Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Ferptc

[Resolvido!]  - Vírus - Antivírus

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Ferptc    0

Ferptc
Postado

Olá

 

Vou explicar mais ou menos qual é o meu problema..

 

Meu pc veio com o windows vista de fábrica junto do antivirus do norton internet securty 2008...quando o periodo de validade expirou tentei colcoar outro antivirus no pc (gratuito).. para isso eu desistalei o antigo antivirus.. o que ocorreu foi que não sei se eu peguei algum vírus no caminho (no tempo que eu fiquei sem antivirus) que modificou algo ou se é problema de algo ter 'sobrado' do antigo antivirus.

 

Pois bem, toda vez que eu instalo um antivirus, e ele está ATIVO a internet não funciona... é bloqueada... assim como qualquer antivirus que eu baixo e pede para atualizar o banco de dados eu não consigo atualizar.. como se algum firewall bloqueasse estas atividades.

 

Eu tentei também baixar um video do youtube pelo Vdownloader.. e apareceu a seguinte mensagem "Socket error #10061 Connection refused."

 

Novamente a internet não funciona... já tentei muitas coisas para encontrar algum problema de firewall e nada funcionou.

 

Outro problema:

 

Quando abro o msn sempre o internet explorer abre e mostra telas de spams e afins... normalmente do site "http://ad.yieldmanager.com" com um link imenso.

 

Conto com a vossa ajuda, e desde já deixo meus agradecimentos. (Preciso colocar um antivírus no computador !)

 

O log gerado pelo HijackThis é o seguinte:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:35:34, on 10/01/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [LSA Shellu] C:\Users\kurio\lsass.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 6316 bytes

 

 

 

 

Observação: Quando estava usando o HijackThis apareceu a seguinte mensagem:

 

 

"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and Type:

 

notepad C:\Windows\System32\drivers\etc\hosts

 

and press Enter. Find the line(s) HijackThis reports and delete them.

Save the file as 'hosts.' (with quotes), and reboot.

 

For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'."

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Ferptc

 

<@> Baixe: < ComboFix.exe > ( ...by sUBs )

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ferptc    0

Ferptc
Postado

O log do ComboFix é este:

 

ComboFix 09-01-10.02 - kurio 2009-01-11 2:32:24.3 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1046.18.478.152 [GMT -2:00]

Executando de: c:\users\kurio\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\msexcl35.dll

c:\windows\system32\msltus35.dll

c:\windows\system32\mspdox35.dll

c:\windows\system32\msrdo20.dll

c:\windows\system32\mstext35.dll

c:\windows\system32\msxbse35.dll

c:\windows\system32\rdocurs.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-11 to 2009-01-11 ))))))))))))))))))))))))))))

.

 

2009-01-10 15:34 . 2009-01-10 15:34 <DIR> d-------- c:\program files\Trend Micro

2009-01-10 15:15 . 2009-01-10 15:15 <DIR> d-------- c:\program files\VDOWNLOADER

2009-01-09 01:23 . 2009-01-09 01:23 <DIR> d-------- c:\program files\AVG

2008-12-22 18:27 . 2008-12-22 18:28 <DIR> d-------- c:\users\kurio\AppData\Roaming\DivX

2008-12-22 17:46 . 2008-12-22 17:46 <DIR> d-------- c:\program files\Common Files\PX Storage Engine

2008-12-14 01:14 . 2008-12-14 01:14 <DIR> d-------- c:\users\All Users\WindowsSearch

2008-12-14 01:14 . 2008-12-14 01:14 <DIR> d-------- c:\programdata\WindowsSearch

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-11 01:05 13,025 ----a-w c:\users\kurio\AppData\Roaming\nvModes.dat

2009-01-09 00:08 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-09 00:07 --------- d-----w c:\programdata\Symantec

2009-01-09 00:06 --------- d-----w c:\program files\Common Files\DVDVideoSoft

2008-12-22 19:46 --------- d-----w c:\program files\DivX

2008-12-11 01:12 --------- d-----w c:\program files\Windows Mail

2008-12-07 19:42 --------- d-----w c:\users\kurio\AppData\Roaming\gtk-2.0

2008-11-23 01:58 --------- d-----w c:\program files\Microsoft FrontPage

2008-11-23 01:55 --------- d-----w c:\users\kurio\AppData\Roaming\Microsoft Web Folders

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-09-18 02:06 174 --sha-w c:\program files\desktop.ini

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-05 136600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{66AA7857-2F32-4F11-B863-A6EA39389761}"= UDP:c:\windows\System32\WindowsAnytimeUpgrade.exe:Atualização do Windows Anytime

"{1C533AB7-4330-442B-B327-882582F49119}"= TCP:c:\windows\System32\WindowsAnytimeUpgrade.exe:Atualização do Windows Anytime

"{2002BA02-D5AA-4B84-8C6A-62FABFF300B4}"= UDP:c:\program files\HP\HP Software Update\HPWUCli.exe:Atualização HP

"{FEA882D7-1075-46FE-9E1D-2BE80FC156C3}"= TCP:c:\program files\HP\HP Software Update\HPWUCli.exe:Atualização HP

