmp.dll

c:\windows\system32\_004792_.tmp.dll

c:\windows\system32\_004794_.tmp.dll

c:\windows\system32\_004795_.tmp.dll

c:\windows\system32\_004797_.tmp.dll

c:\windows\system32\_004798_.tmp.dll

c:\windows\system32\_004802_.tmp.dll

c:\windows\system32\_004803_.tmp.dll

c:\windows\system32\_004805_.tmp.dll

c:\windows\system32\_004808_.tmp.dll

c:\windows\system32\_004810_.tmp.dll

c:\windows\system32\_004811_.tmp.dll

c:\windows\system32\_004812_.tmp.dll

c:\windows\system32\_004813_.tmp.dll

c:\windows\system32\_004814_.tmp.dll

c:\windows\system32\_004817_.tmp.dll

c:\windows\system32\_004818_.tmp.dll

c:\windows\system32\_004819_.tmp.dll

c:\windows\system32\_004820_.tmp.dll

c:\windows\system32\_004821_.tmp.dll

c:\windows\system32\_004826_.tmp.dll

c:\windows\system32\_004828_.tmp.dll

c:\windows\system32\bmvvefxh.dll

c:\windows\system32\cphitvfy.ini

c:\windows\system32\dlh9jkd1q8.exe

c:\windows\system32\fOnqtBeg.ini

c:\windows\system32\fOnqtBeg.ini2

c:\windows\system32\geBtqnOf.dll

c:\windows\system32\hjismidu.ini

c:\windows\system32\hxfevvmb.ini

c:\windows\system32\Microsoft\backup.ftp

c:\windows\system32\Microsoft\backup.tftp

c:\windows\system32\mlJcDVnl.dll

c:\windows\system32\oyvgqfdw.ini

c:\windows\system32\qvjfxd.dll

c:\windows\system32\qxragyfv.dll

c:\windows\system32\rwwavqav.dll

c:\windows\system32\ryqumewe.dll

c:\windows\system32\udimsijh.dll

c:\windows\system32\vx.tll

c:\windows\system32\yfvtihpc.dll

c:\windows\Tasks\pvneeycs.job

 

----- BITS: Sites possivelmente infetados -----

 

hxxp://childhe.com

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-05 to 2008-12-05 ))))))))))))))))))))))))))))

.

 

2008-12-04 14:54 . 2008-12-04 14:58 <DIR> d-------- C:\LinhaDefensiva

2008-12-03 11:24 . 2008-12-03 11:24 <DIR> d-------- c:\programas\MSN Messenger

2008-12-02 19:52 . 2008-12-02 19:52 34,816 --a------ c:\windows\system32\iifeBTJc.dll

2008-12-02 19:05 . 2008-12-02 19:05 <DIR> d-------- c:\programas\Trend Micro

2008-12-02 18:07 . 2008-12-02 18:07 <DIR> d-------- c:\programas\AxBx

2008-12-02 17:44 . 2008-12-03 09:44 <DIR> d-------- c:\programas\Messenger Plus! Live

2008-12-02 16:44 . 2008-12-02 16:44 34,816 --------- c:\windows\system32\cbXNHWOh.dll

2008-12-02 12:09 . 2008-12-02 12:13 <DIR> d----c--- C:\010635cc6bc384e90dd7

2008-11-28 13:37 . 2008-11-28 13:37 <DIR> d-------- c:\documents and settings\Gramela\Application Data\HiYo

2008-11-20 09:19 . 2008-11-22 14:02 <DIR> d-------- c:\windows\system32\Adobe

2008-11-13 20:03 . 2008-11-13 20:03 <DIR> d-------- c:\programas\MSXML 4.0

2008-11-10 09:27 . 2008-11-10 09:28 <DIR> d----c--- C:\GRAMELA II PEÇAS

2008-11-07 20:21 . 2008-11-25 20:50 <DIR> d----c--- C:\Catarina

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-05 10:27 81,984 ----a-w c:\windows\system32\bdod.bin

2008-12-03 11:18 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-12-03 09:44 --------- d-----w c:\programas\Windows Live

2008-11-21 09:44 --------- d-----w c:\programas\Google

2008-10-28 18:42 --------- d-----w c:\documents and settings\All Users\Application Data\IM

2008-10-28 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\IncrediMail

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-13 17:00 --------- d-----w c:\programas\Ficheiros comuns\xing shared

