Dinoman 0 Denunciar post Postado Dezembro 8, 2008 Boas pessoal peço desde já as minhas cordiais desculpas por abrir outro tópico com este virus ou malware so que pelo o que vi no outro topico nao pesquei nada nem consegui fazer sozinho sera que alguem me ajuda . Aqui tem o hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:35:57, on 08-12-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programas\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Programas\LogMeIn\x86\RaMaint.exe C:\Programas\LogMeIn\x86\LogMeIn.exe C:\Programas\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Programas\Synaptics\SynTP\SynTPLpr.exe C:\Programas\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\RunDll32.exe C:\Programas\On Screen Display\Hotkey.exe C:\Programas\Battery miser\batterymiser.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\System32\svchost.exe C:\Programas\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programas\Windows Live\Messenger\usnsvc.exe C:\Programas\LogMeIn\x86\LogMeIn.exe C:\Programas\LogMeIn\x86\LMIGuardian.exe C:\Programas\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1 \SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [KeybdUtility] "C:\Programas\On Screen Display\Hotkey.exe" O4 - HKLM\..\Run: [batterymiser] "C:\Programas\Battery miser\batterymiser.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [task] C:\WINDOWS\system32\task.com O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede') O4 - HKUS\S-1-5-21-2852425141-3399775922-2322413257-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LogMeInRemoteUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1 \SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200- 58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} - http://mapguide.cm- aveiro.pt/smiga/03Aplicativos/02mapa_ic/layout_03/map/mgaxctrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat.../muweb_site.cab? 1180868710250 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1 \Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad- Aware\aawservice.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodata Limited License Service - Unknown owner - C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32 \LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programas\LogMeIn\x86 \RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programas\LogMeIn\x86\LogMeIn.exe O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe -- End of file - 9620 bytes e o silent runner "Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "ISUSPM" = ""C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler" ["Macrovision Corporation"] "swg" = "C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SynTPLpr" = "C:\Programas\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."] "SynTPEnh" = "C:\Programas\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "KeybdUtility" = ""C:\Programas\On Screen Display\Hotkey.exe"" ["LG Electronics"] "batterymiser" = ""C:\Programas\Battery miser\batterymiser.exe"" ["LG Electronics Inc."] "BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS] "igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "ArcSoft Connection Service" = "C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" ["ArcSoft Inc."] "avgnt" = ""C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "FixCamera" = "C:\WINDOWS\FixCamera.exe" [empty string] "tsnp325" = "C:\WINDOWS\tsnp325.exe" [empty string] "snp325" = "C:\WINDOWS\vsnp325.exe" [empty string] "task" = "C:\WINDOWS\system32\task.com" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0347C33E-8762-4905-BF09-768834316C61}\(Default) = "HP Print Enhancer" -> {HKLM...CLSID} = "HP Print Enhancer" \InProcServer32\(Default) = "C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll" ["Hewlett-Packard Co."] {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)" -> {HKLM...CLSID} = "Skype add-on (mastermind)" \InProcServer32\(Default) = "C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter" -> {HKLM...CLSID} = "AVG Safe Search" \InProcServer32\(Default) = "C:\Programas\AVG\AVG8\avgssie.dll" [file not found] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\programas\google\googletoolbar1.dll" ["Google Inc."] