[Resolvido!] PC Lento

[magalhaesrj 0]

Gostaria de ajuda para remoção de vírus

segue meu log

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:30:35, on 4/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE

C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Adobe\Adobe Photoshop CS2\Photoshop.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001

C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001

C:\Arquivos de programas\Adobe\Adobe Flash CS3\Flash.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fxmanager.canalfx.tv:8080/tkt_fox/j...jsp?language=pt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

O2 - BHO: (no name) - {03E9E33F-6469-4205-A67D-25110AC44806} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {F2536368-B7D7-4396-B369-6615FC72CE76} - (no file)

O2 - BHO: (no name) - {F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [5836ecee] rundll32.exe "C:\WINDOWS\system32\pfmtcmdk.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8DC99E-352F-4109-ABE5-DC9B6F7973AA}: NameServer = 200.149.55.142 200.165.132.154

O20 - AppInit_DLLs: vchdwo.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 10742 bytes

[PedroN 1]

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

• Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

• Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

• Aguarde a conclusão!

• Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

[magalhaesrj 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:44:11, on 4/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fxmanager.fxbrasil.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: (no name) - {03E9E33F-6469-4205-A67D-25110AC44806} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {F2536368-B7D7-4396-B369-6615FC72CE76} - (no file)

O2 - BHO: (no name) - {F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [5836ecee] rundll32.exe "C:\WINDOWS\system32\pfmtcmdk.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8DC99E-352F-4109-ABE5-DC9B6F7973AA}: NameServer = 200.149.55.142 200.165.132.154

O20 - AppInit_DLLs: vchdwo.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9564 bytes

 

 

------------------------------------------------

 

 

 

 

ComboFix 09-01-02.01 - Administrador 2009-01-04 23:19:45.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1791.1150 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\BM5b05df72.txt

c:\windows\BM5b05df72.xml

c:\windows\system32\cpsutvmd.ini

c:\windows\system32\csfjspeo.ini

c:\windows\system32\iwubvghw.ini

c:\windows\system32\kdmctmfp.ini

c:\windows\system32\omuucnbk.ini

c:\windows\system32\QtEdLRqr.ini

c:\windows\system32\QtEdLRqr.ini2

c:\windows\system32\vkddhiap.ini

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-05 to 2009-01-05 ))))))))))))))))))))))))))))

.

 

2009-01-03 10:45 . 2009-01-03 10:45 <DIR> d-------- c:\arquivos de programas\Microsoft Office Outlook Connector

2009-01-03 10:43 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys

2009-01-03 10:40 . 2009-01-03 10:40 <DIR> d-------- c:\arquivos de programas\Microsoft Sync Framework

2009-01-03 10:35 . 2009-01-03 10:35 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive

2008-12-26 13:55 . 2008-10-03 08:16 247,326 --------- c:\windows\system32\DllCache\strmdll.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-03 12:45 --------- d-----w c:\arquivos de programas\Microsoft

2009-01-03 12:43 --------- d-----w c:\arquivos de programas\Windows Live

2009-01-03 12:33 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2008-12-28 23:47 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\U3

2008-12-28 00:07 --------- d-----w c:\arquivos de programas\eMule

2008-12-26 15:41 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Corel

2008-12-26 15:41 --------- d-----w c:\arquivos de programas\Corel

2008-12-26 15:40 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Corel

2008-12-26 15:26 88 --sh--r c:\documents and settings\All Users\Dados de aplicativos\67876D54BA.sys

2008-12-26 15:26 3,140 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-12-05 01:03 308,072 ----a-w c:\windows\WLXPGSS.SCR

2008-11-17 14:14 7 ----a-w c:\documents and settings\Administrador\Dados de aplicativos\momento_log.dat

2008-11-17 14:12 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\D-Book

2008-11-17 14:11 --------- d-----w c:\arquivos de programas\Digipix D-Book

2008-11-15 22:59 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2008-11-15 22:25 --------- d-----w c:\arquivos de programas\Windows Media Components

2008-10-19 00:49 98,304 ----a-w c:\windows\system32CmdLineExt.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]

"H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-12-06 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]