2008-10-13 16:59 --------- d-----w c:\programas\Ficheiros comuns\Real

2008-10-13 16:57 --------- d-----w c:\programas\Real

2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-15 15:38 1,846,144 ----a-w c:\windows\system32\win32k.sys

2008-09-05 15:56 77,824 ----a-w c:\windows\system32\xcomm.dll

2008-01-16 12:28 774,144 ----a-w c:\programas\RngInterstitial.dll

2007-03-22 10:49 87,608 ----a-w c:\documents and settings\Gramela\Application Data\ezpinst.exe

2007-03-22 10:49 47,360 ----a-w c:\documents and settings\Gramela\Application Data\pcouffin.sys

2006-02-15 18:37 24,269,856 ----a-w c:\programas\dotnetfx.exe

2006-04-01 08:55 88 --sha-r c:\windows\system32\2298C651F5.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

2008-12-02 16:44 34816 --------- c:\windows\system32\cbXNHWOh.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"swg"="c:\programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-17 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedTouch USB Diagnostics"="c:\programas\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 860672]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HP Software Update"="c:\programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]

"AVFX Engine"="c:\programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]

"RoxioDragToDisc"="c:\programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 1687552]

"RoxWatchTray"="c:\programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 163840]

"BitDefender Antiphishing Helper"="c:\programas\BitDefender\BitDefender 2008\IEShow.exe" [2008-09-05 61440]

"BDAgent"="c:\programas\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640]

"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2008-10-13 185872]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

"WATCHPNP_Samsung"="watchPnp.exe" [2001-11-02 c:\windows\system32\watchPnp.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\cbXNHWOh.dll" [2008-12-02 34816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXNHWOh]

2008-12-02 16:44 34816 c:\windows\system32\cbXNHWOh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=qvjfxd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codec"= l3codecp.acm

"VIDC.JDCT"= jl_jdct.drv

"vidc.ffds"= ffdshow.ax

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\xxyxYoNd

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\Real\\RealPlayer\\realplay.exe"=

"c:\\Programas\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

"c:\\Programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programas\\MSN Messenger\\livecall.exe"=

 

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2007-09-25 86792]

S3 alcan5ln;Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2006-01-30 36048]

S3 FILESpy;FILESpy;\??\c:\programas\Softwin\BitDefender9\filespy.sys []

S3 JL2005C;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys []

S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys []

S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys []

S4 getPlus® Helper;getPlus® Helper;c:\programas\NOS\bin\getPlus_HelperSvc.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbc69ba0-7d5a-11dc-9ede-00138fb91ed4}]

\Shell\Auto\command - yijsxmciz.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL yijsxmciz.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c38b2737-9e84-11dd-a014-00138fb91ed4}]

\Shell\auto\command - Knight.exe open

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open

\Shell\explore\command - Knight.exe open

\Shell\find\command - Knight.exe open

\Shell\install\command - Knight.exe open

\Shell\open\command - Knight.exe open

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{71cc835e-498c-40f2-8bc9-f8aa1cc27e0d} - c:\windows\system32\qvjfxd.dll

BHO-{D81FC602-F69E-40BB-A78F-FF2C160D6432} - c:\windows\system32\geBtqnOf.dll

BHO-{F5A59502-1D46-4a2b-941A-22D5AB2A5AC9} - c:\programas\Colej_uk Design Toolbar\v2.0.0.5\Colej_uk_Design_Toolbar.dll

WebBrowser-{584AAC83-CDBD-4016-9518-96B5016BB0D3} - c:\programas\Colej_uk Design Toolbar\v2.0.0.5\Colej_uk_Design_Toolbar.dll

HKCU-Run-Nero PhotoShow Media Manager - c:\progra~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe

HKCU-Run-updateMgr - c:\programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKLM-Run-Cmaudio - cmicnfg.cpl

SharedTaskScheduler-{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.sapo.pt/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FireFox -: Profile - c:\documents and settings\Gramela\Application Data\Mozilla\Firefox\Profiles\fhfwjbwh.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pt

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://pt.msn.com/

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-05 10:28:40

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]

"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]

"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(808)

c:\windows\system32\cbXNHWOh.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

c:\programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\programas\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

c:\windows\system32\oodag.exe

c:\programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxMediaDB.exe

c:\programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatch.exe

c:\windows\system32\PAStiSvc.exe

c:\programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

c:\programas\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE

c:\programas\BitDefender\BitDefender 2008\vsserv.exe

c:\programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe

c:\windows\system32\rundll32.exe

c:\programas\Ficheiros comuns\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-12-05 10:35:40 - Máquina reiniciou [Gramela]