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll" ["Google Inc."] {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\(Default) = "HP Smart BHO Class" -> {HKLM...CLSID} = "HP Smart BHO Class" \InProcServer32\(Default) = "C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Apresentar extensão de panorâmica CPL" -> {HKLM...CLSID} = "Apresentar extensão de panorâmica CPL" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensão de ícone HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programas\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices" -> {HKLM...CLSID} = "Universal Plug and Play Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "As Minhas Pastas Partilhadas" \InProcServer32\(Default) = "C:\Programas\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data] "{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}" = "BatteryMiser Psap" -> {HKLM...CLSID} = "BatteryMiser PSAP Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\bmpsap.dll" [null data] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\FICHEI~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programas\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] "{97090E2F-3062-4459-855B-014F0D3CDBB1}" = "Windows Search Deskbar" -> {HKCU...CLSID} = "Barra do Ambiente de Trabalho do Windows Search" \InProcServer32\(Default) = "C:\Programas\Windows Desktop Search\deskbar.dll" [MS] -> {HKLM...CLSID} = "Windows Search Deskbar" \InProcServer32\(Default) = "C:\Programas\Windows Desktop Search\deskbar.dll" [MS] "{13E7F612-F261-4391-BEA2-39DF4F3FA311}" = "Windows Desktop Search" -> {HKLM...CLSID} = "Windows Desktop Search" \InProcServer32\(Default) = "C:\Programas\Windows Desktop Search\msnlExt.dll" [MS] "{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler" -> {HKLM...CLSID} = "CLSID_WLMCMimeFilter" \InProcServer32\(Default) = "C:\Programas\Windows Live\Mail\mailcomm.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}" = "BatteryMiser Psap Shl Ext" -> {HKLM...CLSID} = "BatteryMiser PSAP Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\bmpsap.dll" [null data] <<!>> "{56F9679E-7826-4C84-81F3-532071A8BCC5}" = (no title provided) -> {HKLM...CLSID} = "Windows Desktop Search Namespace Manager" \InProcServer32\(Default) = "C:\Programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] <<!>> LMIinit\DLLName = "LMIinit.dll" ["LogMeIn, Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programas\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programas\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programas\WinRAR\rarext.dll" [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\ "LowRiskFileTypes" = (REG_SZ) .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi ;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr; {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ "SaveZoneInformation" = (REG_SZ) 00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoActiveDesktop" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Definições locais\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ IviDVDEventHandler\ "Provider" = "InterVideo WinDVD 5" "InvokeProgID" = "Ivi.MediaFile" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Programas\InterVideo\DVD5\WinDVD.exe %1" ["InterVideo Inc."] IviVideoCDHandler\ "Provider" = "InterVideo WinDVD 5" "InvokeProgID" = "Ivi.MediaFile" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Programas\InterVideo\DVD5\WinDVD.exe %1" ["InterVideo Inc."] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] Enabled Scheduled Tasks: ------------------------ "Critical Battery Alarm Program" -> WARNING -- The file "Critical Battery Alarm Program.job" is corrupt! (no executable) "Low Battery Alarm Program" -> WARNING -- The file "Low Battery Alarm Program.job" is corrupt! (no executable) "Symantec NetDetect" -> launches: "C:\Programas\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 37 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\programas\google\googletoolbar1.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\programas\google\googletoolbar1.dll" ["Google Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {77BF5300-1474-4EC7-9980-D32B190E9B07}\ "ButtonText" = "Skype" "CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}" -> {HKLM...CLSID} = "Skype add-on (button)" \InProcServer32\(Default) = "C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."] {DDE87865-83C5-48C4-8357-2F5B1AA84522}\ "ButtonText" = "Seleção HP Smart" "CLSIDExtension" = "{DDE87865-83C5-48c4-8357-2F5B1AA84522}" -> {HKLM...CLSID} = "ClipBookBtn Class" \InProcServer32\(Default) = "C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programas\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Agere Modem Call Progress Audio, AgereModemAudio, "C:\WINDOWS\system32\agrsmsvc.exe" ["Agere Systems"] ArcSoft Connect Daemon, ACDaemon, "C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACService.exe" ["ArcSoft Inc."] Avira AntiVir Personal - Free Antivirus Guard, AntiVirService, ""C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"] Avira AntiVir Personal - Free Antivirus Scheduler, AntiVirScheduler, ""C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"] Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]} HP