"{82A2125A-A144-4408-82B6-FDB950499996}"= UDP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:Kaspersky Anti-Virus 7.0

"{62E83A77-E873-42E3-A913-4C44E62C1270}"= TCP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:Kaspersky Anti-Virus 7.0

"{517B4D65-78B1-4A5D-AB60-6EEB9C1E5EB5}"= UDP:c:\program files\VDOWNLOADER\VDownloader.exe:VDownloader

"{6A64C35D-70BF-490D-9419-CEF2864AB23D}"= TCP:c:\program files\VDOWNLOADER\VDownloader.exe:VDownloader

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DoNotAllowExceptions"= 1 (0x1)

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20081014.001\IDSvix86.sys [2008-10-14 270384]

R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2008-10-03 37936]

S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\System32\drivers\V0060Vid.sys [2008-09-19 197632]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e50d598-d5cb-11dd-9aca-001b2455380e}]

\shell\Auto\command - F:\Start.exe

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{869f70fd-bcea-11dd-aeeb-001b2455380e}]

\shell\AutoRun\command - RavMon.exe

\shell\explore\Command - RavMon.exe -e

\shell\open\Command - RavMon.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6f5f9e3-7e8c-11dd-a033-001b2455380e}]

\shell\Auto\command - Start.exe

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-LSA Shellu - c:\users\kurio\lsass.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-11 02:36:16

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-01-11 2:38:31

ComboFix-quarantined-files.txt 2009-01-11 04:38:28

 

Pré-execução: 48.804.220.928 bytes disponíveis

Pós execução: 48,919,076,864 bytes disponíveis

 

126 --- E O F --- 2009-01-09 03:03:41

 

 

 

 

 

 

e o do HijackThis é este:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:35:34, on 10/01/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [LSA Shellu] C:\Users\kurio\lsass.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 6316 bytes

 

 

 

 

Agradeço pela atenção!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Ferptc

 

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

c:\windows\System32\drivers\symndisv.sys

F:\Start.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e50d598-d5cb-11dd-9aca-001b2455380e}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{869f70fd-bcea-11dd-aeeb-001b2455380e}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6f5f9e3-7e8c-11dd-a033-001b2455380e}]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000000

"InternetSettingsDisableNotify"=dword:00000000

"AutoUpdateDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000000

Driver::

"IDSvix86"

"CLTNetCnService"

"SYMNDISV"

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ferptc    0

Ferptc
Postado

O log do ComboFix:

 

 

 

ComboFix 09-01-10.02 - kurio 2009-01-12 3:08:13.4 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1046.18.478.152 [GMT -2:00]

Executando de: c:\users\kurio\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\kurio\Desktop\CFScript.txt

 

FILE ::

c:\windows\System32\drivers\symndisv.sys

F:\Start.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\System32\drivers\symndisv.sys

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviþos )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_IDSVIX86

-------\Legacy_SYMNDISV

-------\Service_CLTNetCnService

-------\Service_IDSvix86

-------\Service_SYMNDISV

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-12 to 2009-01-12 ))))))))))))))))))))))))))))

.

 

2009-01-10 15:34 . 2009-01-10 15:34 <DIR> d-------- c:\program files\Trend Micro

2009-01-10 15:15 . 2009-01-10 15:15 <DIR> d-------- c:\program files\VDOWNLOADER

2009-01-09 01:23 . 2009-01-09 01:23 <DIR> d-------- c:\program files\AVG

2008-12-22 18:27 . 2008-12-22 18:28 <DIR> d-------- c:\users\kurio\AppData\Roaming\DivX

2008-12-22 17:46 . 2008-12-22 17:46 <DIR> d-------- c:\program files\Common Files\PX Storage Engine

2008-12-14 01:14 . 2008-12-14 01:14 <DIR> d-------- c:\users\All Users\WindowsSearch

2008-12-14 01:14 . 2008-12-14 01:14 <DIR> d-------- c:\programdata\WindowsSearch

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-11 01:05 13,025 ----a-w c:\users\kurio\AppData\Roaming\nvModes.dat

2009-01-09 00:08 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-09 00:07 --------- d-----w c:\programdata\Symantec

2009-01-09 00:06 --------- d-----w c:\program files\Common Files\DVDVideoSoft

2008-12-22 19:46 --------- d-----w c:\program files\DivX

2008-12-11 01:12 --------- d-----w c:\program files\Windows Mail

2008-12-07 19:42 --------- d-----w c:\users\kurio\AppData\Roaming\gtk-2.0

2008-11-23 01:58 --------- d-----w c:\program files\Microsoft FrontPage

2008-11-23 01:55 --------- d-----w c:\users\kurio\AppData\Roaming\Microsoft Web Folders

2008-11-21 21:47 524,288 ----a-w c:\windows\System32\DivXsm.exe

2008-11-21 21:47 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll

2008-11-21 21:47 129,784 ------w c:\windows\System32\PxAFS.DLL

2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll

2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll

2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe

2008-11-21 21:44 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll

2008-11-05 20:03 410,976 ----a-w c:\windows\System32\deploytk.dll

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll

2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll

2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll

2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll

2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll

2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll

2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll

2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-10-16 16:08 162,064 ----a-w c:\windows\System32\wuwebv.dll

