[Resolvido!] malware?

[REDENTOR 0]

Olá,

 

Será que vcs podiam dar uma olhada no meu log? Vi umas entradas meio esquisitas no hijackthis (se é que eu sei identificar isso)... a unica coisa estranha no micro é que simplesmente é impossível usar o internet explorer. Qdo abro, já aparece aquela msg "um site deseja abrir conteúdo da web..........." para o google desktop. Isso acontece em todas as páginas e de 2 em 2 segundos , mesmo que eu clique proibir e não perguntar de novo para esse programa. É muito chato mesmo. Valeu!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:47:08, on 21/01/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conime.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Sumário do OneNote.onetoc2

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Intel Corporation - (no file)

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9655 bytes

[Silas Martins 0]

Baixe o Malwarebytes Anti-Malware

 

 

* Inicie a instalação clique em "mbam-setup.exe";

* Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir.

* Marque "Verificação Rápida" e depois clique em Verificar.

* Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

* Se algo for detectado, veja se tudo está marcado e clique em "Remover";

* O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

* Copie e cole esse log, juntamente com o novo log do hijacktihis .

Aguado o retorno.

[REDENTOR 0]

Silas, eu uso sempre o Malwarebytes... estou colando o log, e tb um log de uns dias atrás, no qual eliminei alguns trojans.

Esqueci de dizer que de uns dias pra cá meu antivirus carrega com a opção antispam desabilitada, sem que eu possa habilitar, e tb com a opção de antiphishing desabilitada, mas esta eu consigo habilitar.

 

Malwarebytes' Anti-Malware 1.33

Versão do banco de dados: 1682

Windows 6.0.6001 Service Pack 1

 

23/01/2009 01:12:30

mbam-log-2009-01-23 (01-12-23).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 50230

Tempo decorrido: 8 minute(s), 16 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 2

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken.

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> No action taken.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

----------------------------------------------------

Malwarebytes' Anti-Malware 1.33

Versão do banco de dados: 1665

Windows 6.0.6001 Service Pack 1

 

19/01/2009 01:12:11

mbam-log-2009-01-19 (01-12-11).txt

 

Tipo de Verificação: Completa (C:\|F:\|)

Objetos verificados: 133303

Tempo decorrido: 2 hour(s), 21 minute(s), 46 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 0

Ítens do Registro infectados: 1

Pastas infectadas: 0

Arquivos infectados: 2

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Windows\Downloaded Program Files\abn.gpc (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\GbPlugin\gbiehcef.dll (Trojan.BHO) -> Delete on reboot.

-----------------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:00:03, on 23/01/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conime.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Sumário do OneNote.onetoc2

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Intel Corporation - (no file)

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9792 bytes

[Silas Martins 0]

Baixe o Norman Malware Cleaner aqui:http://superdownloads.uol.com.br/redir.cfm?softid=63672

Depois de instalado execute e adicione todas as áreas físicas e removiveis do seu pc ( ex: Ec: F: e outras) só então clique em Scan.

Apos isso poste o log do Hijackthis,juntamente com o log do Norman

[REDENTOR 0]

Silas, fiz o que pediu, seguem os logs abaixo:

 

Norman Malware Cleaner

Copyright © 1990 - 2008, Norman ASA. Built 2009/01/23 04:50:27

 

Norman Scanner Engine Version: 5.93.01

Nvcbin.def Version: 5.93.00, Date: 2009/01/23 04:50:27, Variants: 2614638

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows Vista 6.0.6001 Service Pack 1

Logged on user: CRIS-PC\CRIS

 

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" -> ""

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

 

Scan started: 25/01/2009 17:25:51

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 3811

Number of processes/threads scanned: 3811

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 2m 37s

 

 

Scanning file system...

