[Resolvido!] Anti-Virus não conseguiu limpar

[Cata 0]

Olá pessoal

Feliz Natal :natal_w00t:

 

Tenho um note e o anti-virus dele pegou um virus, pediu para reiniciar 2x mas no final disse que não conseguiu limpar.

Foi depois de passar o AV num pen drive.

 

Obrigada e até.

 

Cata

 

Aqui vai um log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:47:23, on 28/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Jana2\Janad.exe

C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\NetLimiter 2 Monitor\NLClient.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\keyhook.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\atwtusb.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files\VMware\VMware Workstation\hqtray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\EverNote\EverNote\UniClipper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\EverNote\EverNote\EverNote.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\HijackTHis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:6588

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [uniClipper] "C:\Program Files\EverNote\EverNote\UniClipper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-21-1075639503-21899233-915414447-1017\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'postgres')

O4 - HKUS\S-1-5-21-1075639503-21899233-915414447-1017\..\RunOnce: [] (User 'postgres')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: EverNote.lnk = C:\Program Files\EverNote\EverNote\EverNote.exe

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000

O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Decompiler - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm

O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html

O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL

O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL

O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll

O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll

O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: ProxyPick - {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "C:\Program Files\ProxyPick\ProxyPick.exe" (file missing)

O9 - Extra 'Tools' menuitem: ProxyPick - {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "C:\Program Files\ProxyPick\ProxyPick.exe" (file missing)

O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (HKCU)

O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll (HKCU)

O15 - Trusted Zone: http://loandocs.ss3.swiftsend.com

O15 - Trusted Zone: http://docs.swiftsend.com

O15 - Trusted Zone: http://loandocs.swiftsend.com

O15 - Trusted Zone: http://docs.swiftsend2.com

O15 - Trusted Zone: http://loandocs.swiftsend2.com

O15 - Trusted Zone: http://www.swiftview.com

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187618350484

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{AD8FC4E6-8B2B-4EA1-A39C-2895A321527F}: NameServer = 192.168.1.254

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Apache2.2 - Unknown owner - F:\xampplite\apache\bin\apache.exe (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Jana Server 2 (Janad) - Thomas Hauck, Privat - C:\Program Files\Jana2\Janad.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PostgreSQL Server 8.3 (postgresql-8.3) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

O23 - Service: XAMPP Service (XAMPP) - Unknown owner - F:\xampplite\service.exe (file missing)

 

--

End of file - 17551 bytes

[jgarcia 1]

Opa Cata,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

Abraços.

[Cata 0]

Desculpe a demora

 

Tentei passar o Combofix das 3 formas solicitadas, mas só dá a seguinte mensagem. :!:

 

"c:/windows/system32/" is not recognized as an internal or external command operable program or batch file

 

Não sei o que fazer

 

Obrigada

 

Até

 

Cata

[Mário Monteiro 179]

Experimentou seguir esta dica?

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

[Cata 0]

Sim, tentei.

Dá a mesma mensagem após executar uns 50 passos e fica travado.

Até.

[jgarcia 1]

Opa Cata,

 

Desculpe a imensa demora, pois o tempo anda curto. :(

 

Bem, o Malwarebytes AntiMalware é um produto relativamente novo, porém com grande eficácia na remoção de infecções comuns. O programa é pequeno, gratuito e em português.

 

A sua instalação é o primeiro passo para a limpeza de um sistema operacional infectado.

 

Neste tutorial você aprenderá a instalá-lo e executá-lo.

 

1) Primeiramente faça o download do programa:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

2) Agora proceda a instalação do programa, conforme segue:

 

Execute o programa de instalação:

 

Logo após a execução do arquivo de instalação, será exibida a seguinte tela:

 

Agora, clique em Instalar para concluir:

 

Ao término da instalação deixe marcadas as opções de Atualização e Execução:

 

Será exibida então a tela de atualização do programa:

 

3) Essa é a tela inicial do programa. Marque a opção Verificação Completa e clique no botão Verificar.