"fssui"="c:\arquivos de programas\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=vchdwo.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Autodesk\\backburner\\monitor.exe"=

"c:\\Arquivos de programas\\Autodesk\\backburner\\manager.exe"=

"c:\\Arquivos de programas\\Autodesk\\backburner\\server.exe"=

"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Arquivos de programas\\Autodesk\\3ds Max 2009\\3dsmax.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10064:TCP"= 10064:TCP:BitComet 10064 TCP

"10064:UDP"= 10064:UDP:BitComet 10064 UDP

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-03 55136]

R4 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]

R4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]

R4 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

S3 cpuz129;cpuz129;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-117609710-725345543-500.job

- c:\documents and settings\Administrador\Configura []

 

2008-08-10 c:\windows\Tasks\McDefragTask.job

- c:\arquiv~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

 

2008-11-01 c:\windows\Tasks\McQcTask.job

- c:\arquiv~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{03E9E33F-6469-4205-A67D-25110AC44806} - (no file)

BHO-{F2536368-B7D7-4396-B369-6615FC72CE76} - (no file)

BHO-{F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no file)

HKLM-Run-5836ecee - c:\windows\system32\pfmtcmdk.dll

HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://fxmanager.fxbrasil.uol.com.br/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Baixar link usando &BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ig

FF - component: c:\arquivos de programas\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava11.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava12.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava13.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava14.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava32.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJPI150_05.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPOJI610.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.2.133.33\npGoogleOneClick7.dll

 

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-04 23:25:34

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquiv~1\MICROS~4\rapimgr.exe

c:\arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquiv~1\McAfee\MSC\mcmscsvc.exe

c:\arquiv~1\ARQUIV~1\McAfee\MNA\McNASvc.exe

c:\arquiv~1\ARQUIV~1\McAfee\McProxy\McProxy.exe

c:\arquiv~1\McAfee\VIRUSS~1\Mcshield.exe

c:\arquivos de programas\McAfee\MPF\MpfSrv.exe

c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\arquivos de programas\Windows Live\Contacts\wlcomm.exe

c:\arquiv~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\arquivos de programas\Mozilla Firefox\firefox.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-01-04 23:28:50 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-01-05 01:28:43

 

PrÚ-execuþÒo: 13 pasta(s) 62.859.395.072 bytes disponíveis

Pós execução: 13 pasta(s) 62,894,850,048 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

197 --- E O F --- 2009-01-03 12:33:57

[PedroN 1]

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

G:\LaunchU3.exe -a

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-117609710-725345543-500.job

c:\windows\Tasks\McDefragTask.job

c:\windows\Tasks\McQcTask.job

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

 

 

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.

[magalhaesrj 0]

Segue os logs

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:38:47, on 6/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

c:\ARQUIV~1\mcafee\msc\mcuimgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe

C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fxmanager.fxbrasil.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: (no name) - {03E9E33F-6469-4205-A67D-25110AC44806} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {F2536368-B7D7-4396-B369-6615FC72CE76} - (no file)

O2 - BHO: (no name) - {F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [5836ecee] rundll32.exe "C:\WINDOWS\system32\pfmtcmdk.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8DC99E-352F-4109-ABE5-DC9B6F7973AA}: NameServer = 200.149.55.142 200.165.132.154

O20 - AppInit_DLLs: vchdwo.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9693 bytes

 

 

---------------------------------------------------------------------------------------

 

 

ComboFix 09-01-02.01 - Administrador 2009-01-05 17:20:42.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1791.1351 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

 

 

FILE ::

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-117609710-725345543-500.job

c:\windows\Tasks\McDefragTask.job

c:\windows\Tasks\McQcTask.job

G:\LaunchU3.exe -a

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-117609710-725345543-500.job

c:\windows\Tasks\McDefragTask.job

c:\windows\Tasks\McQcTask.job

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-05 to 2009-01-05 ))))))))))))))))))))))))))))

.