ComboFix-quarantined-files.txt 2008-12-05 10:35:29

 

Pré-execução: 44,324,786,176 bytes livres

Pós execução: 46,611,394,560 bytes livres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

284 --- E O F --- 2008-12-02 12:23:07

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:40:44, on 05-12-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\oodag.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxMediaDB.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatch.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Programas\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE

C:\Programas\BitDefender\BitDefender 2008\vsserv.exe

C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe

C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\Programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatchTray.exe

C:\Programas\BitDefender\BitDefender 2008\bdagent.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\explorer.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.2.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programas\BitDefender\BitDefender 2008\IEToolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WATCHPNP_Samsung] watchPnp.exe Samsung

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [AVFX Engine] C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Programas\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Programas\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe (User 'Default user')

O4 - Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O20 - AppInit_DLLs: qvjfxd.dll

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programas\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatch.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programas\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 7819 bytes

 

 

Fico a espera de noticias

 

obrigado

[DigRam 144]

Bom Dia! sandraax

 

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL yijsxmciz.exe

c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe

c:\windows\system32\iifeBTJc.dll

c:\windows\system32\cbXNHWOh.dll

Folder::

C:\LinhaDefensiva

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbc69ba0-7d5a-11dc-9ede-00138fb91ed4}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c38b2737-9e84-11dd-a014-00138fb91ed4}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXNHWOh]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[sandraax 0]

bom dia DigRam

 

tal como pediu envio então os log

 

Não desactivei o anti virus, não sabia se era necessário...

 

ComboFix 08-12-04.04 - Gramela 2008-12-06 11:32:58.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.481 [GMT 0:00]

Executando de: c:\documents and settings\Gramela\Ambiente de trabalho\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Gramela\Ambiente de trabalho\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

 

 

FILE ::

c:\windows\system32\cbXNHWOh.dll

c:\windows\system32\iifeBTJc.dll

c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe

c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL yijsxmciz.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\LinhaDefensiva