 

Aguarde até o final da verificação:

 

Ao concluir a verificação, será exibida essa mensagem:

 

O resultado da verificação será exibido, com o nome dos arquivos e malwares encontrados.

Para efetivar a limpeza, clique em Remover selecionados:

 

Para concluir a limpeza haverá a necessidade da reinicialização do computador:

 

O programa guarda os logs das verificações feitas na pasta C:\Documents and Settings\Seu nome de Usuario\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\Logs, que também pode ser acessados na aba Logs, dentro do programa.

 

Retorne com o resultado da varredura.

 

Créditos: Fabio Assolini.

 

Link para a postagem original: aqui.

[Cata 0]

Aqui vai o resultado do programa:

 

Malwarebytes' Anti-Malware 1.33

Database version: 1682

Windows 5.1.2600 Service Pack 3

 

2009-01-23 12:44:40

mbam-log-2009-01-23 (12-44-40).txt

 

Scan type: Full Scan (C:\|)

Objects scanned: 206440

Time elapsed: 1 hour(s), 37 minute(s), 48 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINDOWS\Downloaded Program Files\scpsssh2.inf (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

 

 

Durante o momento que ele passava, o Norton resolveu pegar alguns outros:

Hacktool 2 vezes. Na DVD Region Free e na System Restore.

[jgarcia 1]

Opa Cata,

 

1. Baixe o BankerFix 3.0.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. A janela do Banker Fix 3.0 abrir-se-á com a seguinte pergunta Instalar o BankerFix 3.0 / Install BankerFix 3.0 ? >> clique em SIM.

 

4. Uma janela informando que o BankerFix 3.0 será baixado via internet abrir-se-á >> clique sobre OK e aguarde. Na próxima janela clique em OK mais uma vez, a fim de que o BankerFix 3.0 seja iniciado.

 

5. Pressione qualquer tecla para dar continuidade ao processo e aguarde até que a varredura se complete. Tenha paciência, pois ela pode demorar alguns minutos.

 

6. Terminado o scan, leia a mensagem na tela e aperte Enter.

 

7. Habilite o seu anti-vírus.

 

8. Retorne com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

9. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

 

PS.: Caso apareça a seguinte mensagem: Site denunciado como foco de ataques!, não se preocupe e clique sobre Ignorar este alerta.

[Cata 0]

Aqui vai o relatório

 

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-01-29 - 22:32

-------------------------------------------------------

Lista de Definição: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

 

 

 

----- Fim -------------------------

[jgarcia 1]

Opa Cata,

 

1. Baixe o DDS e salve-o em seu Desktop.

 

2. Desabilite seu anti-vírus temporiamente.

 

3. Dê duplo-clique sobre o ícone alocado em seu Desktop.

 

4. Quando a janela se abrir solicitando autorização para a execução do arquivo, clique sobre Executar.

 

5. Uma janela abrir-se-á, conforme abaixo ilustrado:

 

6. O DDS iniciará a varredura na máquina.

 

7. Ao fim do processo dois arquivos serão criados: dds.txt e attach.txt.

 

8. Preciso que você poste o conteúdo do dds.txt em sua próxima resposta.

 

Abraços.

[Cata 0]

Aqui vão os logs solicitados:

 

Até

 

===

 

DDS (Ver_09-01-19.01) - FAT32x86

Run by Cata at 18:09:26.29 on 2009-01-31

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.463 [GMT -2:00]

 

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

SVCHOST.EXE

C:\WINDOWS\System32\svchost.exe -k netsvcs

SVCHOST.EXE

SVCHOST.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Jana2\Janad.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\keyhook.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\atwtusb.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\mobile PhoneTools\mPhonetools.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Cata\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\program files\scpad\scpsssh2.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: Zend Studio: {95188727-288f-4581-a48d-eab3bd027314} - c:\progra~1\zend\zendst~1.0\bin\ZENDIE~1.DLL

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [LaunchApp] Alaunch

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

mRun: [siS Windows KeyHook] c:\windows\system32\keyhook.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [PCMService] "c:\program files\arcade\PCMService.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [atwtusb] atwtusb.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\julioc~1\startm~1\programs\startup\evernote.lnk - c:\program files\evernote\evernote\EverNote.exe