 

2009-01-04 23:39 . 2009-01-04 23:39 <DIR> d-------- c:\windows\system32\xircom

2009-01-04 23:39 . 2009-01-04 23:39 <DIR> d-------- c:\windows\system32\oobe

2009-01-04 23:39 . 2009-01-04 23:39 <DIR> d-------- c:\arquivos de programas\microsoft frontpage

2009-01-03 10:45 . 2009-01-03 10:45 <DIR> d-------- c:\arquivos de programas\Microsoft Office Outlook Connector

2009-01-03 10:43 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys

2009-01-03 10:40 . 2009-01-03 10:40 <DIR> d-------- c:\arquivos de programas\Microsoft Sync Framework

2009-01-03 10:35 . 2009-01-03 10:35 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive

2008-12-26 13:55 . 2008-10-03 08:16 247,326 --------- c:\windows\system32\DllCache\strmdll.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-03 12:45 --------- d-----w c:\arquivos de programas\Microsoft

2009-01-03 12:43 --------- d-----w c:\arquivos de programas\Windows Live

2009-01-03 12:33 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2008-12-28 23:47 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\U3

2008-12-28 00:07 --------- d-----w c:\arquivos de programas\eMule

2008-12-26 15:41 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Corel

2008-12-26 15:41 --------- d-----w c:\arquivos de programas\Corel

2008-12-26 15:40 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Corel

2008-12-26 15:26 88 --sh--r c:\documents and settings\All Users\Dados de aplicativos\67876D54BA.sys

2008-12-26 15:26 3,140 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-12-12 17:35 3,081,216 ------w c:\windows\system32\DllCache\mshtml.dll

2008-12-05 01:03 308,072 ----a-w c:\windows\WLXPGSS.SCR

2008-12-03 00:37 49,480 ----a-w c:\windows\system32\sirenacm.dll

2008-11-17 14:14 7 ----a-w c:\documents and settings\Administrador\Dados de aplicativos\momento_log.dat

2008-11-17 14:12 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\D-Book

2008-11-17 14:11 --------- d-----w c:\arquivos de programas\Digipix D-Book

2008-11-15 22:59 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2008-11-15 22:25 --------- d-----w c:\arquivos de programas\Windows Media Components

2008-10-24 11:25 455,936 ------w c:\windows\system32\DllCache\mrxsmb.sys

2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 13:00 283,648 ------w c:\windows\system32\DllCache\gdi32.dll

2008-10-19 00:49 98,304 ----a-w c:\windows\system32CmdLineExt.dll

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 16:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 16:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-15 16:59 332,800 ------w c:\windows\system32\DllCache\netapi32.dll

2008-10-15 09:45 18,432 ------w c:\windows\system32\DllCache\iedw.exe

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-04_23.27.10.93 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-05 00:51:43 16,384 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2009-01-05 19:13:11 16,384 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

- 2009-01-05 00:51:43 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-01-05 19:13:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2009-01-04 11:34:18 66,486 ----a-w c:\windows\system32\perfc009.dat

+ 2009-01-05 01:29:47 66,486 ----a-w c:\windows\system32\perfc009.dat

- 2009-01-04 11:34:18 75,100 ----a-w c:\windows\system32\perfc016.dat

+ 2009-01-05 01:29:47 75,100 ----a-w c:\windows\system32\perfc016.dat

- 2009-01-04 11:34:18 429,788 ----a-w c:\windows\system32\perfh009.dat

+ 2009-01-05 01:29:47 429,788 ----a-w c:\windows\system32\perfh009.dat

- 2009-01-04 11:34:18 462,738 ----a-w c:\windows\system32\perfh016.dat

+ 2009-01-05 01:29:47 462,738 ----a-w c:\windows\system32\perfh016.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]

"H/PC Connection Agent"="c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-12-06 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]

"fssui"="c:\arquivos de programas\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]

"5836ecee"="c:\windows\system32\pfmtcmdk.dll" [bU]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=vchdwo.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Autodesk\\backburner\\monitor.exe"=

"c:\\Arquivos de programas\\Autodesk\\backburner\\manager.exe"=

"c:\\Arquivos de programas\\Autodesk\\backburner\\server.exe"=

"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Arquivos de programas\\Autodesk\\3ds Max 2009\\3dsmax.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10064:TCP"= 10064:TCP:BitComet 10064 TCP