c:\linhadefensiva\banker.bat

c:\linhadefensiva\BankerFix.vbs

c:\linhadefensiva\credits\exec.txt

c:\linhadefensiva\exec\download.exe

c:\linhadefensiva\exec\md5.exe

c:\linhadefensiva\exec\MoveEx.exe

c:\linhadefensiva\exec\pv.exe

c:\linhadefensiva\exec\unzip.exe

c:\linhadefensiva\func\lang.vbs

c:\linhadefensiva\func\reg.vbs

c:\linhadefensiva\func\scan.vbs

c:\linhadefensiva\func\strings.vbs

c:\linhadefensiva\Iniciar-BankerFix.vbs

c:\linhadefensiva\lang\bat\antivirusnote.txt

c:\linhadefensiva\lang\bat\changepass.txt

c:\linhadefensiva\lang\bat\error-removing.txt

c:\linhadefensiva\lang\bat\filesremoved.txt

c:\linhadefensiva\lang\bat\logend.txt

c:\linhadefensiva\lang\bat\logremhelp.txt

c:\linhadefensiva\lang\bat\logremtif.txt

c:\linhadefensiva\lang\bat\noproblems.txt

c:\linhadefensiva\lang\bat\opening.txt

c:\linhadefensiva\lang\bat\rebootrequired.txt

c:\linhadefensiva\lang\bat\seeforum.txt

c:\linhadefensiva\lang\bat\wait.txt

c:\linhadefensiva\lang\bat\win95.txt

c:\linhadefensiva\lang\init\en.txt

c:\linhadefensiva\lang\init\ptb.txt

c:\linhadefensiva\lang\vb\bankerfix.txt

c:\linhadefensiva\lang\vb\loader.txt

c:\linhadefensiva\lang\vb\postreboot.txt

c:\linhadefensiva\leiame.txt

c:\linhadefensiva\QUA\Arquivos\system32\atualizado.log.vir

c:\linhadefensiva\QUA\Arquivos\system32\uol.log.vir

c:\linhadefensiva\QUA\backup.reg

c:\linhadefensiva\readme.txt

c:\linhadefensiva\reflist\fx.reg

c:\linhadefensiva\reflist\ref-allu

c:\linhadefensiva\reflist\ref-commonfiles

c:\linhadefensiva\reflist\ref-hosts

c:\linhadefensiva\reflist\ref-md5

c:\linhadefensiva\reflist\ref-mydoc

c:\linhadefensiva\reflist\ref-profile

c:\linhadefensiva\reflist\ref-programfiles

c:\linhadefensiva\reflist\ref-reg

c:\linhadefensiva\reflist\ref-start

c:\linhadefensiva\reflist\ref-startup

c:\linhadefensiva\reflist\ref-sysdrive

c:\linhadefensiva\reflist\ref-system

c:\linhadefensiva\reflist\ref-system32

c:\linhadefensiva\reflist\ref-tasks

c:\linhadefensiva\reflist\ref-temp

c:\linhadefensiva\reflist\ref-wincommon

c:\linhadefensiva\reflist\ref-windows

c:\linhadefensiva\reflist\reft-startup

c:\linhadefensiva\relatorio.txt

c:\linhadefensiva\relatorios\2008-12-04.txt

c:\linhadefensiva\relatorios\errorlog.txt

c:\linhadefensiva\rotinas\arquiva-relatorio.vbs

c:\linhadefensiva\rotinas\postreboot.bat

c:\linhadefensiva\rotinas\postreboot.vbs

c:\linhadefensiva\rotinas\remocao\driver.vbs

c:\linhadefensiva\rotinas\remocao\shell.vbs

c:\linhadefensiva\rotinas\remocao\userinit.vbs

c:\linhadefensiva\rotinas\remocao\winlogon.vbs

c:\linhadefensiva\rotinas\update.vbs

c:\linhadefensiva\VERSION

c:\windows\system32\cbXNHWOh.dll

c:\windows\system32\dNoYxyxx.ini

c:\windows\system32\dNoYxyxx.ini2

c:\windows\system32\iifeBTJc.dll

c:\windows\system32\xxyxYoNd.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-06 to 2008-12-06 ))))))))))))))))))))))))))))

.

 

2008-12-03 11:24 . 2008-12-03 11:24 <DIR> d-------- c:\programas\MSN Messenger

2008-12-02 19:05 . 2008-12-02 19:05 <DIR> d-------- c:\programas\Trend Micro

2008-12-02 18:07 . 2008-12-02 18:07 <DIR> d-------- c:\programas\AxBx

2008-12-02 17:44 . 2008-12-03 09:44 <DIR> d-------- c:\programas\Messenger Plus! Live

2008-12-02 12:09 . 2008-12-02 12:13 <DIR> d----c--- C:\010635cc6bc384e90dd7

2008-11-28 13:37 . 2008-11-28 13:37 <DIR> d-------- c:\documents and settings\Gramela\Application Data\HiYo

2008-11-20 09:19 . 2008-11-22 14:02 <DIR> d-------- c:\windows\system32\Adobe

2008-11-13 20:03 . 2008-11-13 20:03 <DIR> d-------- c:\programas\MSXML 4.0

2008-11-10 09:27 . 2008-11-10 09:28 <DIR> d----c--- C:\GRAMELA II PEÇAS

2008-11-07 20:21 . 2008-11-25 20:50 <DIR> d----c--- C:\Catarina

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-06 11:41 81,984 ----a-w c:\windows\system32\bdod.bin

2008-12-03 11:18 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-12-03 09:44 --------- d-----w c:\programas\Windows Live

2008-11-21 09:44 --------- d-----w c:\programas\Google

2008-10-28 18:42 --------- d-----w c:\documents and settings\All Users\Application Data\IM

2008-10-28 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\IncrediMail

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-13 17:00 --------- d-----w c:\programas\Ficheiros comuns\xing shared

2008-10-13 16:59 --------- d-----w c:\programas\Ficheiros comuns\Real

2008-10-13 16:57 --------- d-----w c:\programas\Real

2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-15 15:38 1,846,144 ----a-w c:\windows\system32\win32k.sys

2008-01-16 12:28 774,144 ----a-w c:\programas\RngInterstitial.dll

2007-03-22 10:49 87,608 ----a-w c:\documents and settings\Gramela\Application Data\ezpinst.exe

2007-03-22 10:49 47,360 ----a-w c:\documents and settings\Gramela\Application Data\pcouffin.sys

2006-02-15 18:37 24,269,856 ----a-w c:\programas\dotnetfx.exe

2006-04-01 08:55 88 --sha-r c:\windows\system32\2298C651F5.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"swg"="c:\programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-17 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedTouch USB Diagnostics"="c:\programas\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 860672]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"HP Software Update"="c:\programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]