IE: Add to AMV Convert Tool... - c:\program files\mp3 player utilities 4.00\amvconverter\grab.html

IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000

IE: Add to Media Manager... - c:\program files\mp3 player utilities 4.00\mediamanager\grab.html

IE: Converter destino de link em Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em PDF existente - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter em Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter em PDF existente - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter links selecionados em Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Converter links selecionados em PDF existente - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Converter seleção em Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter seleção em PDF existente - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Sothink SWF Decompiler - c:\program files\sourcetec\sothink swf decompiler\InternetExplorer.htm

IE: Zend Studio - Debug current page - c:\program files\zend\zendstudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html

IE: Zend Studio - Debug next page - c:\program files\zend\zendstudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\sourcetec\sothink swf decompiler\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {FF819DA3-FF82-FF44-ADF5-6EF17ECF3C6E} - "c:\program files\proxypick\ProxyPick.exe"

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {95188727-288F-4581-A48D-EAB3BD027314} - c:\progra~1\zend\zendst~1.0\bin\ZENDIE~1.DLL

IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll

Trusted Zone: com\swiftview

Trusted Zone: ss3.swiftsend.com\loandocs

Trusted Zone: swiftsend.com\docs

Trusted Zone: swiftsend.com\loandocs

Trusted Zone: swiftsend2.com\docs

Trusted Zone: swiftsend2.com\loandocs

Trusted Zone: swiftview.com\www

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187618350484

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: {AD8FC4E6-8B2B-4EA1-A39C-2895A321527F} = 192.168.1.1

TCP: {CC5F254B-A0B0-4E70-9E4D-7F74370292BB} = 200.169.119.22 200.169.117.22

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: LMIinit - LMIinit.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\program files\scpad\scpLIB.dll

STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\program files\scpad\scpLIB.dll

SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\progra~1\dvdreg~1\DVDShell.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\julioc~1\applic~1\mozilla\firefox\profiles\quttl3f0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/#

FF - component: c:\documents and settings\Cata\application data\mozilla\firefox\profiles\quttl3f0.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll

FF - component: c:\documents and settings\Cata\application data\mozilla\firefox\profiles\quttl3f0.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll

FF - component: c:\documents and settings\Cata\application data\mozilla\firefox\profiles\quttl3f0.default\extensions\{a5aba0bb-f195-40d8-a5e9-0801153e6597}\components\enbar.dll

FF - component: c:\documents and settings\Cata\application data\mozilla\firefox\profiles\quttl3f0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll

FF - plugin: c:\documents and settings\Cata\application data\mozilla\firefox\profiles\quttl3f0.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npsview.dll

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

 

============= SERVICES / DRIVERS ===============

 

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2007-7-10 156800]

R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2007-7-10 5248]

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 81688]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\documents and settings\all users\application data\spyware terminator\sp_rsdrv2.sys [2007-7-10 133120]

R3 D301bus;GW01 USB WMC Bus Driver (WDM);c:\windows\system32\drivers\D301bus.sys [2008-3-28 83328]

R3 D301mdfl;GW01 USB WMC Modem Filter;c:\windows\system32\drivers\D301mdfl.sys [2008-3-28 14976]

R3 D301mdm;GW01 USB WMC Modem Driver;c:\windows\system32\drivers\D301mdm.sys [2008-3-28 109824]

R3 D301mgmt;GW01 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\D301mgmt.sys [2008-3-28 103808]

R3 d301nd5;GW01 USB WMC Ethernet GW (NDIS);c:\windows\system32\drivers\d301nd5.sys [2008-3-28 24832]

R3 D301obex;GW01 USB WMC OBEX Interface;c:\windows\system32\drivers\D301obex.sys [2008-3-28 99840]

R3 d301unic;GW01 USB WMC Ethernet GW (WDM);c:\windows\system32\drivers\d301unic.sys [2008-3-28 105728]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-1-4 99376]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090130.003\naveng.sys [2009-1-30 89104]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090130.003\navex15.sys [2009-1-30 876112]

R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]

R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]

R4 Janad;Jana Server 2;c:\program files\jana2\Janad.exe [2006-10-9 822272]

R4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12992]

R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-4-19 46112]

R4 postgresql-8.3;PostgreSQL Server 8.3;C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N "postgresql-8.3" -D "C:/Program Files/PostgreSQL/8.3/data" -w --> C:/Program Files/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N postgresql-8.3 [?]