 

Scanning: C:\*.*

 

C:\System Volume Information\{1251cff5-eb08-11dd-8016-8baed1fad4c0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{795a8af9-e905-11dd-abd7-c0b974579cbb}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{795a8b0c-e905-11dd-abd7-83c68c8504fa}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\Users\CRIS\Downloads\eMule\Incoming\Adoramos.Ler.-.Rubem.Alves.Filosofia.Da.Ciencia.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl (Error opening file: Access denied)

 

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl (Error opening file: Access denied)

 

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl (Error opening file: Access denied)

 

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl (Error opening file: Access denied)

 

Scanning: F:\*.*

 

F:\ACUPUNTURA\CDdivlivrosACU\Anatomia Funcional dos Músculos\Anatomia Funcional - Musculos.exe (Infected with W32/Agent.FZLS)

Deleted file

 

Scanning: G:\*.*

 

Scanning: H:\*.*

 

Scanning: E:\*.*

 

 

Running post-scan cleanup routine:

 

Number of files found: 124436

Number of archives unpacked: 739

Number of files scanned: 124243

Number of files not scanned: 193

Number of files skipped due to exclude list: 0

Number of infected files found: 1

Number of infected files repaired/deleted: 1

Number of infections removed: 1

Total scanning time: 1h 33m 20s

-------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:39:16, on 25/01/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Sumário do OneNote.onetoc2

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Intel Corporation - (no file)

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - REDC - (no file)

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9791 bytes

[Silas Martins 0]

Dê um duplo clique no ícone MEU COMPUTADOR, clique no menu FERRAMENTAS e no item OPÇÕES DE PASTA.

 

OU

 

Acesse o PAINEL DE CONTROLE e clique no item OPÇÕES DE PASTA (no modo de exibição clássico).

 

 

 

Na caixa de diálogo OPÇÕES DE PASTA, selecione a guia Modo de exibição.

 

Na seção Configurações avançadas, deslize a barra da direita, localize o item Pastas e arquivos ocultos e clique na opção Mostrar pastas e arquivos ocultos.

Depois de feito isso vá em iniciar>todos os programas>acessórios>ferramentas de sistema>limpeza de disco.

 

Aofinal repita o scan do Normwn e poste o novo log do Norman e hijackthis.

[REDENTOR 0]

Aí vão os logs:

 

Norman Malware Cleaner

Copyright © 1990 - 2008, Norman ASA. Built 2009/01/23 04:50:27

 

Norman Scanner Engine Version: 5.93.01

Nvcbin.def Version: 5.93.00, Date: 2009/01/23 04:50:27, Variants: 2614638

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows Vista 6.0.6001 Service Pack 1

Logged on user: CRIS-PC\CRIS

 

Set registry value: HKCR\scrfile\shell\open\command\ = "NOTEPAD.EXE %1" -> ""%1" /S"

 

Scan started: 28/01/2009 00:43:36

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 3736

Number of processes/threads scanned: 3736

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 2m 35s

 

 

Scanning file system...

 

Scanning: C:\*.*

 

C:\System Volume Information\{1251cff5-eb08-11dd-8016-8baed1fad4c0}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{795a8b0c-e905-11dd-abd7-83c68c8504fa}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\System Volume Information\{ea0c25bd-ec20-11dd-9100-bb4f4bd38ea7}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

 

C:\Users\CRIS\Downloads\eMule\Incoming\Adoramos.Ler.-.Rubem.Alves.Filosofia.Da.Ciencia.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl (Error opening file: Access denied)

 

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl (Error opening file: Access denied)

 

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl (Error opening file: Access denied)

 

C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl (Error opening file: Access denied)

 

Scanning: E:\*.*

 

Scanning: F:\*.*

 

Scanning: G:\*.*

 

Scanning: H:\*.*

 

 

Running post-scan cleanup routine:

 

Number of files found: 126013

Number of archives unpacked: 741

Number of files scanned: 125781

Number of files not scanned: 232

Number of files skipped due to exclude list: 0

Number of infected files found: 0

Number of infected files repaired/deleted: 0

Number of infections removed: 0

Total scanning time: 1h 47m 14s

----------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:52:10, on 28/01/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Sumário do OneNote.onetoc2

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Intel Corporation - (no file)

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - REDC - (no file)

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9610 bytes

 

Só uma coisinha: o antivirus tinha voltado ao normal, após a primeira vez que rodamos o norman, e agora ele está com os mesmos problemas de antes (??!).