CUE DeviceDiscovery Service, hpqddsvc, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Programas\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]} hpqcxs08, hpqcxs08, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Programas\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]} Lavasoft Ad-Aware Service, aawservice, "C:\Programas\Lavasoft\Ad-Aware\aawservice.exe" ["Lavasoft"] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] LogMeIn, LogMeIn, "C:\Programas\LogMeIn\x86\LogMeIn.exe" ["LogMeIn, Inc."] LogMeIn Maintenance Service, LMIMaint, ""C:\Programas\LogMeIn\x86\RaMaint.exe"" ["LogMeIn, Inc."] Net Driver HPZ12, Net Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZinw12.dll" ["Hewlett-Packard"]} Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZipm12.dll" ["Hewlett-Packard"]} Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Windows Search, WSearch, "C:\WINDOWS\system32\SearchIndexer.exe /Embedding" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] LIDIL hpzll5mu\Driver = "hpzll5mu.dll" ["Hewlett-Packard Company"] LogMeIn Printer Port Monitor\Driver = "LMIport.dll" ["LogMeIn, Inc."] ---------- (launch time: 2008-12-08 21:44:45) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 27 seconds, including 4 seconds for message boxes) Obrigado desde já pela ajuda ;) Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Dezembro 9, 2008 • Baixe: < ComboFix.exe > • Salve-o no Desktop! • Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) • Feche todas as janelas e execute a ferramenta! • Na solicitação: "Negação de garantia de software" --> Clique em Sim! • Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.-- Salve-a no desktop,renomeada como: Kombo.exe -- Ps: Nomeie durante o salvamento,e não após salvá-la! -- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. -- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! -- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas. • Abrir-se-á a janela Auto Scan. --> Aguarde! • Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. • Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter. • Aguarde a conclusão! • Durante o scan,evite manusear o mouse ou teclado! <-- Importante! • Para parar ou sair do ComboFix,tecle "N" --> Enter. ---------------------- • Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Compartilhar este post Link para o post Compartilhar em outros sites
Dinoman 0 Denunciar post Postado Dezembro 9, 2008 ComboFix 08-12-07.04 - ANDRE 2008-12-09 23:40:21.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.2070.18.1585 [GMT 0:00] Executando de: c:\documents and settings\ANDRE\Ambiente de trabalho\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\ANDRE\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll c:\documents and settings\ANDRE\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini c:\windows\system32\bsnzafqa.bin c:\windows\system32\cfg.dat c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\desktop.ini c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\MessengerStatsPAClient.dll c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\MgAxCtrl.dll c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\MgAxCtrl.inf c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\MsnPUpld.dll c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\MsnPUpld.inf c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\muweb.inf c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\PURen-us.dll c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\PURpt-pt.dll c:\windows\system32\gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, GBIEHABN.DLL, SCPSSSH2.DLL\swflash.inf E:\Autorun.inf . (((((((((((((((( Arquivos/Ficheiros criados de 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))) . 2008-12-09 22:15 . 2008-12-09 22:15 <DIR> d-------- c:\programas\Malwarebytes' Anti-Malware 2008-12-09 22:15 . 2008-12-09 22:15 <DIR> d-------- c:\documents and settings\ANDRE\Application Data\Malwarebytes 2008-12-09 22:15 . 2008-12-09 22:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-09 22:15 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-09 22:15 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-09 22:07 . 2008-12-09 22:08 <DIR> d-------- c:\programas\EsetOnlineScanner 2008-12-09 22:01 . 2008-12-09 22:01 <DIR> d-------- C:\!KillBox 2008-12-09 21:52 . 2008-12-09 21:52 <DIR> d-------- c:\documents and settings\Administrador\Application Data\Windows Search 2008-12-08 22:35 . 2008-12-08 22:35 <DIR> d-------- c:\programas\Trend Micro 2008-12-06 17:33 . 2008-12-08 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-12-06 10:47 . 