R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-17 1799408]

S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2008-1-3 22528]

S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-17 115952]

S4 Apache2.2;Apache2.2;"f:\xampplite\apache\bin\apache.exe" -k runservice --> f:\xampplite\apache\bin\apache.exe [?]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 XAMPP;XAMPP Service;f:\xampplite\service.exe --> f:\xampplite\service.exe [?]

 

============== File Associations ===============

 

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

 

=============== Created Last 30 ================

 

2009-01-29 21:57 <DIR> --d----- c:\program files\Xara

2009-01-29 21:57 <DIR> --d----- c:\program files\common files\Xara

2009-01-26 01:25 1,409 a------- c:\windows\QTFont.for

2009-01-26 01:25 54,156 a---h--- c:\windows\QTFont.qfn

2009-01-23 10:56 <DIR> --d----- c:\docume~1\julioc~1\applic~1\Malwarebytes

2009-01-23 10:56 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-01-23 10:56 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-23 10:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-01-23 10:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-01-16 16:10 <DIR> --d----- c:\program files\RoughDraft

2009-01-12 01:43 <DIR> --d----- c:\program files\PowerISO

2009-01-11 13:52 <DIR> --d----- c:\docume~1\julioc~1\applic~1\KompoZer

2009-01-11 12:22 272,128 -------- c:\windows\system32\dllcache\bthport.sys

2009-01-11 12:19 203,136 -------- c:\windows\system32\dllcache\rmcast.sys

2009-01-11 12:19 8,840 a------- c:\windows\SEC145A.PNF

2009-01-11 12:10 <DIR> --d----- c:\windows\system32\scripting

2009-01-11 12:10 <DIR> --d----- c:\windows\l2schemas

2009-01-11 12:10 <DIR> --d----- c:\windows\system32\en

2009-01-11 12:10 <DIR> --d----- c:\windows\system32\bits

2009-01-11 12:08 <DIR> --d----- c:\program files\KompoZer 0.7.10

2009-01-11 12:05 <DIR> --d----- c:\windows\ServicePackFiles

2009-01-11 12:02 <DIR> --d----- c:\windows\network diagnostic

2009-01-11 12:00 2,948 a------- c:\windows\SECA6.PNF

2009-01-11 11:19 <DIR> --d----- c:\windows\EHome

2009-01-11 11:10 410,984 a------- c:\windows\system32\deploytk.dll

2009-01-10 19:42 388,608 a------- c:\windows\system32\CF20628.exe

2009-01-10 19:42 <DIR> --d----- C:\ComboFix

2009-01-10 19:08 388,608 a------- c:\windows\system32\CF13973.exe

2009-01-10 18:49 388,608 a------- c:\windows\system32\CF10325.exe

2009-01-10 18:49 <DIR> --d----- C:\KomboFix

2009-01-10 18:30 388,608 a------- c:\windows\system32\CF6553.exe

2009-01-10 18:12 388,608 a------- c:\windows\system32\CF2938.exe

2009-01-10 18:12 388,608 a------- c:\windows\system32\CF2945.exe

2009-01-10 17:53 <DIR> a-dshr-- C:\cmdcons

2009-01-10 17:49 161,792 a------- c:\windows\SWREG.exe

2009-01-10 17:49 98,816 a------- c:\windows\sed.exe

2009-01-10 17:49 388,608 a------- c:\windows\system32\CF31229.exe

2009-01-10 17:48 388,608 a------- c:\windows\system32\CF31063.exe

2009-01-10 17:48 388,608 a------- c:\windows\system32\CF31069.exe

2009-01-10 17:48 388,608 a------- c:\windows\system32\CF31076.exe

2009-01-08 13:56 <DIR> --d----- c:\docume~1\julioc~1\applic~1\IObit

2009-01-08 13:56 <DIR> --d----- c:\program files\IObit

2009-01-06 22:08 <DIR> --d----- C:\Bat

2009-01-02 19:46 56 a---h--- c:\windows\system32\ezsidmv.dat

 