[Silas Martins 0]

Uma perguntta você é o administrador do pc ou sua conta nele é de usuário simples (convidado)

Quando ao anti-virus deve-se ao fato de você ter colocado os arquivos ocultos para serem visualizados.

Repita processo de Ocultação de arquivo só que dessa vez você ira escolher a opção Ocultar aquivos.

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

 

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo o retorno

[REDENTOR 0]

Sim, eu sou o administrador do micro.

 

Silas, aí vão os logs do combofix, norman e hijackthis:

 

Antes de rodar o combofix, apareceram 2 mensagens: a primeira falando que foram encontrados parasitas querendo se juntar ao combofix, no arquivo c:\program files\bitdefender\bitdefender 2009\bitdefender innerfire\midas32-v1_7\leaktests.m32. A outra falando que tinha sido encontrada rootkit, no mesmo arquivo, e precisou reiniciar o micro para poder rodar o combofix (o arquivo foi apagado).

Queria saber: esse arquivo será que é legítimo, ou foi infectado mesmo? Porque já precisei remover a barra do bitdefender, identificada pelo system mechanic como spyware "Look2me"... valeu!

 

ComboFix 09-01-21.04 - CRIS 2009-01-30 2:35:11.3 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1046.18.2549.1604 [GMT -3:00]

Executando de: c:\users\CRIS\Desktop\ComboFix.exe

AV: BitDefender Antivírus *On-access scanning disabled* (Updated)

FW: BitDefender Firewall *disabled*

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\CRIS\AppData\Roaming\inst.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-28 to 2009-01-30 ))))))))))))))))))))))))))))

.

 

2009-01-25 15:08 . 2009-01-25 15:08 <DIR> d-------- c:\program files\Microsoft

2009-01-24 02:14 . 2009-01-24 02:14 <DIR> d-------- c:\users\All Users\vsosdk

2009-01-24 02:14 . 2009-01-24 02:14 <DIR> d-------- c:\programdata\vsosdk

2009-01-18 15:19 . 2009-01-18 15:19 <DIR> d-------- c:\users\CRIS\AppData\Roaming\skypePM

2009-01-18 15:19 . 2009-01-18 15:19 32 --a------ c:\users\All Users\ezsid.dat

2009-01-18 15:19 . 2009-01-18 15:19 32 --a------ c:\programdata\ezsid.dat

2009-01-16 01:47 . 2009-01-17 01:42 <DIR> d-------- c:\program files\DVDFab 5

2009-01-14 02:53 . 2009-01-20 00:30 <DIR> d-------- c:\users\CRIS\AppData\Roaming\U3

2009-01-14 02:53 . 2009-01-14 02:53 <DIR> d-------- c:\program files\SanDisk Cruzer

2009-01-13 21:39 . 2008-12-15 23:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

2009-01-12 23:29 . 2009-01-12 23:29 332 --a------ c:\windows\System32\BDUpdateV1.xml

2009-01-12 00:55 . 2009-01-12 00:55 <DIR> d-------- C:\MACIOCIA

2009-01-12 00:55 . 1993-05-11 23:00 398,416 --------- c:\windows\system\VBRUN300.DLL

2009-01-12 00:55 . 1994-01-31 23:00 14,933 --------- c:\windows\VSHARE.386

2009-01-12 00:55 . 1992-08-13 12:34 3,453 --------- c:\windows\system\CL_INFO.DLL

2009-01-12 00:55 . 2009-01-12 00:55 219 --a------ c:\windows\WIN.01

2009-01-12 00:51 . 2009-01-12 00:51 21,648 --a------ c:\windows\system\CTL3DV2.DLL

2009-01-09 01:39 . 2005-03-11 18:37 1,986,560 --a------ c:\windows\System32\AudFile.dll

2009-01-09 01:39 . 2005-02-24 13:11 1,212,416 --a------ c:\windows\System32\AudioInfos.dll

2009-01-09 01:39 . 2005-02-24 12:51 348,160 --a------ c:\windows\System32\WMAFile.dll