2008-12-06 10:54 <DIR> d-------- c:\temp\The.Name.Of.The.Rose.1986.NORDiC.PAL.DVDR-DNA 2008-12-02 18:39 . 2008-12-04 21:17 <DIR> d-------- c:\temp\Tom.and.Jerry.Tales.V5.2008.DVDRip.XviD-ARiGOLD 2008-12-01 19:46 . 2008-12-01 19:55 <DIR> d-------- c:\temp\Vacancy.2007.MULTi.PAL.DVDR-WGS 2008-11-30 02:35 . 2007-11-30 03:00 1,843,398 --a------ c:\windows\system32\drivers\imbbpf001.bmp 2008-11-30 02:35 . 2008-01-06 15:17 1,266,902 --a------ c:\windows\system32\drivers\imbbpf002.bmp 2008-11-30 02:35 . 2006-11-09 12:36 1,084,902 --a------ c:\windows\system32\drivers\bradechaveiro.bmp 2008-11-30 02:35 . 2006-11-08 16:22 1,064,042 --a------ c:\windows\system32\drivers\bradbranco.bmp 2008-11-30 02:35 . 2008-02-22 00:34 980,982 --a------ c:\windows\system32\drivers\bescchaves.bmp 2008-11-30 02:35 . 2007-05-15 00:42 929,038 --a------ c:\windows\system32\drivers\uni1.bmp 2008-11-30 02:35 . 2008-02-21 17:18 780,278 --a------ c:\windows\system32\drivers\imgbns01.bmp 2008-11-30 02:35 . 2008-03-17 19:47 511,574 --a------ c:\windows\system32\drivers\rurlsenha.bmp 2008-11-30 02:35 . 2007-05-15 01:16 373,014 --a------ c:\windows\system32\drivers\eletronica.bmp 2008-11-30 02:35 . 2007-05-13 02:11 134,670 --a------ c:\windows\system32\drivers\unitc1.bmp 2008-11-30 02:35 . 2007-05-13 02:15 133,722 --a------ c:\windows\system32\drivers\unitc2.bmp 2008-11-30 02:34 . 2007-09-13 12:41 1,228,150 --a------ c:\windows\system32\drivers\imgbrdchave01.bmp 2008-11-30 02:34 . 2007-09-13 14:47 1,228,150 --a------ c:\windows\system32\drivers\imgbrd03.bmp 2008-11-30 02:34 . 2008-02-21 00:06 1,113,654 --a------ c:\windows\system32\drivers\nossa22.bmp 2008-11-30 02:34 . 2008-11-30 02:34 487,979 --a------ c:\windows\system32\imagens1234.exe 2008-11-30 02:34 . 2008-11-30 02:34 0 --a------ c:\windows\system32\enviado.flg 2008-11-28 21:47 . 2008-11-28 21:49 <DIR> d-------- c:\temp\Fly.Me.To.The.Moon.2-D.2008.DVDRiP.XviD-iNTiMiD 2008-11-21 00:42 . 2008-11-21 00:43 <DIR> d-------- c:\programas\Imaginewheel 2008-11-15 22:04 . 2007-02-12 14:50 20,480 --a------ c:\windows\FixCamera.exe 2008-11-15 22:03 . 2008-11-15 22:03 <DIR> d-------- c:\programas\Ficheiros comuns\snp325 2008-11-15 22:03 . 2007-05-07 18:38 10,343,168 --a------ c:\windows\system32\drivers\snp325.sys 2008-11-15 22:03 . 2007-05-09 10:46 835,584 --a------ c:\windows\vsnp325.exe 2008-11-15 22:03 . 2007-04-21 09:30 270,336 --a------ c:\windows\tsnp325.exe 2008-11-15 22:03 . 2006-04-12 12:11 147,456 --a------ c:\windows\system32\rsnp325.dll 2008-11-15 22:03 . 2007-04-24 15:40 57,344 --a------ c:\windows\system32\vsnp325.dll 2008-11-15 22:03 . 2005-11-23 13:55 53,248 --a------ c:\windows\system32\csnp325.dll 2008-11-15 22:03 . 2004-02-27 17:36 15,498 --a------ c:\windows\snp325.ini 2008-11-15 22:03 . 2004-02-27 17:36 13,023 --a------ c:\windows\snp325.src 2008-11-15 22:01 . 2008-11-15 22:01 <DIR> d-------- c:\documents and settings\ANDRE\Application Data\InstallShield 2008-11-15 10:26 . 2008-11-16 17:43 <DIR> d-------- c:\programas\software tmn 2008-11-12 11:47 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 11:46 . 2008-09-04 17:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-10 01:25 . 2008-11-10 01:25 <DIR> d-------- c:\documents and settings\ANDRE\Application Data\Windows Search . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-09 23:08 --------- d-----w c:\documents and settings\ANDRE\Application Data\uTorrent 2008-12-09 23:02 --------- d-----w c:\documents and settings\ANDRE\Application Data\HPAppData 2008-12-09 01:31 --------- d-----w c:\programas\LogMeIn 2008-12-07 01:02 73,216 ----a-w c:\windows\ST6UNST.EXE 2008-12-07 01:02 249,856 ------w c:\windows\Setup1.exe 2008-12-07 01:02 --------- d-----w c:\programas\Nissan DataScan 2008-11-30 20:11 --------- d-----w c:\documents and settings\ANDRE\Application Data\Skype 2008-11-30 16:09 --------- d-----w c:\documents and settings\ANDRE\Application Data\skypePM 2008-11-29 19:45 --------- d-----w c:\programas\Windows Live 2008-11-29 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-11-15 22:03 --------- d--h--w c:\programas\InstallShield Installation Information 2008-11-13 22:54 --------- d-----w c:\programas\NissanDataScan 2008-11-08 14:38 --------- d-----w c:\programas\Google 2008-11-08 14:37 --------- d-----w c:\programas\Ficheiros comuns\Skype 2008-10-28 23:18 --------- d-----w c:\programas\Simpli Software 2008-10-28 23:03 --------- d-----w c:\documents and settings\ANDRE\Application Data\Nero 2008-10-28 22:55 --------- d-----w c:\programas\Ficheiros comuns\Nero 2008-10-28 22:48 --------- d-----w c:\programas\Nero 2008-10-28 22:46 --------- d-----w c:\programas\Windows Sidebar 2008-10-28 22:38 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2008-10-28 