==================== Find3M ====================

 

2009-01-31 16:26 3,140 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys

2009-01-11 12:15 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2008-12-13 04:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll

2008-12-11 08:57 333,952 a------- c:\windows\system32\drivers\srv.sys

2008-12-11 08:57 333,952 -------- c:\windows\system32\dllcache\srv.sys

2008-12-02 11:43 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys

2008-11-07 16:45 2,174,976 a------- c:\windows\system32\dllcache\WMVCore.dll

2008-11-03 23:20 88 ---shr-- c:\docume~1\alluse~1\applic~1\B0218310B6.sys

 

============= FINISH: 18:10:20.54 ===============

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-01-19.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 2007-07-07 06:19:36

System Uptime: 2009-01-31 10:14:40 (8 hours ago)

 

Motherboard: Acer, Inc. | | Lugano M

Processor: Mobile AMD Sempron Processor 2800+ | Socket A | 1600/400mhz

 

==== Disk Partitions =========================

 

C: is FIXED (FAT32) - 112 GiB total, 6.75 GiB free.

D: is CDROM ()

E: is CDROM ()

G: is FIXED (FAT32) - 116 GiB total, 3.229 GiB free.

H: is FIXED (FAT32) - 116 GiB total, 0.758 GiB free.

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Placa de Rede Broadcom 802.11g

Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_03121468&REV_02\3&267A616A&0&58

Manufacturer: Broadcom

Name: Placa de Rede Broadcom 802.11g

PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_03121468&REV_02\3&267A616A&0&58

Service: BCM43XX

 

==== System Restore Points ===================

 

RP553: 2009-01-31 15:16:59 - System Checkpoint

 

==== Installed Programs ======================

 

 

123 MP3 to WAV converter

2007 Microsoft Office Suite Service Pack 1 (SP1)

7-Zip 4.57

Acer eManager for Notebook

Ad-Aware SE Professional

Adobe Acrobat 7.0 Professional - Español, Italiano, Português

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe PageMaker 6.5

Adobe Photoshop CS

Adobe Reader 6.0

Adobe Shockwave Player 11

Advanced SystemCare 3

Agere Systems AC'97 Modem

Apple Mobile Device Support

Apple Software Update

Arcade 3.0

Arquivo do WinRAR

Avanquest update

Axure RP Pro 4

Bayden ProxyPick (remove only)

BR

BrOffice.org 2.3

BSPlayer

CCleaner (remove only)

CDisplay 1.8

Color Cop v5.3

ConvertXtoDVD 2.0.13

CorelDRAW Graphics Suite 12

CorelDRAW Graphics Suite X3

CorelDRAW Graphics Suite X4

CorelDRAW Graphics Suite X4 - Capture

CorelDRAW Graphics Suite X4 - Content

CorelDRAW Graphics Suite X4 - Draw

CorelDRAW Graphics Suite X4 - Filters

CorelDRAW Graphics Suite X4 - FontNav

CorelDRAW Graphics SUite X4 - ICA

CorelDRAW Graphics Suite X4 - IPM

CorelDRAW Graphics Suite X4 - Lang BR

CorelDRAW Graphics Suite X4 - PP

CorelDRAW Graphics Suite X4 - VBA

CorelDRAW® Graphics Suite X4

CorelDRAW® Graphics Suite X4 - Windows Shell Extension

CuteFTP 7 Professional

CutePDF Writer 2.7

Despertador

DFX for Winamp

Diccionario de uso del español

DriverMax 3

DVD Region+CSS Free 5.58

EVEREST Corporate Edition v3.50

EverNote 2

Eye Candy 4000

FileZilla Client 3.0.5.2

FLV Player

FLV Player 2.0, build 23

FontNav

Foxit Reader

Free Notes & Office Ink

Free YouTube to Mp3 Converter version 2.5

FTP Commander

G-Note Editor

Google Gmail Notifier

Google Toolbar for Internet Explorer

Guia Quatro Rodas Rodoviário 2007

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB952287)