2009-01-09 01:39 . 1998-07-12 22:00 141,312 --a------ c:\windows\System32\MSCMCFR.DLL

2009-01-09 01:39 . 2000-10-01 18:00 119,568 --a------ c:\windows\System32\VB6FR.DLL

2009-01-09 01:39 . 2005-01-10 13:54 116,296 --a------ c:\windows\System32\NCTWMAProfiles.prx

2009-01-09 01:39 . 2000-05-22 14:58 115,920 --a------ c:\windows\System32\msinet.OCX

2009-01-09 01:39 . 1999-03-25 18:00 101,888 --a------ c:\windows\System32\VB6STKIT.DLL

2009-01-09 01:39 . 2003-04-18 15:29 44,544 --a------ c:\windows\System32\msxml4a.dll

2009-01-09 01:39 . 2003-01-26 12:41 40,960 --a------ c:\windows\System32\SSubTmr6.dll

2009-01-09 01:39 . 1998-07-12 18:00 32,768 --a------ c:\windows\System32\CMDLGFR.DLL

2009-01-09 01:39 . 1998-07-12 22:00 15,360 --a------ c:\windows\System32\inetfr.DLL

2009-01-09 01:26 . 2009-01-24 02:12 <DIR> d-------- c:\users\CRIS\AppData\Roaming\Vso

2009-01-09 01:26 . 2009-01-16 01:47 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys

2009-01-09 01:26 . 2009-01-17 00:33 47,360 --a------ c:\users\CRIS\AppData\Roaming\pcouffin.sys

2009-01-09 01:00 . 2009-01-09 03:04 <DIR> d-------- c:\program files\Complex

2009-01-06 14:28 . 2009-01-06 14:28 <DIR> d-------- c:\users\CRIS\AppData\Roaming\Thinstall

2009-01-06 04:11 . 2009-01-06 04:11 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite

2009-01-06 04:11 . 2009-01-06 04:11 <DIR> d-------- c:\programdata\DAEMON Tools Lite

2009-01-05 23:05 . 2009-01-05 23:06 <DIR> d-------- c:\users\All Users\GbPlugin

2009-01-05 23:05 . 2009-01-05 23:06 <DIR> d-------- c:\programdata\GbPlugin

2009-01-05 23:05 . 2009-01-19 23:58 <DIR> d-------- c:\program files\GbPlugin

2009-01-02 03:41 . 2009-01-02 03:41 <DIR> d-------- c:\program files\SomePDF

2008-12-23 15:43 . 2008-12-23 15:44 <DIR> d-------- c:\users\CRIS\AppData\Roaming\CyberLink

2008-12-23 15:38 . 2008-12-23 15:38 <DIR> d-------- c:\users\CRIS\AppData\Roaming\Media Player Classic

2008-12-23 00:06 . 2008-12-23 00:06 <DIR> d-------- c:\program files\VDOWNLOADER

2008-12-22 04:43 . 2008-12-22 04:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos

2008-12-22 04:43 . 2008-12-22 04:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches

2008-12-22 04:43 . 2008-12-22 04:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games

2008-12-22 04:43 . 2008-12-22 04:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures

2008-12-22 04:43 . 2008-12-22 04:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Music

2008-12-22 04:43 . 2008-12-22 04:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Links

2008-12-22 04:43 . 2008-12-22 04:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads

2008-12-22 04:43 . 2008-12-22 04:43 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents

2008-12-22 01:13 . 2008-12-22 01:13 <DIR> d-------- c:\users\CRIS\AppData\Roaming\BitDefender

2008-12-22 01:12 . 2008-12-22 01:16 <DIR> d-------- c:\users\All Users\BitDefender

2008-12-22 01:12 . 2008-12-22 01:16 <DIR> d-------- c:\programdata\BitDefender

2008-12-21 21:33 . 2008-12-22 01:12 <DIR> d-------- c:\program files\Common Files\BitDefender