2008-10-16 15:56 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-18 02:06 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-11_ 2.37.06,17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 22:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

- 2009-01-11 04:36:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-01-12 05:14:31 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-01-12 05:14:31 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-01-11 04:35:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-12 05:14:31 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-12 05:14:31 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-01-11 04:01:14 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-01-12 04:49:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-11 04:01:14 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-12 04:49:38 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-11 04:01:14 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-12 04:49:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-11 01:07:15 10,026 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-438662606-1608187126-1426515038-1000_UserData.bin

+ 2009-01-11 17:44:47 10,026 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-438662606-1608187126-1426515038-1000_UserData.bin

- 2009-01-11 01:07:14 57,790 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-01-11 17:44:47 57,806 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-01-11 01:07:13 39,534 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-01-11 17:44:46 39,534 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-01-09 03:47:22 195,584 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-01-12 03:23:01 195,946 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-05 136600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{66AA7857-2F32-4F11-B863-A6EA39389761}"= UDP:c:\windows\System32\WindowsAnytimeUpgrade.exe:Atualização do Windows Anytime

"{1C533AB7-4330-442B-B327-882582F49119}"= TCP:c:\windows\System32\WindowsAnytimeUpgrade.exe:Atualização do Windows Anytime

"{2002BA02-D5AA-4B84-8C6A-62FABFF300B4}"= UDP:c:\program files\HP\HP Software Update\HPWUCli.exe:Atualização HP

"{FEA882D7-1075-46FE-9E1D-2BE80FC156C3}"= TCP:c:\program files\HP\HP Software Update\HPWUCli.exe:Atualização HP

"{82A2125A-A144-4408-82B6-FDB950499996}"= UDP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:Kaspersky Anti-Virus 7.0

"{62E83A77-E873-42E3-A913-4C44E62C1270}"= TCP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:Kaspersky Anti-Virus 7.0

"{517B4D65-78B1-4A5D-AB60-6EEB9C1E5EB5}"= UDP:c:\program files\VDOWNLOADER\VDownloader.exe:VDownloader

"{6A64C35D-70BF-490D-9419-CEF2864AB23D}"= TCP:c:\program files\VDOWNLOADER\VDownloader.exe:VDownloader

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DoNotAllowExceptions"= 1 (0x1)

 

S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\System32\drivers\V0060Vid.sys [2008-09-19 197632]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-12 03:14:37

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\System32\drivers\XAudio.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe

c:\windows\System32\conime.exe

c:\windows\System32\rundll32.exe

c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-01-12 3:18:56 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-01-12 05:18:48

ComboFix2.txt 2009-01-11 04:38:34

 

PrÚ-execuþÒo: 48.749.969.408 bytes disponíveis

Pós execução: 48,588,976,128 bytes disponíveis

 

172 --- E O F --- 2009-01-09 03:03:41

 

 

 

 

 

 

O log do HijackThis:

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:35:34, on 10/01/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [LSA Shellu] C:\Users\kurio\lsass.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 6316 bytes

 

 

 

 

 

Agredeço a atenção!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Ferptc

 

<@> Vá a este Link,e baixe: < Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Rápido!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

-----------------------

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ferptc    0

Ferptc
Postado

O log do mbam:

 

 

Malwarebytes' Anti-Malware 1.32

Versão do banco de dados: 1648

Windows 6.0.6001 Service Pack 1

 

13/01/2009 18:15:53

mbam-log-2009-01-13 (18-15-53).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 45931

Tempo decorrido: 3 minute(s), 37 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

 

 

o log do hijackThis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:35:34, on 10/01/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [LSA Shellu] C:\Users\kurio\lsass.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 6316 bytes

 

 

 

 

Agradeço pela atenção!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Ferptc

 

<@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas.

<@> Salve-as,no desktop,como: CFScript <-- Texto!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

File::

C:\Users\kurio\lsass.exe

Folder::

c:\programdata\Symantec

Driver::

"CLTNetCnService"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Arraste o CFScript.txt,para o ícone do ComboFix.

<@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe.

<@> Terminando,poste: ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ferptc    0

Ferptc
Postado

O Log do ComboFix:

 

 

 

 

ComboFix 09-01-13.04 - kurio 2009-01-14 9:36:45.5 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1046.18.478.149 [GMT -2:00]

Executando de: c:\users\kurio\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\kurio\Desktop\CFScript.txt

AV: Norton Internet Security *On-access scanning disabled* (Outdated)

FW: Norton Internet Security *disabled*

 

FILE ::

c:\users\kurio\lsass.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\CATALOG.DAT

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\IDS9xx86.dll

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\IDSVia64.cat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\IDSVia64.INF

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\IDSviA64.sys

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\IDSVix86.cat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\IDSVix86.INF

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\IDSvix86.sys

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\IDSxpx86.dll

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\Metadata.dat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\sigs.dat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\SymIDSCo.sys