"AVFX Engine"="c:\programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]

"RoxioDragToDisc"="c:\programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 1687552]

"RoxWatchTray"="c:\programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 163840]

"BitDefender Antiphishing Helper"="c:\programas\BitDefender\BitDefender 2008\IEShow.exe" [2008-09-05 61440]

"BDAgent"="c:\programas\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640]

"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2008-10-13 185872]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

"WATCHPNP_Samsung"="watchPnp.exe" [2001-11-02 c:\windows\system32\watchPnp.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codec"= l3codecp.acm

"VIDC.JDCT"= jl_jdct.drv

"vidc.ffds"= ffdshow.ax

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\Real\\RealPlayer\\realplay.exe"=

"c:\\Programas\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

"c:\\Programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programas\\MSN Messenger\\livecall.exe"=

 

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2007-09-25 86792]

S3 alcan5ln;Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2006-01-30 36048]

S3 FILESpy;FILESpy;\??\c:\programas\Softwin\BitDefender9\filespy.sys []

S3 JL2005C;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys []

S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys []

S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys []

S4 getPlus® Helper;getPlus® Helper;c:\programas\NOS\bin\getPlus_HelperSvc.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{D4B43728-98C9-4313-B7B0-902E6CBBBB00} - c:\windows\system32\xxyxYoNd.dll

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.sapo.pt/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FireFox -: Profile - c:\documents and settings\Gramela\Application Data\Mozilla\Firefox\Profiles\fhfwjbwh.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pt

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://pt.msn.com/

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-06 11:42:55

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]

"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]

"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

.

------------------------ Outros Processos em Execução ------------------------

.

c:\programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

c:\windows\system32\rundll32.exe

c:\programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\programas\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

c:\windows\system32\oodag.exe

c:\programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxMediaDB.exe

c:\programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatch.exe

c:\programas\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE

c:\windows\system32\PAStiSvc.exe

c:\programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

c:\programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe

c:\programas\BitDefender\BitDefender 2008\vsserv.exe

c:\programas\Ficheiros comuns\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-12-06 11:48:56 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-12-06 11:48:49

 

Pré-execução: 46.388.051.968 bytes livres

Pós execução: 46,546,149,376 bytes livres

 

234 --- E O F --- 2008-12-02 12:23:07

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:50:47, on 06-12-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\Programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatchTray.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\BitDefender\BitDefender 2008\bdagent.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\oodag.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxMediaDB.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatch.exe

C:\Programas\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe

C:\Programas\BitDefender\BitDefender 2008\vsserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

C:\WINDOWS\explorer.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.2.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programas\BitDefender\BitDefender 2008\IEToolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WATCHPNP_Samsung] watchPnp.exe Samsung

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [AVFX Engine] C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Programas\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Programas\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe (User 'Default user')

O4 - Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programas\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatch.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programas\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 8446 bytes

[DigRam 144]

Boa Tarde! sandraax

 

<!> Agora,estamos concluindo os procedimentos!Desinstalando o ComboFix,e removendo resquícios do Trojan,com o Malwarebytes.

------------------------

<@> Vá em Iniciar --> Executar --> Digite: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

------------------------

<@> Vá a este Link,e baixe:

 

< Malwarebytes >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Rápido!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens,detectados,para a quarentena.

<@> Para maiores detalhes: < Link >

-----------------------

<@> Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[sandraax 0]

olá Dig Ram

 

Tou com um problema

quando Executo combofix.exe / u abre o combofix faz a anlise e diz que

o relatorio fica guardado como combofix.txt, mas não aparece mensagem nenhuma a dizer que o combofix esta desinstalado....

 

O que está a correr mal? como devo fazer?????

 

Abraço

--------------------------

OLA NOVAMENTE

 

ANDEI A PESQUISAR NO C: E APERCEBI-ME QUE NA ALTURA PROVAVELMENTE NAO INSTALEI O COMBOFIX, DEVO TER EXECUTADO APENAS O PROGRAMA

NO ENTANTO FOI CRIADA UMA PASTA COM O NOME QOOBOX QUE PENSO QUE SEJA DO COMBOFIX, DEVO APAGÁ-LA ANTES DE CORRER O MALWAREBYTES?

ABRAÇOS

[DigRam 144]

Opa! sandraax

 

<!> Confirme esta digitação,no executar,na remoção do ComboFix.