2008-12-21 21:10 . 2008-12-21 21:10 <DIR> d-------- c:\windows\System32\IOSUBSYS

2008-12-21 20:27 . 2008-12-21 21:10 <DIR> d-------- c:\program files\Google

2008-12-21 19:40 . 2008-12-21 19:41 <DIR> d-------- c:\program files\K-Lite Video Conversion Pack

2008-12-20 22:51 . 2008-12-29 13:23 271 --a------ c:\windows\SysMech.INI

2008-12-20 15:07 . 2008-12-20 15:07 406 --a------ c:\windows\System32\ioloBootDefrag.cfg

2008-12-20 15:06 . 2008-12-04 16:51 935,776 --a------ c:\windows\System32\Incinerator.dll

2008-12-20 15:06 . 2008-09-03 09:41 12,800 --a------ c:\windows\System32\elrawdsk.sys

2008-12-20 15:06 . 2008-09-03 09:41 12,800 --a------ c:\windows\System32\drivers\elrawdsk.sys

2008-12-20 15:06 . 2008-04-17 09:45 9,341 --a------ c:\windows\System32\drivers\filedisk.sys

2008-12-20 15:05 . 2008-12-20 15:05 <DIR> d-------- c:\program files\iolo

2008-12-20 15:05 . 2008-09-24 09:32 28,672 --a------ c:\windows\System32\iolobtdfg.exe

2008-12-20 15:05 . 2008-11-18 11:51 8,192 --a------ c:\windows\System32\smrgdf.exe

2008-12-20 13:42 . 2009-01-09 01:48 <DIR> d-------- c:\users\All Users\CyberLink

2008-12-20 13:42 . 2009-01-09 01:48 <DIR> d-------- c:\programdata\CyberLink

2008-12-20 13:41 . 2008-12-20 13:42 <DIR> d-------- c:\program files\CyberLink

2008-12-20 13:32 . 2008-12-20 13:32 <DIR> d-------- c:\program files\PROnetworks

2008-12-20 13:28 . 2008-12-20 13:28 850 --a------ c:\windows\System32\ProductTweaks.xml

2008-12-20 13:28 . 2008-12-20 13:28 385 --a------ c:\windows\System32\user_gensett.xml

2008-12-20 03:32 . 2008-10-01 22:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2008-12-20 03:28 . 2008-10-21 22:22 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-20 02:55 . 2008-10-31 22:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-12-20 02:55 . 2008-11-01 00:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll

2008-12-20 02:48 . 2008-12-20 02:48 <DIR> d-------- c:\users\CRIS\AppData\Roaming\Malwarebytes

2008-12-20 02:48 . 2008-12-20 02:48 <DIR> d-------- c:\users\All Users\Malwarebytes

2008-12-20 02:48 . 2008-12-20 02:48 <DIR> d-------- c:\programdata\Malwarebytes

2008-12-20 02:48 . 2009-01-18 15:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-20 02:48 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-12-20 02:48 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-12-20 02:47 . 2009-01-18 15:11 <DIR> d-------- c:\program files\K-Lite Codec Pack

2008-12-20 02:44 . 2008-10-16 01:47 827,392 --a------ c:\windows\System32\wininet.dll

2008-12-20 02:42 . 2008-06-22 22:59 2,868,736 --a------ c:\windows\System32\mf.dll

2008-12-20 02:42 . 2008-06-22 22:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll

2008-12-20 02:42 . 2008-06-22 22:58 94,720 --a------ c:\windows\System32\logagent.exe

2008-12-20 02:39 . 2008-12-20 02:39 <DIR> d-------- c:\windows\System32\Adobe

2008-12-20 02:38 . 2008-08-28 00:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll

2008-12-20 02:38 . 2008-08-28 00:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll

2008-12-20 02:38 . 2008-08-28 00:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll

2008-12-20 02:37 . 2008-09-17 23:16 2,032,640 --a------ c:\windows\System32\win32k.sys

2008-12-20 02:37 . 2008-09-05 02:14 1,191,936 --a------ c:\windows\System32\msxml3.dll

2008-12-20 02:37 . 2008-09-03 00:59 468,992 --a------ c:\windows\System32\newdev.dll