"10064:UDP"= 10064:UDP:BitComet 10064 UDP

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-03 55136]

R4 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]

R4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\arquivos de programas\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]

R4 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

S3 cpuz129;cpuz129;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{03E9E33F-6469-4205-A67D-25110AC44806} - (no file)

BHO-{F2536368-B7D7-4396-B369-6615FC72CE76} - (no file)

BHO-{F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no file)

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://fxmanager.fxbrasil.uol.com.br/

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Baixar link usando &BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm

IE: Baixar todos os links usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

IE: Baixar todos os vídeos usando BitComet - c:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ig

FF - component: c:\arquivos de programas\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\czptrk7r.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava11.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava12.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava13.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava14.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava32.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJPI150_05.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPOJI610.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.2.133.33\npGoogleOneClick7.dll

 

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-05 17:22:35

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-01-05 17:24:04

ComboFix-quarantined-files.txt 2009-01-05 19:23:54

ComboFix2.txt 2009-01-05 01:28:53

 

Pré-execução: 13 pasta(s) 64.575.733.760 bytes disponíveis

Pós execução: 13 pasta(s) 64,565,747,712 bytes disponíveis

 

194 --- E O F --- 2009-01-03 12:33:57

 

-----------------------------------------------------------------------------------------------------------

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Tuesday, January 6, 2009

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Monday, January 05, 2009 18:07:48

Records in database: 1564760

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

I:\

 

Scan statistics:

Files scanned: 165380

Threat name: 2

Infected objects: 2

Suspicious objects: 0

Duration of the scan: 03:59:19

 

 

File name / Threat name / Threats count

C:\Downloads\130.osCommerce.Templates.zip Infected: Trojan-Dropper.Win32.Delf.agp 1

C:\Downloads\130.osCommerce.Templates.zip Infected: Hoax.Win32.Agent.s 1

 

The selected area was scanned.

[PedroN 1]

Faça o download SmitfraudFix

 

Você deve imprimir estas instruções, ou copiá-las para um arquivo Bloco de notas para a leitura, enquanto no modo de segurança, porque você não será capaz de se conectar à Internet para ler a partir deste site.

 

Por favor, reinicie o seu computador no Modo de Segurança, faça o seguinte:

 

• Reinicie o computador

• Depois de ouvir o seu computador apitar uma vez durante a inicialização, mas antes do Windows ícone aparece, toque na tecla F8 continuamente;

• Em vez de carregar o Windows como normal, um menu com opções deverá aparecer;

• Selecione a primeira opção, para executar o Windows no Modo de Segurança e, em seguida, pressione "Enter".

• Escolha o seu habitual conta.

 

Uma vez em modo de segurança, dê um duplo clique SmitfraudFix.exe.

Selecione a opção # 2 - Limpeza, digitando 2 e pressione "Enter" para apagar arquivos infectados.

 

Você será perguntado: "Registro limpeza - Você deseja limpar o registro?"; Responder "Sim", digitando Y e pressione "Enter", a fim de remover o fundo desktop e limpar registro chaves associados à infecção.

 

A ferramenta pode precisar reiniciar o computador para concluir o processo de limpeza, se não, por favor reinicie o Windows normal qualquer maneira. um arquivo de texto irár aparecer na tela, com os resultados dos processos de limpeza, copie / cole o conteúdo do SmitfraudFix relatório em sua próxima resposta, juntamente com um novo log HijackThis. O relatório também pode ser encontrado na raiz da unidade do sistema, normalmente em C: \ rapport.txt.