hp LaserJet 1010 Series

Image Resizer Powertoy for Windows XP

Ink Monitor

iTunes

J2SE Runtime Environment 5.0 Update 5

Jana Server 2.4.8.51

Java 6 Update 11

Java 6 Update 3

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

K-Lite Codec Pack 3.2.0 Full

KalipseMail® 5000

Kasparov Chessmate

L&H Power Translator Pro 7.0

LiveReg (Symantec Corporation)

LiveUpdate 3.0 (Symantec Corporation)

LogMeIn

Macromedia Dreamweaver 8

Macromedia Extension Manager

Macromedia Fireworks 8

Macromedia Flash 8

Macromedia Flash 8 Video Encoder

Macromedia Flash Player 8

Malwarebytes' Anti-Malware

Media Converter SA Edition 0.8

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft Visual C++ 2005 Redistributable

mobile PhoneTools

Mozilla Firefox (3.0.5)

Mozilla Thunderbird (2.0.0.19)

MP3 Player Utilities 4.00

MSN

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 6 Service Pack 2 (KB954459)

Nero 7 Demo

NetLimiter 2 Monitor (remove only)

nLite 1.4.1

Notepad++

Novo Dicionário Aurélio

NTI Backup NOW! 4

NTI CD & DVD-Maker

OrderReminder hp LaserJet 101x

PartitionMagic

PokerTH

PostgreSQL 8.3

Power Presenter RE

PowerISO

PowerProducer

PowerQuest PartitionMagic 8.0

Pronunciation Power 2

QuickTime

QuickTime for Windows (32-bit)

Real Alternative 1.9.0

Realtek AC'97 Audio

RoughDraft 3.0

Security Update for CAPICOM (KB931906)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Media Player (KB952069)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

SiS 900 PCI Fast Ethernet Adapter Driver

SiS VGA Utilities

SiSAGP driver

Skype™ 3.8

Sony Sound Forge 7.0

Sothink SWF Decompiler

SPLOT32 Plotter Simulator

Spyware Terminator BETA

Swift 3D

Swift 3D Version 4.00

SwiftView Viewer

SWiSH v2.0

Symantec AntiVirus

Synaptics Pointing Device Driver

SyncToy

Terragen

TopStyle Lite (Version 3.0)

TortoiseSVN 1.5.5.14361 (32 bit)

TrojanHunter 4.2

TuneUp Utilities 2006

UltraISO V7.6 ME

Uninstall 1.0.0.0

Unlocker 1.7.5

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update Manager

USB Tablet Driver

VBA

VideoLAN VLC media player 0.8.2

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

VMware Workstation

WampServer 2.0

WebFldrs XP

WhereIsIt? 3.73

Winamp (remove only)

Windows Live Messenger

Windows Live Sign-in Assistant

Windows XP Service Pack 3

WinSCP 4.0.6

Xara3D6

XnView 1.91.5

XoftSpy

ZendStudio-5.5.0

 

==== Event Viewer Messages From Past Week ========

 

2009-01-25 10:15:54, error: Service Control Manager [7000] - The XAMPP Service service failed to start due to the following error: The system cannot find the path specified.

2009-01-25 10:15:54, error: Service Control Manager [7000] - The Apache2.2 service failed to start due to the following error: The system cannot find the path specified.

2009-01-28 01:10:00, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

==== End Of File ===========================

[jgarcia 1]

Opa Cata,

 

Os seus logs estão limpos. Com certeza a infecção encontrada estava restrita ao pendrive. :thumbsup:

 

Abraços.

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.