2008-12-20 02:37 . 2008-08-12 00:39 443,392 --a------ c:\windows\System32\win32spl.dll

2008-12-20 02:37 . 2008-04-18 02:48 269,312 --a------ c:\windows\System32\es.dll

2008-12-20 02:37 . 2008-09-03 00:58 74,752 --a------ c:\windows\System32\newdev.exe

2008-12-20 02:33 . 2008-09-10 00:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

2008-12-20 02:27 . 2008-12-20 02:27 <DIR> d-------- c:\program files\WinAVIVideoConverter

2008-12-20 02:27 . 2008-12-20 02:27 3,082 --a------ c:\windows\System32\affv208325p1now.sys

2008-12-20 02:26 . 2009-01-23 02:31 <DIR> d-------- c:\users\All Users\DVD Shrink

2008-12-20 02:26 . 2009-01-23 02:31 <DIR> d-------- c:\programdata\DVD Shrink

2008-12-20 02:26 . 2008-12-20 02:26 <DIR> d-------- c:\program files\DVD Shrink

2008-12-20 02:26 . 2008-12-20 02:26 <DIR> d-------- c:\program files\DVD Decrypter

2008-12-20 02:19 . 2008-10-16 18:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-12-20 02:19 . 2008-10-16 17:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-12-20 02:19 . 2008-10-16 18:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-12-20 02:19 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-12-20 02:19 . 2008-10-16 17:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-12-20 02:19 . 2008-10-16 18:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-12-20 02:19 . 2008-10-16 18:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-12-20 02:19 . 2008-10-16 18:08 34,328 --a------ c:\windows\System32\wups.dll

2008-12-20 02:19 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-12-12 18:47 . 2008-12-12 18:47 3,751,995 --a------ c:\windows\System32\GPhotos.scr

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-23 04:27 --------- d-----w c:\program files\Marcos Velasco Security

2009-01-18 18:20 --------- d-----w c:\users\CRIS\AppData\Roaming\Skype

2009-01-15 02:52 --------- d-----w c:\programdata\Microsoft Help

2009-01-14 05:53 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-14 01:06 --------- d-----w c:\program files\Windows Mail

2009-01-07 21:04 --------- d-----w c:\users\CRIS\AppData\Roaming\iolo

2009-01-06 08:06 --------- d-----w c:\program files\CCleaner

2008-12-22 07:50 --------- d-----w c:\program files\Opera

2008-12-22 04:12 --------- d-----w c:\program files\BitDefender

2008-12-21 22:20 --------- d-----w c:\users\CRIS\AppData\Roaming\Desktopicon

2008-12-20 18:07 --------- d-----w c:\programdata\iolo

2008-12-20 16:43 --------- d-----w c:\programdata\Dell

2008-12-20 16:41 --------- d-----w c:\program files\Dell

2008-12-20 16:19 --------- d-----w c:\program files\Microsoft Silverlight

2008-12-20 05:39 --------- d-----w c:\programdata\WLInstaller

2008-12-20 05:28 81,984 ----a-w c:\windows\System32\bdod.bin

2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe

2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll

2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll

2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll

2008-10-09 18:31 192,512 ----a-w c:\windows\System32\txmlutil.dll

2008-06-11 06:09 76 --sh--r c:\windows\CT4CET.bin

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DELL Webcam Manager"="c:\program files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 118784]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-12-25 2356088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 2595616]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 909208]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 140568]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]

"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2008-12-04 314224]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-21 30192]

"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-10-30 741376]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

 

c:\users\CRIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

Sum rio do OneNote.onetoc2 [2009-01-12 3656]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

--a------ 2007-11-15 09:23 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-02-01 17:22 21898024 c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-07-28 01:54 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-439302870-2014584316-92622786-1000]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{420FF8B0-5215-4561-A13F-FE1E57027EDA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{C20FEE50-0171-4816-82AD-D2C30734914B}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{A9AB6CBB-BBFB-4B50-8EEE-6B253494F65A}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{BBC50457-9415-4FFB-AC5F-357E8920F9AA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{352476FC-4E92-4070-8BF0-65908A313DC6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{22C513B0-ADC8-4DF4-8772-83B13C9EB978}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{D2893F2D-0BEB-49FB-AE41-AA9BBE270F2C}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [2008-12-20 12800]