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\SymIDSCo.vxd

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\SymIDSI.dll

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\v.grd

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\v.sig

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\VIRSCAN1.DAT

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081009.001\zdone.dat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\CATALOG.DAT

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\IDS9xx86.dll

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\IDSVia64.cat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\IDSVia64.INF

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\IDSviA64.sys

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\IDSVix86.cat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\IDSVix86.INF

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\IDSvix86.sys

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\IDSxpx86.dll

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\Metadata.dat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\sigs.dat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\SymIDSCo.sys

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\SymIDSCo.vxd

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\SymIDSI.dll

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\v.grd

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\v.sig

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\VIRSCAN1.DAT

c:\programdata\Symantec\Definitions\SymcData\idsdefs\20081014.001\zdone.dat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\catalog.dat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\ids9xx86.dll

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSVia64.cat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSVia64.inf

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSviA64.sys

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSVix86.CAT

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSVix86.INF

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSvix86.sys

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\idsxpx86.dll

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\metadata.dat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\sigs.dat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\symidsco.sys

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\symidsco.vxd

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\SymIDSI.dll

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\v.grd

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\v.sig

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\virscan1.dat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\BinHub\zdone.dat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\definfo.dat

c:\programdata\Symantec\Definitions\SymcData\idsdefs\usage.dat

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\CATALOG.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\CCERASER.DLL

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\ECBOOTIL.VXD

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\ECMSVR32.DLL

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\EECTRL.SYS

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\ERASER.GRD

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\ERASER.SIG

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\ERASER.SPM

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\ERASER.SYS

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\ESRDEF.BIN

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\HH

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\NAVENG.EXP

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\NAVENG.SYS

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\NAVENG.VXD

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\NAVENG32.DLL

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\NAVEX15.EXP

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\NAVEX15.SYS

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\NAVEX15.VXD

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\NAVEX32A.DLL

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\NCSACERT.TXT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\SCRAUTH.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\SYMAVENG.CAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\SYMAVENG.INF

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\SYMERASE.CAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\SYMERASE.INF

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\TCDEFS.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\TCSCAN7.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\TCSCAN8.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\TCSCAN9.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\TECHNOTE.TXT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\TINF.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\TINFIDX.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\TINFL.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\TSCAN1.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\TSCAN1HD.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\V.GRD

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\V.SIG

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\VIRSCAN.INF

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\VIRSCAN1.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\VIRSCAN2.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\VIRSCAN3.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\VIRSCAN4.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\VIRSCAN5.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\VIRSCAN6.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\VIRSCAN7.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\VIRSCAN8.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\VIRSCAN9.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\VIRSCANT.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\WHATSNEW.TXT

c:\programdata\Symantec\Definitions\VirusDefs\20081009.003\ZDONE.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\CATALOG.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\CCERASER.DLL

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\ECBOOTIL.VXD

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\ECMSVR32.DLL

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\EECTRL.SYS

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\ERASER.GRD

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\ERASER.SIG

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\ERASER.SPM

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\ERASER.SYS

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\ESRDEF.BIN

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\HH

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\NAVENG.EXP

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\NAVENG.SYS

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\NAVENG.VXD

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\NAVENG32.DLL

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\NAVEX15.EXP

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\NAVEX15.SYS

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\NAVEX15.VXD

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\NAVEX32A.DLL

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\NCSACERT.TXT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\SCRAUTH.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\SYMAVENG.CAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\SYMAVENG.INF

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\SYMERASE.CAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\SYMERASE.INF

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\TCDEFS.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\TCSCAN7.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\TCSCAN8.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\TCSCAN9.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\TECHNOTE.TXT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\TINF.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\TINFIDX.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\TINFL.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\TSCAN1.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\TSCAN1HD.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\V.GRD

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\V.SIG

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\VIRSCAN.INF

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\VIRSCAN1.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\VIRSCAN2.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\VIRSCAN3.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\VIRSCAN4.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\VIRSCAN5.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\VIRSCAN6.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\VIRSCAN7.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\VIRSCAN8.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\VIRSCAN9.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\VIRSCANT.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\WHATSNEW.TXT

c:\programdata\Symantec\Definitions\VirusDefs\20081020.003\ZDONE.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\CATALOG.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\CCERASER.DLL

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\ECBOOTIL.VXD

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\ECMSVR32.DLL

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\EECTRL.SYS

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\ERASER.GRD

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\ERASER.SIG

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\ERASER.SPM

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\ERASER.SYS

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\ESRDEF.BIN

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\HH

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\NAVENG.EXP

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\NAVENG.SYS

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\NAVENG.VXD

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\NAVENG32.DLL

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\NAVEX15.EXP

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\NAVEX15.SYS

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\NAVEX15.VXD

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\NAVEX32A.DLL

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\NCSACERT.TXT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\SCRAUTH.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\SYMAVENG.CAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\SYMAVENG.INF

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\SYMERASE.CAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\SYMERASE.INF

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\TCDEFS.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\TCSCAN7.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\TCSCAN8.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\TCSCAN9.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\TECHNOTE.TXT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\TINF.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\TINFIDX.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\TINFL.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\TSCAN1.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\TSCAN1HD.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\V.GRD