22:16 --------- d-----w c:\programas\Ahead 2008-10-28 22:15 --------- d-----w c:\programas\Ficheiros comuns\Ahead 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-22 18:07 --------- d-----w c:\programas\Microsoft Silverlight 2008-10-16 19:35 87,352 ----a-w c:\windows\system32\LMIinit.dll 2008-10-16 19:35 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll 2008-10-16 19:35 28,984 ----a-w c:\windows\system32\LMIport.dll 2008-10-16 19:35 23,736 ----a-w c:\windows\system32\lmimirr.dll 2008-10-16 19:35 10,040 ----a-w c:\windows\system32\lmimirr2.dll 2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-12 16:05 --------- d-----w c:\documents and settings\All Users\Application Data\LogMeIn 2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:25 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128] "swg"="c:\programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-19 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\programas\Synaptics\SynTP\SynTPLpr.exe" [2004-10-29 98394] "SynTPEnh"="c:\programas\Synaptics\SynTP\SynTPEnh.exe" [2004-10-29 688218] "KeybdUtility"="c:\programas\On Screen Display\Hotkey.exe" [2005-01-27 73728] "batterymiser"="c:\programas\Battery miser\batterymiser.exe" [2006-06-01 335872] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784] "ArcSoft Connection Service"="c:\programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-02-22 72192] "avgnt"="c:\programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480] "tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336] "snp325"="c:\windows\vsnp325.exe" [2007-05-09 835584] "AGRSMMSG"="AGRSMMSG.exe" [2004-11-09 c:\windows\AGRSMMSG.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "c:\windows\system32\bmpsap.dll" [2006-06-01 114688] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 19:35 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\ffdshow\ffdshow.ax "msacm.l3codec"= l3codecp.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^InterVideo WinCinema Manager.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\InterVideo WinCinema Manager.lnk backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Windows Search.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C: [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 01:38 34672 c:\programas\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2004-12-07 21:10 344064 c:\programas\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] -ra------ 2003-01-21 07:19 40960 c:\windows\VM_STI.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-10-14 20:17 49152 c:\programas\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] --a------ 2008-08-20 09:54 150016 c:\programas\HP\Digital Imaging\bin\HpqSRmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPO3] --a------ 2005-06-22 11:00 1028096 c:\programas\LG Software\IP Operator 2005\IP Operator 2005.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X6100 Series] --a------ 2003-09-23 06:40 57344 c:\programas\Lexmark X6100 Series\lxbfbmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG Intelligent Update] --a------ 2007-06-02 13:23 102400 c:\programas\lg_swupdate\autoupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] --a------ 2008-07-24 17:46 63048 c:\programas\LogMeIn\x86\LogMeInSystray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 c:\programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 05:24 286720 c:\programas\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-09-23 14:17 21755688 c:\programas\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-09-16 11:16 1833296 c:\programas\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox] --a------ 2005-09-14 19:44 65536 c:\programas\USB Disk Win98 Driver\Res.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programas\\InterVideo\\DVD5\\WinDVD.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programas\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Programas\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Programas\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programas\\Windows Live\\Messenger\\livecall.exe"= "c:\\Torrents\\uTorrent.exe"= "c:\\Programas\\Skype\\Phone\\Skype.exe"= R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\programas\LogMeIn\x86\RaInfo.sys [2008-07-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-12 47640] R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-01-17 1287296] S3 kwwalpgr;kwwalpgr;\??\c:\docume~1\ANDRE\DEFINI~1\Temp\kwwalpgr.sys [] S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2008-11-15 10343168] S4 LMIRfsClientNP;LMIRfsClientNP; [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f742c0-56e6-11db-a4d1-0012f02d7c4f}] \Shell\AutoRun\command - E:\VMC_PBStarter.