[magalhaesrj 0]

Segue os logs

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:57:09, on 6/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2

 

(6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de

 

programas\Java\jre1.5.0_05\bin\jusched.exe

C:\Arquivos de

 

programas\McAfee.com\Agent\mcagent.exe

C:\Arquivos de programas\Analog

 

Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows

 

Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Microsoft

 

ActiveSync\wcescomm.exe

C:\Arquivos de programas\Spybot - Search &

 

Destroy\TeaTimer.exe

C:\Documents and

 

Settings\Administrador\Configurações

 

locais\Dados de

 

aplicativos\Google\Update\GoogleUpdate.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\Arquivos de

 

programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\

 

mscorsvw.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.ex

 

e

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\Analog

 

Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol

 

120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows

 

Live\Contacts\wlcomm.exe

C:\Documents and

 

Settings\Administrador\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet

 

Explorer\Main,Start Page =

 

http://fxmanager.fxbrasil.uol.com.br/

R1 -

 

HKCU\Software\Microsoft\Windows\CurrentVersion

 

\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) -

 

{03E9E33F-6469-4205-A67D-25110AC44806} - (no

 

file)

O2 - BHO: Spybot-S&D IE Protection -

 

{53707962-6F74-2D53-2644-206D7942484F} -

 

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) -

 

{F2536368-B7D7-4396-B369-6615FC72CE76} - (no

 

file)

O2 - BHO: (no name) -

 

{F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no

 

file)

O4 - HKLM\..\Run: [sunJavaUpdateSched]

 

C:\Arquivos de

 

programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck]

 

C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de

 

programas\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de

 

programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [5836ecee] rundll32.exe

 

"C:\WINDOWS\system32\pfmtcmdk.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE]

 

C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de

 

programas\Windows Live\Messenger\MsnMsgr.Exe"

 

/background

O4 - HKCU\..\Run: [H/PC Connection Agent]

 

"C:\Arquivos de programas\Microsoft

 

ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [AlcoholAutomount]

 

"C:\Arquivos de programas\Alcohol Soft\Alcohol

 

120\axcmd.exe" /automount

O4 - HKCU\..\Run: [spybotSD TeaTimer]

 

C:\Arquivos de programas\Spybot - Search &

 

Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite]

 

"C:\Arquivos de programas\DAEMON Tools

 

Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update]

 

"C:\Documents and

 

Settings\Administrador\Configurações

 

locais\Dados de

 

aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

 

C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe

 

/C move /Y

 

"%SystemRoot%\System32\syssetub.dll"

 

"%SystemRoot%\System32\syssetup.dll" (User

 

'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

 

C:\WINDOWS\system32\CTFMON.EXE (User 'Default

 

user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe

 

/C move /Y

 

"%SystemRoot%\System32\syssetub.dll"

 

"%SystemRoot%\System32\syssetup.dll" (User

 

'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de

 

programas\Arquivos

 

comuns\Adobe\Calibration\Adobe Gamma

 

Loader.exe

O4 - Global Startup: Adobe Reader Speed

 

Launch.lnk = C:\Arquivos de

 

programas\Adobe\Acrobat

 

7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Baixar link

 

usando &BitComet - res://C:\Arquivos de

 

programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os

 

links usando BitComet - res://C:\Arquivos de

 

programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os

 

vídeos usando BitComet - res://C:\Arquivos de

 

programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o

 

Microsoft Excel -

 

res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/

 

3000

O9 - Extra button: (no name) -

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Arquivos de

 

programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console

 

- {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Arquivos de

 

programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Create Mobile Favorite -

 

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

 

C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) -

 

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

 

C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito

 

Móvel... -

 

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

 

C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: Research -

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

 

C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet -

 

{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -

 

res://C:\Arquivos de

 

programas\BitComet\tools\BitCometBHO_1.2.8.7.d

 

ll/206 (file missing)

O9 - Extra button: (no name) -

 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

 

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search &

 

Destroy Configuration -

 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

 

C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF:

 

SEARCH_PAGE_URL=&http://home.microsoft.com/int

 

l/br/access/allinone.asp

O14 - IERESET.INF:

 

START_PAGE_URL=http://www.compartilhando.org/

O20 - AppInit_DLLs: vchdwo.dll

O23 - Service: Adobe LM Service - Adobe

 

Systems - C:\Arquivos de programas\Arquivos

 

comuns\Adobe Systems

 

Shared\Service\Adobelmsvc.exe

O23 - Service:

 

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879

 

762## (Bonjour Service) - Apple Computer, Inc.