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\V.SIG

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\VIRSCAN.INF

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\VIRSCAN1.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\VIRSCAN2.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\VIRSCAN3.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\VIRSCAN4.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\VIRSCAN5.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\VIRSCAN6.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\VIRSCAN7.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\VIRSCAN8.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\VIRSCAN9.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\VIRSCANT.DAT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\WHATSNEW.TXT

c:\programdata\Symantec\Definitions\VirusDefs\20081021.003\ZDONE.DAT

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\catalog.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.grd

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sig

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.spm

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\esrdef.bin

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\hh

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ncsacert.txt

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\scrauth.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\symaveng.cat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\symaveng.inf

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\SymErase.cat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\SymErase.inf

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\tcdefs.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\tcscan7.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\tcscan8.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\tcscan9.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\technote.txt

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\tinf.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\tinfidx.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\tinfl.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\tscan1.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\tscan1hd.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\v.grd

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\v.sig

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\virscan.inf

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\virscan1.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\virscan2.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\virscan3.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\virscan4.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\virscan5.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\virscan6.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\virscan7.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\virscan8.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\virscan9.dat

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\VIRSCANT.DAT

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\whatsnew.txt

c:\programdata\Symantec\Definitions\VirusDefs\BinHub\zdone.dat

c:\programdata\Symantec\Definitions\VirusDefs\definfo.dat

c:\programdata\Symantec\Definitions\VirusDefs\TextHub\virscant.dat

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\cur.scr

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\nco.dis

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\sesmv32i.dis

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\TCDEFS.999

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\TCSCAN7.998

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\TCSCAN8.997

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\TCSCAN9.996

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\TINF.995

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\TINFL.994

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\TSCAN1.993

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\V.991

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\V.992

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\VIRSCAN1.990

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\VIRSCAN2.989

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\VIRSCAN3.988

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\VIRSCAN4.987

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\VIRSCAN5.986

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\VIRSCAN6.985

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\VIRSCAN7.984

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\VIRSCAN8.983

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\VIRSCAN9.982

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\virscant.dat

c:\programdata\Symantec\Definitions\VirusDefs\tmp31a6.tmp\WHATSNEW.981

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\cur.scr

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\ESRDEF.999

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\nco.dis

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\sesmv32i.dis

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\TCDEFS.998

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\TCSCAN7.997

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\TCSCAN8.996

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\TCSCAN9.995

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\TINF.994

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\TINFL.993

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\TSCAN1.992

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\V.990

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\V.991

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\VIRSCAN1.989

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\VIRSCAN2.988

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\VIRSCAN3.987

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\VIRSCAN4.986

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\VIRSCAN5.985

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\VIRSCAN6.984

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\VIRSCAN7.983

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\VIRSCAN8.982

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\VIRSCAN9.981

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\virscant.dat

c:\programdata\Symantec\Definitions\VirusDefs\tmp446b.tmp\WHATSNEW.980

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\cur.scr

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\ESRDEF.999

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\nco.dis

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\sesmv32i.dis

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\TCDEFS.998

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\TCSCAN7.997

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\TCSCAN8.996

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\TCSCAN9.995

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\TINF.994

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\TINFL.993

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\TSCAN1.992

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\V.990

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\V.991

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\VIRSCAN.989

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\VIRSCAN1.988