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f742c1-56e6-11db-a4d1-0012f02d7c4f}] \Shell\AutoRun\command - F:\StartVMCLite.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fbf5eea-f919-11dc-a5bc-0012f02d7c4f}] \Shell\AutoRun\command - E:\VMC_PBStarter.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fbf5eeb-f919-11dc-a5bc-0012f02d7c4f}] \Shell\AutoRun\command - E:\VMC_PBStarter.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3356a0-6af5-11dd-a671-0012f02d7c4f}] \Shell\AutoRun\command - E:\StartVMCLite.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a5eb438-c3bb-11dd-a6ff-00e091098ab5}] \Shell\AutoRun\command - E:\ \Shell\open\Command - rundll32.exe .\\qdb.dll,InstallM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ac72e94-4803-11dc-a4d3-0012f02d7c4f}] \Shell\AutoRun\command - E:\VMC_PBStarter.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3612278-b2ff-11dd-a6e5-0012f02d7c4f}] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b361227c-b2ff-11dd-a6e5-0012f02d7c4f}] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5ac0e1a-73c0-11dd-a67f-0012f02d7c4f}] \Shell\AutoRun\command - E:\StartVMCLite.exe . Conteúdo da pasta 'Tarefas Agendadas' 2008-12-09 c:\windows\Tasks\Symantec NetDetect.job - c:\programas\Symantec\LiveUpdate\NDETECT.EXE [2003-09-09 13:15] . - - - - ORFÃOS REMOVIDOS - - - - HKLM-Run-task - c:\windows\system32\task.com HKLM-Run-Cmaudio - cmicnfg.cpl MSConfigStartUp-AudioHQ - c:\windows\system32\audiohq.exe MSConfigStartUp-w - C:\w.exe MSConfigStartUp-explorer - c:\windows\java\service.exe MSConfigStartUp-Gbpsv - c:\windows\system32\Gbpsv.exe MSConfigStartUp-msnmsg - c:\windows\system32\msnmsg.exe MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe MSConfigStartUp-swg - c:\programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.pt/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore FireFox -: Profile - c:\documents and settings\ANDRE\Application Data\Mozilla\Firefox\Profiles\z10v61do.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pt/ FF -: plugin - c:\programas\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\programas\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\programas\Mozilla Firefox\plugins\np_gp.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-09 23:44:05 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(936) c:\windows\system32\Ati2evxx.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Tempo para conclusão: 2008-12-09 23:45:33 ComboFix-quarantined-files.txt 2008-12-09 23:45:23 Pré-execução: 24,615,145,472 bytes livres Pós execução: 24,593,969,152 bytes livres 293 --- E O F --- 2008-11-30 20:01:54 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:47:20, on 09-12-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programas\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programas\Synaptics\SynTP\SynTPLpr.exe C:\Programas\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\RunDll32.exe C:\Programas\On Screen Display\Hotkey.exe C:\WINDOWS\system32\svchost.exe C:\Programas\Battery miser\batterymiser.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hkcmd.exe C:\Programas\LogMeIn\x86\RaMaint.exe C:\WINDOWS\system32\igfxpers.exe C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\tsnp325.exe C:\Programas\LogMeIn\x86\LogMeIn.exe C:\Programas\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programas\LogMeIn\x86\LogMeInSystray.exe C:\Programas\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Programas\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\Programas\Mozilla Firefox\firefox.exe C:\Programas\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KeybdUtility] "C:\Programas\On Screen Display\Hotkey.exe" O4 - HKLM\..\Run: [batterymiser] "C:\Programas\Battery miser\batterymiser.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} - http://mapguide.cm-aveiro.pt/smiga/03Aplic...ap/mgaxctrl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180868710250 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programas\Ficheiros comuns\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodata Limited License Service - Unknown owner - C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programas\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programas\LogMeIn\x86\LogMeIn.exe O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe -- End of file - 9032 bytes Obrigado desde já pela ajuda prestada Compartilhar este post Link para o post Compartilhar em outros sites