R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [2008-09-18 111112]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [2008-10-17 104328]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-06-11 111616]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2007-10-10 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2007-03-05 7424]

R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-06-11 73728]

R4 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-09-04 82440]

R4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-12-20 596336]

R4 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-12-20 596336]

S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

S3 GoogleDesktopManager-092308-165331;Gerenciador do Google Desktop 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-21 30192]

S4 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; [x]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bdx REG_MULTI_SZ scan

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d2f7656-d904-11dd-a179-a4e35be495d0}]

\shell\AutoRun\command - E:\LaunchU3.exe -a

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-01-30 c:\windows\Tasks\User_Feed_Synchronization-{19B005B9-3F05-42EE-95CB-EA7F023BD4DF}.job

- c:\windows\system32\msfeedssync.exe [2008-01-19 04:33]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - (no file)

 

 

.

------- Scan Suplementar -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: realsecureweb.com.br\www2

Handler: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - c:\program files\Trend Micro\TrendProtect\MSIE\WRS.dll

.

.

------- Associação de arquivos/ficheiros -------

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-30 02:42:56

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(836)

c:\windows\system32\relog_ap.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

c:\program files\BitDefender\BitDefender 2009\vsserv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\BCMWLTRY.EXE

c:\windows\System32\wlanext.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\System32\stacsv.exe

c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

c:\windows\System32\drivers\XAudio.exe

c:\windows\System32\conime.exe

c:\windows\System32\igfxsrvc.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\hidfind.exe

c:\program files\BitDefender\BitDefender 2009\seccenter.exe

c:\program files\DellTPad\ApntEx.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-01-30 2:47:46 - Máquina reiniciou [CRIS]

ComboFix-quarantined-files.txt 2009-01-30 05:47:32

 

Pré-execução: 65,813,532,672 bytes disponíveis

Pós execução: 65,801,973,760 bytes disponíveis

 

309 --- E O F --- 2009-01-25 18:08:04

 

-------------------------------------------------------------------------

Norman Malware Cleaner

Copyright © 1990 - 2008, Norman ASA. Built 2009/01/23 04:50:27

 

Norman Scanner Engine Version: 5.93.01

Nvcbin.def Version: 5.93.00, Date: 2009/01/23 04:50:27, Variants: 2614638

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows Vista 6.0.6001 Service Pack 1

Logged on user: CRIS-PC\CRIS

 

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

 

Scan started: 30/01/2009 02:54:23

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 1190

Number of processes/threads scanned: 1190

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 46s

 

 

 

Running post-scan cleanup routine:

 

--------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:25:50, on 30/01/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\Explorer.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Sumário do OneNote.onetoc2

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe

O23 - Service: Gerenciador do Google Desktop 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Intel Corporation - (no file)

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - REDC - (no file)

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9407 bytes

[Silas Martins 0]

Faça o Scan do Kaspersky salve o relatório e depois poste ele aqui.

[REDENTOR 0]

Faça o Scan do Kaspersky salve o relatório e depois poste ele aqui.

 

Sunday, February 1, 2009

Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Sunday, February 01, 2009 20:25:22

Records in database: 1735802

 

 

Scan settings

Scan using the following database extended

Scan archives yes

Scan mail databases yes

 

Scan area My Computer

C:\

D:\

 

Scan statistics

Files scanned 97033

Threat name 0

Infected objects 0

Suspicious objects 0

Duration of the scan 01:28:14

 

No malware has been detected. The scan area is clean.

The selected area was scanned.

[Silas Martins 0]

Log limpo.

Algum problema persiste?

[REDENTOR 0]

Apenas o antivirus que não funciona o antispam, está desabilitado e não tem como reabilitar. Será que eu devo reinstalar? E aquele arquivo que foi apagado pelo Combofix?

[Silas Martins 0]

Re-instale ele , pois aquele estav infectado.

O caso será fechado.

[Silas Martins 0]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.