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\VIRSCAN2.987

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\VIRSCAN3.986

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\VIRSCAN4.985

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\VIRSCAN5.984

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\VIRSCAN6.983

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\VIRSCAN7.982

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\VIRSCAN8.981

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\VIRSCAN9.980

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\virscant.dat

c:\programdata\Symantec\Definitions\VirusDefs\tmpd04.tmp\WHATSNEW.979

c:\programdata\Symantec\Definitions\VirusDefs\usage.dat

c:\programdata\Symantec\IDS\IDSSettg.BAK

c:\programdata\Symantec\IDS\IDSSettg.dat

c:\programdata\Symantec\LiveUpdate\Product.Inventory.LiveUpdate

c:\programdata\Symantec\LiveUpdate\Settings.LiveUpdate

c:\programdata\Symantec\rmt.dat

c:\programdata\Symantec\SRTSP\SrtErEvt.log

c:\programdata\Symantec\SRTSP\SrtMoEvt.log

c:\programdata\Symantec\SRTSP\SrtNvEvt.log

c:\programdata\Symantec\SRTSP\SrtScEvt.log

c:\programdata\Symantec\SRTSP\SRTSPSE.DAT

c:\programdata\Symantec\SRTSP\SRTSPSO.DAT

c:\programdata\Symantec\SRTSP\SRTSPSP.DAT

c:\programdata\Symantec\SRTSP\SrtTxFEvt.log

c:\programdata\Symantec\SRTSP\SrtViEvt.log

c:\programdata\Symantec\SymNetDrv\Default.rul

c:\programdata\Symantec\SymNetDrv\Firewall.BAK

c:\programdata\Symantec\SymNetDrv\Firewall.rul

c:\programdata\Symantec\SymNetDrv\LocationMap.dat

c:\programdata\Symantec\SymNetDrv\Persist.BAK

c:\programdata\Symantec\SymNetDrv\Persist.Dat

c:\programdata\Symantec\SymNetDrv\SNDALRT.log

c:\programdata\Symantec\SymNetDrv\SNDCON.log

c:\programdata\Symantec\SymNetDrv\SNDDBG.log

c:\programdata\Symantec\SymNetDrv\SNDFW.log

c:\programdata\Symantec\SymNetDrv\SNDIDS.log

c:\programdata\Symantec\SymNetDrv\SNDSYS.log

c:\programdata\Symantec\SymNetDrv\TModule.Dat

c:\programdata\Symantec\SymNetDrv\TParent.Dat

c:\programdata\Symantec\wds.dat

c:\programdata\Symantec . . . . falha na exclusão

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-14 to 2009-01-14 ))))))))))))))))))))))))))))

.

 

2009-01-13 18:11 . 2009-01-13 18:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-13 18:11 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-01-13 18:11 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-01-10 15:34 . 2009-01-10 15:34 <DIR> d-------- c:\program files\Trend Micro

2009-01-10 15:15 . 2009-01-10 15:15 <DIR> d-------- c:\program files\VDOWNLOADER

2009-01-09 01:23 . 2009-01-09 01:23 <DIR> d-------- c:\program files\AVG

2008-12-22 18:27 . 2008-12-22 18:28 <DIR> d-------- c:\users\kurio\AppData\Roaming\DivX

2008-12-22 17:46 . 2008-12-22 17:46 <DIR> d-------- c:\program files\Common Files\PX Storage Engine

2008-12-14 01:14 . 2008-12-14 01:14 <DIR> d-------- c:\users\All Users\WindowsSearch

2008-12-14 01:14 . 2008-12-14 01:14 <DIR> d-------- c:\programdata\WindowsSearch

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-14 11:37 --------- d-----w c:\programdata\Symantec

2009-01-11 01:05 13,025 ----a-w c:\users\kurio\AppData\Roaming\nvModes.dat

2009-01-09 00:08 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-09 00:06 --------- d-----w c:\program files\Common Files\DVDVideoSoft

2008-12-22 19:46 --------- d-----w c:\program files\DivX

2008-12-11 01:12 --------- d-----w c:\program files\Windows Mail

2008-12-07 19:42 --------- d-----w c:\users\kurio\AppData\Roaming\gtk-2.0

2008-11-23 01:58 --------- d-----w c:\program files\Microsoft FrontPage

2008-11-23 01:55 --------- d-----w c:\users\kurio\AppData\Roaming\Microsoft Web Folders

2008-11-21 21:47 524,288 ----a-w c:\windows\System32\DivXsm.exe

2008-11-21 21:47 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll

2008-11-21 21:47 129,784 ------w c:\windows\System32\PxAFS.DLL

2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll

2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll

2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe

2008-11-21 21:44 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll

2008-11-05 20:03 410,976 ----a-w c:\windows\System32\deploytk.dll

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll

2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll

2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll

2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll

2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll

2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll

2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe

2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll

2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll

2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll

2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll

2008-10-16 16:08 162,064 ----a-w c:\windows\System32\wuwebv.dll

2008-10-16 15:56 31,232 ----a-w c:\windows\System32\wuapp.exe

2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll

2008-09-18 02:06 174 --sha-w c:\program files\desktop.ini

.

 

((((((((((((((((((((((((((((( snapshot@2009-01-11_ 2.37.06,17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-20 22:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

- 2000-08-31 10:00:00 28,672 ----a-w c:\windows\NIRCMD.exe

+ 2000-08-31 10:00:00 29,696 ----a-w c:\windows\NIRCMD.exe

- 2009-01-11 04:36:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-01-14 11:42:53 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-01-14 11:42:53 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-01-11 04:35:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-14 11:42:53 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-01-14 11:42:53 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-01-11 04:01:14 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-01-14 11:31:53 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-01-11 04:01:14 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-14 11:31:53 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-11 04:01:14 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-14 11:31:53 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-01-11 04:32:13 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2009-01-14 11:36:14 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat

+ 2009-01-14 11:36:14 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2009-01-11 01:07:15 10,026 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-438662606-1608187126-1426515038-1000_UserData.bin

+ 2009-01-14 11:25:45 10,340 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-438662606-1608187126-1426515038-1000_UserData.bin

- 2009-01-11 01:07:14 57,790 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-01-14 11:25:45 57,822 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-01-11 01:07:13 39,534 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-01-14 11:25:44 39,802 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-01-09 03:47:22 195,584 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-01-14 01:24:22 196,126 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-05 136600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{66AA7857-2F32-4F11-B863-A6EA39389761}"= UDP:c:\windows\System32\WindowsAnytimeUpgrade.exe:Atualização do Windows Anytime

"{1C533AB7-4330-442B-B327-882582F49119}"= TCP:c:\windows\System32\WindowsAnytimeUpgrade.exe:Atualização do Windows Anytime