Dinoman 0 Denunciar post Postado Dezembro 10, 2008 Avira AntiVir Personal Report file date: terça-feira, 9 de Dezembro de 2008 23:49 Scanning for 1080260 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: NOME-7A8C0139DA Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 18-11-2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 27-11-2008 19:05:13 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26-05-2008 08:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12-06-2008 13:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26-05-2008 08:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27-10-2008 22:37:14 ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 07-12-2008 01:25:14 ANTIVIR2.VDF : 7.1.0.198 2048 Bytes 07-12-2008 01:25:15 ANTIVIR3.VDF : 7.1.0.213 63488 Bytes 09-12-2008 22:44:31 Engineversion : 8.2.0.43 AEVDF.DLL : 8.1.0.6 102772 Bytes 16-10-2008 18:10:19 AESCRIPT.DLL : 8.1.1.18 336251 Bytes 09-12-2008 01:24:57 AESCN.DLL : 8.1.1.5 123251 Bytes 08-11-2008 19:24:27 AERDL.DLL : 8.1.1.3 438645 Bytes 05-11-2008 18:19:12 AEPACK.DLL : 8.1.3.4 393591 Bytes 11-11-2008 18:19:24 AEOFFICE.DLL : 8.1.0.32 196987 Bytes 05-12-2008 19:03:51 AEHEUR.DLL : 8.1.0.74 1519990 Bytes 05-12-2008 19:03:49 AEHELP.DLL : 8.1.2.0 119159 Bytes 18-11-2008 18:23:34 AEGEN.DLL : 8.1.1.6 323955 Bytes 28-11-2008 19:04:13 AEEMU.DLL : 8.1.0.9 393588 Bytes 16-10-2008 18:10:15 AECORE.DLL : 8.1.5.2 172405 Bytes 28-11-2008 19:04:11 AEBB.DLL : 8.1.0.3 53618 Bytes 16-10-2008 18:10:13 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09-07-2008 09:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16-05-2008 10:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 04-10-2008 14:45:13 AVREG.DLL : 8.0.0.1 33537 Bytes 09-05-2008 12:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12-02-2008 09:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12-06-2008 13:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22-01-2008 18:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12-06-2008 13:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25-01-2008 13:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12-06-2008 14:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27-06-2008 14:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\programas\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: terça-feira, 9 de Dezembro de 2008 23:49 Starting search for hidden objects. '62800' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned Scan process 'searchindexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned Scan process 'tsnp325.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'ACDaemon.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'ramaint.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'batterymiser.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'HotKey.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'agrsmsvc.exe' - '1' Module(s) have been scanned Scan process 'ACService.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 52 processes with 52 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '57' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\ANDRE\Ambiente de trabalho\ComboFix.exe [0] Archive type: RAR SFX (self extracting) --> 32788R22FWJFW\hidec.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program --> 32788R22FWJFW\NirCmd.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\nircmd.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\NirCmdC.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application --> 32788R22FWJFW\psexec.cfexe [1] Archive type: RSRC --> Object [DETECTION] Contains recognition pattern of the APPL/PsExec.E application [WARNING] The file was ignored! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP622\A0078526.exe [DETECTION] Is the TR/Crypt.CFI.Gen Trojan [NOTE] The file was moved to '496f09cd.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP635\A0081172.com [DETECTION] Contains recognition pattern of the WORM/VB.IA.1 worm [NOTE] The file was moved to '496f7191.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP640\A0083411.exe [DETECTION] Is the TR/Spy.Banker.Gen Trojan [NOTE] The file was moved to '496f721b.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP640\A0083412.exe [0] Archive type: HIDDEN --> FIL\\\?\C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP640\A0083412.exe [DETECTION] Is the TR/Spy.Banker.Gen Trojan [NOTE] The file was moved to '496f721e.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP642\A0087473.exe [DETECTION] Is the TR/Crypt.CFI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP642\A0087474.scr [0] Archive type: HIDDEN --> FIL\\\?\C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP642\A0087474.scr [DETECTION] Is the TR/Spy.Banker.Gen Trojan [NOTE] The file was moved to '496f7289.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP643\A0089501.