 

combofix.exe / u <-- Esta instrução,difere da correta,que é: combofix.exe /u

<!> Se,ainda,não tivermos a desinstalação,delete: QooBox + ComboFix.exe + ComboFix.txt

--------------------------

<!> Poste o relatório do malwarebytes + HijackThis,atualizado. :natal_wink:

 

Abraços!

[sandraax 0]

ola

Já consegui! a confusão que pode fazer um simples espaço....

 

aqui vão os logs

 

Malwarebytes' Anti-Malware 1.31

Versão do banco de dados: 1482

Windows 5.1.2600 Service Pack 2

 

2008-12-10 10:46:12

mbam-log-2008-12-10 (10-46-12).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 55354

Tempo decorrido: 4 minute(s), 3 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registo infectadas: 7

Valores do Registo infectados: 0

Ítens do Registo infectados: 0

Pastas infectadas: 8

Ficheiros infectados: 19

 

Processos da Memória infectados:

(Nenhum item malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum item malicioso foi detectado)

 

Chaves do Registo infectadas:

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Valores do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Ítens do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Pastas infectadas:

C:\Programas\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

 

Ficheiros infectados:

C:\Programas\Advantage\AdVantage.db (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\AdVantage.htm (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\AdVUninst.exe (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\ffext.mod (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\user.db (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Programas\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll (Adware.Advantage) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.

 

 

 

Malwarebytes' Anti-Malware 1.31

Versão do banco de dados: 1482

Windows 5.1.2600 Service Pack 2

2008-12-10 10:57:19

mbam-log-2008-12-10 (10-57-19).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 54848

Tempo decorrido: 7 minute(s), 13 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registo infectadas: 0

Valores do Registo infectados: 0

Ítens do Registo infectados: 0

Pastas infectadas: 0

Ficheiros infectados: 0

 

Processos da Memória infectados:

(Nenhum item malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum item malicioso foi detectado)

 

Chaves do Registo infectadas:

(Nenhum item malicioso foi detectado)

 

Valores do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Ítens do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Pastas infectadas:

(Nenhum item malicioso foi detectado)

 

Ficheiros infectados:

(Nenhum item malicioso foi detectado)

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:58, on 2008-12-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\Programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatchTray.exe

C:\Programas\BitDefender\BitDefender 2008\bdagent.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\system32\oodag.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxMediaDB.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatch.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Programas\BitDefender\BitDefender 2008\vsserv.exe

C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe

C:\Programas\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE

C:\WINDOWS\System32\svchost.exe

C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.2.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programas\BitDefender\BitDefender 2008\IEToolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Programas\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WATCHPNP_Samsung] watchPnp.exe Samsung

O4 - HKLM\..\Run: [HP Software Update] "C:\Programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [AVFX Engine] C:\Programas\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Programas\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Programas\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe (User 'Default user')

O4 - Startup: IMVU.lnk = C:\Programas\IMVU\IMVUClient.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programas\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programas\Ficheiros comuns\Roxio Shared\SharedCOM8\RoxWatch.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programas\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 8632 bytes

 

 

Será que já esta limpo??

 

Abraço

[DigRam 144]

Bom Dia! sandraax

 

<@> Baixe: < CCleaner >

<@> Salve-o no Desktop!

<@> Com a opção < Limpador >,já selecionada,clique em Analisar. --> Aguarde o progresso!

<@> Terminando,clique em Executar Cleaner.

<@> Na janela que surgir,dê o Ok. --> Aguarde o progresso!

<@> Selecionando a opção Registro,clique em Procurar erros.

<@> Terminando,clique em Corrigir erros selecionados...

<@> Na pergunta,clique em Sim!

<@> Nomeie os backups e clique em Salvar.

<@> Na janela que aparecer,clique em: Corrigir todos os erros selecionados

<@> Clique em Ok --> Fechar.

<@> Para maiores detalhes,leia o Tutorial: < Link >

-------------------------

<!> Bom trabalho! O log do HijackThis,está limpo. :natal_smile:

 

Abraços!

[sandraax 0]

:natal_biggrin:

 

Olá DigRam!

 

é preciso guardar o registo criado pelo ccleaner? ou posso apagar???

 

Obrigada pela ajuda preciosa...

 

 

Pra proxima vou ter mais cuidado com estas viroses.............

 

--------------------------

Opa! sandraax

 

<!> Guarde-o por alguns dias,até constatar que está tudo Ok com o computador.Depois,pode apagar o backup que foi criado.

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.