"{2002BA02-D5AA-4B84-8C6A-62FABFF300B4}"= UDP:c:\program files\HP\HP Software Update\HPWUCli.exe:Atualização HP

"{FEA882D7-1075-46FE-9E1D-2BE80FC156C3}"= TCP:c:\program files\HP\HP Software Update\HPWUCli.exe:Atualização HP

"{82A2125A-A144-4408-82B6-FDB950499996}"= UDP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:Kaspersky Anti-Virus 7.0

"{62E83A77-E873-42E3-A913-4C44E62C1270}"= TCP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:Kaspersky Anti-Virus 7.0

"{517B4D65-78B1-4A5D-AB60-6EEB9C1E5EB5}"= UDP:c:\program files\VDOWNLOADER\VDownloader.exe:VDownloader

"{6A64C35D-70BF-490D-9419-CEF2864AB23D}"= TCP:c:\program files\VDOWNLOADER\VDownloader.exe:VDownloader

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DoNotAllowExceptions"= 1 (0x1)

 

S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\System32\drivers\V0060Vid.sys [2008-09-19 197632]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6f5f9e3-7e8c-11dd-a033-001b2455380e}]

\shell\Auto\command - Start.exe

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-14 09:43:02

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\System32\drivers\XAudio.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe

c:\windows\System32\conime.exe

c:\windows\System32\rundll32.exe

c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-01-14 9:47:43 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-01-14 11:47:17

ComboFix2.txt 2009-01-12 05:18:58

ComboFix3.txt 2009-01-11 04:38:34

 

Pré-execução: 48.537.456.640 bytes disponíveis

Pós execução: 48,510,058,496 bytes disponíveis

 

533 --- E O F --- 2009-01-12 17:22:23

 

 

 

 

 

 

O log do HijackThis:

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:35:34, on 10/01/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [LSA Shellu] C:\Users\kurio\lsass.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 6316 bytes

 

 

 

Agradeço a atenção!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Ferptc

 

<@> Baixe: < SDFix >

<@> Salve-o no Disco Local-C e,descompacte-o aí mesmo.

<@> Reinicie o computador em Modo de Segurança. <-- Link!

<@> Dê um duplo clique em: < runThis.bat >

 

<!> Caso uma janela abra e feche,repentinamente!

<!> Vá em Iniciar --> Executar --> Digite ou cole: %systemdrive%\SDFix\apps\FixPath.exe /Q --> OK!

<!> Reinicie o computador e execute,novamente,o SDFix.

<!> Caso não funcione,verifique a variável %comspec%.

<!> Clique direito do mouse,em Meu Computador --> Propriedades --> Avançadas.

<!> Em Variáveis do Ambiente,verifique se a variável ComSpec,tem o seguinte valor para o cmd.exe:

 

<!> Valor: %SystemRoot%\system32\cmd.exe

<@> Aperte o Y.

<@> Aguarde a conclusão!

<@> Terminando,aperte Enter. ( Ou,qualquer tecla!)

<@> O computador será reiniciado!

<@> Aguarde,ainda,a conclusão da limpeza.

<@> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@

<@> Poste os relatórios: Report.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ferptc    0

Ferptc
Postado

Olá..

 

Não funcionou o programa, não sei o que ocorreu de errado..aparece sim uma janela azul que se fecha logo em seguida.

 

Este passo"<!> Vá em Iniciar --> Executar --> Digite ou cole: %systemdrive%\SDFix\apps\FixPath.exe /Q --> OK!" eu realizei.. e aparece uma janela do dos que fecha também quase que no mesmo momento

 

 

"<!> Em Variáveis do Ambiente,verifique se a variável ComSpec,tem o seguinte valor para o cmd.exe:

 

<!> Valor: %SystemRoot%\system32\cmd.exe".... a variável está com o nome certo.

 

Quando entro no modo seguro o programa não funciona.

 

O programa está em C..

 

O que posso fazer?

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Ferptc

 

Não funcionou o programa, não sei o que ocorreu de errado..aparece sim uma janela azul que se fecha logo em seguida.

<!> Provavelmente,o SDFix não roda no WV.

---------------------------

<!> Tente a completa desinstalação do NIS.

 

<!> Baixe: < Norton Removal Tool >

 

<!> Na página,clique em DOWNLOAD.

<!> Salve-o no desktop,e siga as orientações para a remoção do programa.

<!> Talvez ocorra a necessidade da reinstalação e,à seguir,a desinstalação.

<!> Tendo êxito,poste um novo log do HijackThis.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ferptc    0

Ferptc
Postado

O log do hijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:07:44, on 16/01/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 5197 bytes

 

 

 

 

 

 

 

 

Eu tentei instalar um outro antivirus..por curiosidade, e desta vez não travou =]...não cheguei a instalar, mas seja qual resto de antivirus que tinha no meu pc (e que causava o conflito) já não tem mais. Posso instalar um antivirus já??

 

Sobre as janelas de propaganda do msn...elas ainda continuam aparecendo. Não sei se é vírus, ou alguma coisa que eu instalei junto ao msn..