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program [NOTE] The file was moved to '496f72b6.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP643\A0089509.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application [NOTE] The file was moved to '496f72b9.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP643\A0089524.exe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application [NOTE] The file was moved to '496f72c1.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP643\A0090498.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program [NOTE] The file was moved to '496f72c5.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP643\A0090509.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application [NOTE] The file was moved to '496f72c7.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP643\A0090520.exe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application [NOTE] The file was moved to '496f72cc.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP643\A0090543.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program [NOTE] The file was moved to '496f72d0.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP643\A0090551.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application [NOTE] The file was moved to '496f72d2.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP643\A0090562.exe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application [NOTE] The file was deleted! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP643\A0090572.EXE [DETECTION] Contains recognition pattern of the APPL/PsExec.E application [NOTE] The file was moved to '496f72dd.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP643\A0090599.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program [NOTE] The file was moved to '496f72e0.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP643\A0090606.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application [NOTE] The file was moved to '496f72e3.qua'! C:\System Volume Information\_restore{DC529E51-AF6C-4E72-8537-6A9EDC807386}\RP643\A0090618.exe [0] Archive type: RAR SFX (self extracting) --> 32788R22FWJFW\hidec.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program --> 32788R22FWJFW\NirCmd.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\nircmd.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\NirCmdC.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application --> 32788R22FWJFW\psexec.cfexe [1] Archive type: RSRC --> Object [DETECTION] Contains recognition pattern of the APPL/PsExec.E application [NOTE] The file was moved to '496f72e8.qua'! Begin scan in 'E:\' <My Passport> End of the scan: quarta-feira, 10 de Dezembro de 2008 08:02 Used time: 8:12:05 Hour(s) The scan has been done completely. 5219 Scanning directories 208913 Files were scanned 28 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 1 files were deleted 0 files were repaired 17 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 208883 Files not concerned 8687 Archives were scanned 4 Warnings 18 Notes 62800 Objects were scanned with rootkit scan 0 Hidden objects were found Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Janeiro 8, 2009 Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento. Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. File::E:\VMC_PBStarter.exe F:\StartVMCLite.exe E:\StartVMCLite.exe E:\AutoRun.exe E:\StartVMCLite.exe c:\windows\FixCamera.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FixCamera"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f742c0-56e6-11db-a4d1-0012f02d7c4f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f742c1-56e6-11db-a4d1-0012f02d7c4f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fbf5eea-f919-11dc-a5bc-0012f02d7c4f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fbf5eeb-f919-11dc-a5bc-0012f02d7c4f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3356a0-6af5-11dd-a671-0012f02d7c4f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a5eb438-c3bb-11dd-a6ff-00e091098ab5}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ac72e94-4803-11dc-a4d3-0012f02d7c4f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3612278-b2ff-11dd-a6e5-0012f02d7c4f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b361227c-b2ff-11dd-a6e5-0012f02d7c4f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5ac0e1a-73c0-11dd-a67f-0012f02d7c4f}] Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos. Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Poste-o junto com o novo log do hijackthis Ps:. Faça os procedimentos com o pen drive conectado Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Fevereiro 8, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