 

- C:\Arquivos de

 

programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service -

 

Macrovision Europe Ltd. - C:\Arquivos de

 

programas\Arquivos comuns\Macrovision

 

Shared\FLEXnet

 

Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager

 

(IDriverT) - Macrovision Corporation -

 

C:\Arquivos de programas\Arquivos

 

comuns\InstallShield\Driver\11\Intel

 

32\IDriverT.exe

O23 - Service: Macromedia Licensing Service -

 

Unknown owner - C:\Arquivos de

 

programas\Arquivos comuns\Macromedia

 

Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Services (mcmscsvc) -

 

McAfee, Inc. -

 

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc)

 

- McAfee, Inc. -

 

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) -

 

McAfee, Inc. -

 

C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy)

 

- McAfee, Inc. -

 

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.ex

 

e

O23 - Service: McAfee Real-time Scanner

 

(McShield) - McAfee, Inc. -

 

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon)

 

- McAfee, Inc. -

 

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall

 

Service (MpfService) - McAfee, Inc. -

 

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: SoundMAX Agent Service

 

(SoundMAX Agent Service (default)) - Analog

 

Devices, Inc. - C:\Arquivos de

 

programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service

 

(StarWindServiceAE) - Rocket Division Software

 

- C:\Arquivos de programas\Alcohol

 

Soft\Alcohol

 

120\StarWind\StarWindServiceAE.exe

 

--

End of file - 7932 bytes

 

------------------------------------------------------------------------------------------------

 

SmitFraudFix v2.388

 

Scan done at 19:46:02,79, ter 06/01/2009

Run from C:\Documents and Settings\Administrador\Desktop\SmitfraudFix

OS: Microsoft Windows XP [versÆo 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

 

Agent.OMZ.Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

[PedroN 1]

- Faça um novo scan online com o kaspersky

[magalhaesrj 0]

Segue o log

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Thursday, January 8, 2009

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Thursday, January 08, 2009 00:24:06

Records in database: 1582621

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

I:\

 

Scan statistics:

Files scanned: 161147

Threat name: 2

Infected objects: 2

Suspicious objects: 0

Duration of the scan: 02:11:34

 

 

File name / Threat name / Threats count

C:\RECYCLER\S-1-5-21-606747145-117609710-725345543-500\Dc1.zip Infected: Trojan-Dropper.Win32.Delf.agp 1

C:\RECYCLER\S-1-5-21-606747145-117609710-725345543-500\Dc1.zip Infected: Hoax.Win32.Agent.s 1

 

The selected area was scanned.

[PedroN 1]

Esvazei a lixeira, no mais seu log estar limpo.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Clique em Salvar e quando terminado o download, faça a instalação;

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados.

[magalhaesrj 0]

Pronto , mas ainda aparece uma mensagem quando eu inicio o PC, o que seria isso?

 

[PedroN 1]

Poste um novo log do hijackthis

[magalhaesrj 0]

Segue

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:47:32, on 8/1/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\ARQUIV~1\MICROS~4\rapimgr.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\~e5d141.tmp

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\~e5d141.tmp

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrador\Desktop\Programas para remover virus\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fxmanager.fxbrasil.uol.com.br/

O2 - BHO: (no name) - {03E9E33F-6469-4205-A67D-25110AC44806} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {F2536368-B7D7-4396-B369-6615FC72CE76} - (no file)

O2 - BHO: (no name) - {F2663E14-A513-46BC-95C7-01BFBBE831CF} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [5836ecee] rundll32.exe "C:\WINDOWS\system32\pfmtcmdk.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MICROS~4\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{0B8DC99E-352F-4109-ABE5-DC9B6F7973AA}: NameServer = 200.149.55.142 200.165.132.154

O20 - AppInit_DLLs: vchdwo.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 8253 bytes

[PedroN 1]

Faça um scan online com o [url=]http://forum.messbrasil.com.br/index.php?showtopic=4452&hl=Bitdefender e poste o log do scan aqui mesmo no tópico.

[magalhaesrj 0]

Pode colocar o topico como resolvido

agradeço mais uma vez a equipe

[PedroN 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.