 

Agradeço toda a atenção \o/

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Ferptc

 

Eu tentei instalar um outro antivirus..por curiosidade, e desta vez não travou =]...não cheguei a instalar, mas seja qual resto de antivirus que tinha no meu pc (e que causava o conflito) já não tem mais. Posso instalar um antivirus já??

<!> Sim! Escolha algum de sua preferência!

<!> Pode ser mesmo o AVG8!

 

Sobre as janelas de propaganda do msn...elas ainda continuam aparecendo. Não sei se é vírus, ou alguma coisa que eu instalei junto ao msn..

<!> Investigaremos a causa! :thumbsup:

----------------------------

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-o no Desktop!

<@> Desabilite,temporariamente,seus programas de proteção. <-- ( antivírus,antispyware e firewall )

<@> Para maiores detalhes,na instalação,siga as recomendações deste Tutorial. <-- Link

<@> Execute a ferramenta,com um duplo-clique em UsbFix.exe.

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ferptc    0

Ferptc
Postado

O relatório do UsbFix:

 

 

 

 

 

-------------- UsbFix V2.414.3 ---------------

 

* User : kurio - KURIO-PC

* Outils mis a jours le 18/01/2009 par Chiquitine29 et Chimay8

* Recherche effectuée à 23:50:58 le 17/01/2009

* Windows Vista - Internet Explorer 7.0.6001.18000

 

 

--------------- [ Processus actifs ] ----------------

 

 

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\LogonUI.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\userinit.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\runonce.exe

C:\Windows\system32\conime.exe

 

--------------- [ Informations lecteurs ] ----------------

 

C: - Unidade de disco fixo

D: - Unidade de disco fixo

 

--------------- [ Lecteur C ] ----------------

 

C: - Unidade de disco fixo

 

+- Listing des fichiers présents :

 

[07/12/2007 13:08][--a------] C:\autoexec.bat

[15/01/2009 18:45][--a------] C:\SDFix.exe

[14/01/2009 10:16][--a------] C:\ComboFix.txt

[14/01/2009 10:16][--a------] C:\UsbFix.txt

[18/09/2006 19:43][--a------] C:\config.sys

[18/09/2006 19:43][--a------] C:\hiberfil.sys

[18/09/2006 19:43][--a------] C:\IO.SYS

[18/09/2006 19:43][--a------] C:\MSDOS.SYS

[18/09/2006 19:43][--a------] C:\pagefile.sys

 

--------------- [ Lecteur D ] ----------------

 

D: - Unidade de disco fixo

 

+- Listing des fichiers présents :

 

[03/11/2006 16:43][---hs----] D:\Desktop.ini

[10/09/2002 13:14][---hs----] D:\Folder.htt

 

--------------- [ Registre / Startup ] ----------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\Windows\\system32\\userinit.exe,"

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

QPService="C:\Program Files\HP\QuickPlay\QPService.exe"

QlbCtrl=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

HP Health Check Scheduler=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

WAWifiMessage=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

hpWirelessAssistant=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

HP Software Update=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=

<NO NAME>=

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=

Installed=1

<NO NAME>=

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=

NoChange=1

Installed=1

<NO NAME>=

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=

Installed=1

<NO NAME>=

 

--------------- [ Registre / Mountpoint2 ] ----------------

 

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac4e3f14-82a2-11dd-991c-001b2455380e}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6f5f9e3-7e8c-11dd-a033-001b2455380e}\Shell\AutoRun\command

 

--------------- [ Nettoyage des disques ] ----------------

 

Supprimé ! - [10/09/2002 13:14][---hs----] D:\Folder.htt

 

--------------- [ Resumé ] ----------------

 

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

 

[07/12/2007 13:08][--a------] C:\autoexec.bat

[15/01/2009 18:45][--a------] C:\SDFix.exe

[03/11/2006 16:43][---hs----] D:\Desktop.ini

 

--------------- [ Vaccination ] ----------------

 

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

 

--------------- ! Fin du rapport ! ----------------

 

 

 

 

 

 

O log do HijackThis:

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:13:44, on 18/01/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\conime.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Estatísticas de proteção de tráfego da web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 5767 bytes

 

 

 

 

 

Eu instalei o Kaspersky.. não encontrou vírus no pc.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Ferptc

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

----------------------------

<!> Com o HijackThis,dê Fix nesta entrada:

 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

 

<!> Delete a pasta: C:\Program Files\AVG <-- A pasta!

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

<!> Ps: Foi voçê que estabeleceu esta página,como inicial?

----------------------------

<!> O log está limpo!

<!> Há,ainda,algum problema?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ferptc    0

Ferptc
Postado

Obrigado por toda a atenção!

 

O meu problema era conseguir instalar um antivírus, e este foi solucionado. Agradeço =]

 

Sobre a página inicial, quando usei o programa em francês, a página inicial trocou sozinha..

 

E sobre o problema do msn, continua...mas acredito que seja alguma coisa que instalei sem perceber na época... ao menos sei que não é vírus. \o/

 

Logo logo tento reinstalar o msn e ver ser arruma isso.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito