[Resolvido!] Iexplorer executando sozinho

[Leno 0]

Ola pessoal,sou novo no forum,to com um problema,to usando o pc normalmente,ai sem mais nem menos abre de 2 a 4 internet explorer,,eu fexo,,dali a poco eles abrem novamente,e o processo continua sendo mostrado no gerenciador de tarefas,fiz scan no avg nao mostro nada,,no ad-aware ele detecto um dll no system32,,eu removi,mais nao resolveu o problema,e também nem uso o iexplorer,uso o mozila pra navega,nao sei mais uq faze =/,entao ai vai o log do hijackthis,,se alguem souber qual o problema,,agradeço desde ja a ajuda.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:32:41, on 5/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\rsvp.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" /tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users\Dados de aplicativos\Jump Poll Poke Mp3\burn title.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [proxysupport] C:\DOCUME~1\SRGIOM~1\DADOSD~1\CITYLE~1\fork mess new.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1157946052296

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://www.mundifm.com.br/webplayer/ampx_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BB2832CC-5551-439D-A9FB-DCDBA2841BF2}: NameServer = 192.168.1.1

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 7606 bytes

[Silas Martins 0]

Baixe o Norman Malware Cleaner aqui:http://superdownloads.uol.com.br/redir.cfm?softid=63672

Depois de instalado execute e adicione todas as áreas físicas e removiveis do seu pc ( ex: Ec: F: e outras) só então clique em Scan.

Apos isso poste o log do Hijackthis,juntamente com o log do Norman

[Leno 0]

Feito. Ai vão os logs do Norman e do HiJackThis. Valeu a ajuda :D :thumbsup:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:17:41, on 6/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" /tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users\Dados de aplicativos\Jump Poll Poke Mp3\burn title.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [proxysupport] C:\DOCUME~1\SRGIOM~1\DADOSD~1\CITYLE~1\fork mess new.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1157946052296

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://www.mundifm.com.br/webplayer/ampx_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BB2832CC-5551-439D-A9FB-DCDBA2841BF2}: NameServer = 192.168.1.1

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 7516 bytes

 

 

 

 

 

 

 

Norman Malware Cleaner

Copyright © 1990 - 2008, Norman ASA. Built 2009/02/06 07:23:47

 

Norman Scanner Engine Version: 6.00.02

Nvcbin.def Version: 6.00.00, Date: 2009/02/06 07:23:47, Variants: 2728428

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: MURILO\Sérgio Murilo

 

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

 

Scan started: 06/02/2009 18:11:40

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 1883

Number of processes/threads scanned: 1883

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 29s

 

 

Scanning file system...

 

Scanning: C:\*.*

 

C:\Arquivos de programas\Circle Developement\Uninstall.exe (Infected with W32/Busky.JHRU)

Deleted file

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\cs_assault.pk3.tmp/map source/cs_assault.map (Error whilst scanning file: I/O Error (0x00000000))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\football.pk3.tmp/textures/football/10.jpg (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\grims_dm_arena01.pk3.tmp/textures/grims_smoke/comin_thru.jpg (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\jordan_nights.pk3.tmp/textures/custom/floor_woodnew.jpg (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\Midnight_Sniper.pk3.tmp/maps/Midnight_Sniper.bsp (Error whilst scanning file: I/O Error (0x00000000))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\mp_jor1mir.pk3.tmp/gfx/menus/levelshots/mp_jor1mir.jpg (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\pix_nudeskin_pack.pk3.tmp/models/characters/average_face/f_bob_blacky.jpg (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\rbc_sniper.pk3.tmp/models/characters/average_armor/a_rbc_sniper.jpg (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\trainmarketV2.1.pk3.tmp/gfx/menus/levelshots/mp_trainmarketV2_nuk_bombsite2.jpg (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\tw_cv.pk3.tmp/textures/darkone/bas-lp-floortile2.jpg (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\tw_home_alone.pk3.tmp/GFX/MENUS/levelshots/tw_home_alone_inf_extraction.jpg (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\UK_Abandoned_Base2.886ba082.pk3.tmp/gfx/menus/levelshots/Thumbs.db (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\UK_Finca_Remix2.pk3.tmp/gfx/menus/levelshots/Thumbs.db (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\VJStadiumII.pk3.tmp/gfx/menus/levelshots/VJStadiumII.jpg (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\wl_chronic.pk3.tmp/gfx/menus/levelshots/Thumbs.db (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\base\mp\trainmarketV2.1.pk3.tmp/textures/eget/jeel.jpg (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\noble-pro\NobleClient_v27.pk3.tmp/ui/ingame_rocmod.menu (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\osp\osp-clientside-1.0f-BETA.pk3.tmp/gfx/briefcase_dropped.png (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\rocmod\NEW_FC_RoC_Sounds.pk3.tmp/sound/beta/adios.mp3 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\rocmod\NeW_LoS_RoC_Sounds.pk3.tmp/gfx/menus/console/weed.png.PNG (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\rocmod\ninjasounds2.0+1.0=3.0fixed.pk3.tmp/sound/austinpowers/ahole.mp3 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\rocmod\sk1soundpack-1.3a.pk3.tmp/gfx/menus/console/console_roc.png (Error whilst scanning file: I/O Error (0x00000000))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\rocmod\TerraWeaponMod.d7dc0975.pk3.tmp/sound/weapons/sniper/enemy_sniper.wav (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\rocmod\xhawk.942dacf3.pk3.tmp/models/characters/average_face/F_HAWK.JPG (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\rocmod\zrocmodsounds.pk3.tmp/sound/misc/cursing6/19.99.mp3 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\rocmod\zzDollarDawgs_voice.pk3.tmp/sound/badwords/bbbbbbb.mp3 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Arquivos de programas\Soldier of Fortune II - Double Helix\rocmod\[VL]sounds.pk3.tmp/sound/leef/1 mins-02.mp3 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Back up Murilo\DRIVER JOYSTICK\VL807.exe (Infected with W32/Accoona.R)

Deleted file

 

C:\Back up Murilo\Mame32\roms\ffight.zip/FF19-19.BIN (Error whilst scanning file: I/O Error (0x00220005))

 

C:\Mame32\roms\ffight.zip/FF19-19.BIN (Error whilst scanning file: I/O Error (0x00220005))

 

C:\N4SMW\CRACK\keygen.exe (Infected with W32/Packed_FSG.D)

Deleted file

 

C:\System Volume Information\_restore{00FA5E05-66F3-4660-B92E-F2DB21F1A1E7}\RP424\A0582522.dll (Infected with W32/Agent.dam)

Deleted file

 

C:\System Volume Information\_restore{00FA5E05-66F3-4660-B92E-F2DB21F1A1E7}\RP427\A0583005.exe (Infected with W32/Busky.JHRU)

Deleted file

 

C:\System Volume Information\_restore{00FA5E05-66F3-4660-B92E-F2DB21F1A1E7}\RP427\A0583006.exe (Infected with W32/Accoona.R)

Deleted file

 

C:\System Volume Information\_restore{00FA5E05-66F3-4660-B92E-F2DB21F1A1E7}\RP427\A0583007.exe (Infected with W32/Packed_FSG.D)

Deleted file

 

Scanning: E:\*.*

 

Scanning: D:\*.*

 

Scanning: A:\*.*

 

Scanning: c:\System Volume Information\*.*

 

 

Running post-scan cleanup routine:

 

Number of files found: 173428

Number of archives unpacked: 1625

Number of files scanned: 173319

Number of files not scanned: 109

Number of files skipped due to exclude list: 0

Number of infected files found: 7

Number of infected files repaired/deleted: 7

Number of infections removed: 7

Total scanning time: 29m 26s

[Silas Martins 0]

Reconhece os arquivos abaixo?

C:\WINDOWS\system32\CTFMON.EXE C:\Documents and Settings\All Users\Dados de aplicativos\Jump Poll Poke Mp3\burn title.exe

 

Siga as instruções deste tutorial para limpeza de arquivos temporários e inúteis.

Aguardo retorno

[Leno 0]

Fiz todos os passos mais ele ainda continua abrindo sozinho o iexplorer

nao sei se isso ajuda,mais o nome das paginas que abrem e CiD e geralmente e uma pagina do mercado livre ou propagandas

por ex uma que abriu agorinha vo escreve uq ta escrito na pagina mais NÃO SIGA O LINK!!!!!! CiD:http://www.adserver5.com/cy/indexint.html?665168316163505275

uma dakelas famosas propagandas "PARABÉNS,você E O USUÁRIO 9999999999 CLICKE AQUI PRA RECEBER SEU VIRUS <_< "

Mais ele sempre abre paginas diferentes,,uma hora e essa,outra um otro site que esqueci,,dps o mercado livre, mais sempre no comeco esta escrito CiD.

Nao sei se saber qual a pagina ajuda,,mais quem sabe hehe,,vo posta otro log do hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:22:46, on 7/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\FlashGet\flashget.exe

C:\Arquivos de programas\Mozilla Firefox 3 Beta 5\firefox.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" /tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{BB2832CC-5551-439D-A9FB-DCDBA2841BF2}: NameServer = 192.168.1.1

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 6482 bytes

[Silas Martins 0]

Vá no Painel de Controle>clique me Adicionar e Remover programas>Clique no Messenger Plus (caso o tenha instalado) clique em desinstalar/alterar e altere retirando o programa de patrocionio. Assim as pop-up não irão mais aparecer.

Aguardo o retorno.

[Leno 0]

Cara,desinstalei o messenger,reinstalei sem o plus e sem o patrocinio mais ainda assim continuam abrindo os malditos CiD pop- ups :cry: sera q vo ter que formatar? =/

bom,ai vai mais um log do hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:43:32, on 9/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox 3 Beta 5\firefox.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" /tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [proxysupport] C:\DOCUME~1\SRGIOM~1\DADOSD~1\CITYLE~1\fork mess new.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{BB2832CC-5551-439D-A9FB-DCDBA2841BF2}: NameServer = 192.168.1.1

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)

 

--

End of file - 6677 bytes

[Silas Martins 0]

Quanto a formatar fica tranquilo não é o seu caso.

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

 

 

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo o retorno

[Leno 0]

Rodei o combofix,,so que ele nao reiniciou a maquinha,entao reiniciei manualmente.ai vai o log

 

ComboFix 09-02-08.02 - Sérgio Murilo 2009-02-10 13:07:37.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2047.1647 [GMT -2:00]

Executando de: c:\documents and settings\Sérgio Murilo\Desktop\KomboFix.exe

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-10 to 2009-02-10 ))))))))))))))))))))))))))))

.

 

2009-02-10 12:56 . 2009-02-10 13:01 <DIR> d-------- C:\ComboFix

2009-02-08 17:51 . 2009-02-08 17:51 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-02-07 09:18 . 2009-02-07 09:18 <DIR> d-------- C:\PSFONTS

2009-02-07 09:17 . 2009-02-07 09:25 <DIR> d-------- c:\arquivos de programas\Finale 2009

2009-02-05 13:25 . 2009-02-05 13:23 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-02-05 13:22 . 2009-02-05 13:22 <DIR> d--h-c--- c:\documents and settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-02-05 13:22 . 2009-02-05 13:22 <DIR> d-------- c:\arquivos de programas\Lavasoft

2009-02-05 13:11 . 2009-02-09 11:43 <DIR> d-------- C:\HiJackThis

2009-02-04 13:06 . 2008-11-25 06:45 2,283,027 --a------ c:\windows\system32\x264vfw.dll

2009-02-04 13:06 . 2002-07-07 20:14 1,294,336 --a------ c:\windows\system32\vorbis.acm

2009-02-04 13:06 . 2008-01-10 10:15 755,027 --a------ c:\windows\system32\xvidcore.dll

2009-02-04 13:06 . 2006-04-02 10:47 630,784 --a------ c:\windows\system32\vp7vfw.dll

2009-02-04 13:06 . 2004-12-10 06:03 438,272 --a------ c:\windows\system32\vp6vfw.dll

2009-02-04 13:06 . 1997-04-07 15:19 391,680 --a------ c:\windows\system32\I263_32.drv

2009-02-04 13:06 . 2001-02-24 23:19 287,744 --a------ c:\windows\system32\divxa32.acm

2009-02-04 13:06 . 2006-10-18 16:05 232,448 --a------ c:\windows\system32\mp3fhg.acm

2009-02-04 13:06 . 2008-01-10 10:16 159,839 --a------ c:\windows\system32\xvidvfw.dll

2009-02-04 13:06 . 2004-05-18 16:16 39,936 --a------ c:\windows\system32\huffyuv.dll

2009-01-30 14:01 . 2009-01-30 14:01 <DIR> d-------- c:\documents and settings\Sérgio Murilo\Dados de aplicativos\citylessmath

2009-01-30 14:01 . 2009-01-30 14:01 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Jump Poll Poke Mp3

2009-01-22 14:46 . 2009-01-22 14:46 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Sibelius Software

2009-01-22 14:46 . 2009-01-22 14:46 604 --ah----- c:\windows\T4

2009-01-22 14:46 . 2009-01-22 14:46 604 --ah----- c:\windows\system32\T3

2009-01-22 14:45 . 2009-01-22 14:46 <DIR> d-------- c:\documents and settings\Sérgio Murilo\Dados de aplicativos\Sibelius Software

2009-01-22 14:27 . 2009-01-22 14:27 <DIR> d-------- c:\arquivos de programas\Sibelius Software

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-10 15:04 --------- d-----w c:\arquivos de programas\Mozilla Firefox 3 Beta 5

2009-02-10 01:29 138,376 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-10 01:29 111,928 ----a-w c:\windows\system32\PnkBstrB.exe

2009-02-08 21:45 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-08 20:24 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-02-07 12:27 --------- d-----w c:\arquivos de programas\FlashGet

2009-02-05 21:01 --------- d-----w c:\arquivos de programas\DreaMule

2009-02-05 15:21 --------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-02-04 15:06 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2009-01-31 18:15 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-01-30 20:51 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-01-22 16:46 604 ---ha-w c:\arquivos de programas\STLL Notifier

2009-01-06 20:20 --------- d-----w c:\arquivos de programas\USB Vibration

2009-01-06 13:28 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-01-06 13:22 --------- d-----w c:\arquivos de programas\Warner Bros. Interactive Entertainment

2009-01-06 04:06 --------- d-----w c:\documents and settings\Sérgio Murilo\Dados de aplicativos\fltk.org

2009-01-04 17:13 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avg8

2009-01-03 19:13 --------- d-----w c:\arquivos de programas\Sierra

2009-01-01 04:18 --------- d-----w c:\arquivos de programas\CCleaner

2008-12-30 16:58 66,872 ----a-w c:\windows\system32\PnkBstrA.exe

2008-12-29 22:41 --------- d-----w c:\arquivos de programas\EA GAMES

2008-12-16 02:21 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-12-16 02:21 --------- d-----w c:\arquivos de programas\Java

2008-12-16 02:21 --------- d-----w c:\arquivos de programas\IrfanView

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-04 16:29 139,264 ----a-w c:\windows\system32\sndvol32.exe

2008-11-24 14:32 57,344 ----a-w c:\windows\system32\ff_vfw.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-02-10_13.00.16,35 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-02-10 15:04:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4f0.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"proxysupport"="c:\docume~1\SRGIOM~1\DADOSD~1\CITYLE~1\fork mess new.exe" [2009-01-30 565248]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-19 925696]

"PCSuiteTrayApplication"="c:\arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-12-16 136600]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"Ad-Watch"="c:\arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-05 509784]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"Nokia.PCSync"="c:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\eMule\\eMule.exe"=

"c:\\Arquivos de programas\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"=

"c:\\Arquivos de programas\\FlashGet\\flashget.exe"=

"c:\\Rohan\\rohanclient.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

"c:\\Arquivos de programas\\Sierra\\FEARCombat\\fpupdate.exe"=

"c:\\Arquivos de programas\\Sierra\\FEARCombat\\FEARMP.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"20608:TCP"= 20608:TCP:zzzzzz

"33620:UDP"= 33620:UDP:zzzzzzzzzzzzzza

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-05 64160]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-02-10 c:\windows\Tasks\A407A11291E85F5E.job

- c:\docume~1\srgiom~1\dadosd~1\cityle~1\Team Mode Amok.exe [2009-01-30 14:01]

 

2009-02-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-05 13:23]

.

.

------- Scan Suplementar -------

.

IE: &Download All with FlashGet - c:\arquivos de programas\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\arquivos de programas\FlashGet\jc_link.htm

IE: Download Link Using Mega Manager...

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {BB2832CC-5551-439D-A9FB-DCDBA2841BF2} = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Sérgio Murilo\Dados de aplicativos\Mozilla\Firefox\Profiles\u4dtabb0.default\

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox 3 Beta 5\plugins\np-mswmp.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-10 13:09:15

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1454471165-1229272821-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:44,d7,61,c9,00,80,f9,76,45,95,8b,db,f4,9d,e9,e3,49,2c,0e,3a,5c,2b,86,

31,b5,dd,a1,46,fb,e1,fb,cb,3b,2d,cb,01,97,71,dc,97,d9,fa,f7,b8,d5,2e,b2,10,\

"??"=hex:85,81,73,9a,21,c7,93,a8,e9,d8,68,4f,ca,fa,f6,0e

 

[HKEY_USERS\S-1-5-21-1454471165-1229272821-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:95,a8,cc,71,d3,86,60,8a,eb,e8,e6,4e,11,dc,ec,aa,8c,4f,33,3a,2b,

8c,f9,33,59,bc,72,26,e0,ae,d3,46,07,9a,31,0a,bb,bd,23,9e,71,19,f3,0a,9e,52,\

"rkeysecu"=hex:8e,de,97,a1,52,7b,3e,6f,de,38,27,95,0d,11,ad,10

.

Tempo para conclusão: 2009-02-10 13:10:20

ComboFix-quarantined-files.txt 2009-02-10 15:10:12

ComboFix2.txt 2009-02-10 15:01:06

 

Pré-execução: 25 pasta(s) 69.095.202.816 bytes disponíveis

Pós execução: 25 pasta(s) 69,079,113,728 bytes disponíveis

 

172 --- E O F --- 2009-01-14 18:35:28

 

 

 

ai ele fez otro log,,ai vai o otro

 

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-10 13:08:04

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

[Silas Martins 0]

Rode o combofix em modo de segurança

[Leno 0]

ae,executei o combofix em modo de segurança,tanto como ComboFix quanto KomboFix,,executei a partir do C: ,depois executei a partir do Desktop mais ainda assim ele gerou o log sem reiniciar o pc.

bom,ai vai o log gerado

 

ComboFix 09-02-08.02 - Sérgio Murilo 2009-02-10 23:16:29.4 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2047.1754 [GMT -2:00]

Executando de: C:\ComboFix.exe

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-11 to 2009-02-11 ))))))))))))))))))))))))))))

.

 

2009-02-10 23:04 . 2009-02-10 23:07 <DIR> d-------- C:\KomboFix

2009-02-10 20:09 . 2009-02-10 20:09 <DIR> d-------- c:\windows\Logs

2009-02-10 20:09 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll

2009-02-10 20:09 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll

2009-02-10 20:09 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll

2009-02-10 20:09 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll

2009-02-10 20:09 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll

2009-02-10 20:09 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll

2009-02-10 20:09 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll

2009-02-10 20:08 . 2009-02-10 20:08 682,280 --a------ c:\windows\system32\pbsvc.exe

2009-02-10 20:08 . 2009-02-10 20:08 22,328 --a------ c:\documents and settings\Sérgio Murilo\Dados de aplicativos\PnkBstrK.sys

2009-02-10 19:58 . 2009-02-10 19:58 <DIR> d-------- c:\arquivos de programas\Activision

2009-02-10 13:06 . 2009-02-10 13:06 2,919,117 -ra------ C:\ComboFix.exe

2009-02-08 17:51 . 2009-02-08 17:51 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-02-07 09:18 . 2009-02-07 09:18 <DIR> d-------- C:\PSFONTS

2009-02-07 09:17 . 2009-02-07 09:25 <DIR> d-------- c:\arquivos de programas\Finale 2009

2009-02-05 13:25 . 2009-02-05 13:23 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-02-05 13:22 . 2009-02-05 13:22 <DIR> d--h-c--- c:\documents and settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-02-05 13:22 . 2009-02-05 13:22 <DIR> d-------- c:\arquivos de programas\Lavasoft

2009-02-05 13:11 . 2009-02-09 11:43 <DIR> d-------- C:\HiJackThis

2009-02-04 13:06 . 2008-11-25 06:45 2,283,027 --a------ c:\windows\system32\x264vfw.dll

2009-02-04 13:06 . 2002-07-07 20:14 1,294,336 --a------ c:\windows\system32\vorbis.acm

2009-02-04 13:06 . 2008-01-10 10:15 755,027 --a------ c:\windows\system32\xvidcore.dll

2009-02-04 13:06 . 2006-04-02 10:47 630,784 --a------ c:\windows\system32\vp7vfw.dll

2009-02-04 13:06 . 2004-12-10 06:03 438,272 --a------ c:\windows\system32\vp6vfw.dll

2009-02-04 13:06 . 1997-04-07 15:19 391,680 --a------ c:\windows\system32\I263_32.drv

2009-02-04 13:06 . 2001-02-24 23:19 287,744 --a------ c:\windows\system32\divxa32.acm

2009-02-04 13:06 . 2006-10-18 16:05 232,448 --a------ c:\windows\system32\mp3fhg.acm

2009-02-04 13:06 . 2008-01-10 10:16 159,839 --a------ c:\windows\system32\xvidvfw.dll

2009-02-04 13:06 . 2004-05-18 16:16 39,936 --a------ c:\windows\system32\huffyuv.dll

2009-01-30 14:01 . 2009-01-30 14:01 <DIR> d-------- c:\documents and settings\Sérgio Murilo\Dados de aplicativos\citylessmath

2009-01-30 14:01 . 2009-01-30 14:01 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Jump Poll Poke Mp3

2009-01-22 14:46 . 2009-01-22 14:46 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Sibelius Software

2009-01-22 14:46 . 2009-01-22 14:46 604 --ah----- c:\windows\T4

2009-01-22 14:46 . 2009-01-22 14:46 604 --ah----- c:\windows\system32\T3

2009-01-22 14:45 . 2009-01-22 14:46 <DIR> d-------- c:\documents and settings\Sérgio Murilo\Dados de aplicativos\Sibelius Software

2009-01-22 14:27 . 2009-01-22 14:27 <DIR> d-------- c:\arquivos de programas\Sibelius Software

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-11 00:58 --------- d-----w c:\arquivos de programas\Mozilla Firefox 3 Beta 5

2009-02-10 22:08 66,872 ----a-w c:\windows\system32\PnkBstrA.exe

2009-02-10 22:08 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-02-10 22:08 107,832 ----a-w c:\windows\system32\PnkBstrB.exe

2009-02-10 22:08 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-02-08 21:45 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-08 20:24 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-02-07 12:27 --------- d-----w c:\arquivos de programas\FlashGet

2009-02-05 21:01 --------- d-----w c:\arquivos de programas\DreaMule

2009-02-05 15:21 --------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-02-04 15:06 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2009-01-31 18:15 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-01-22 16:46 604 ---ha-w c:\arquivos de programas\STLL Notifier

2009-01-06 20:20 --------- d-----w c:\arquivos de programas\USB Vibration

2009-01-06 13:28 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-01-06 13:22 --------- d-----w c:\arquivos de programas\Warner Bros. Interactive Entertainment

2009-01-06 04:06 --------- d-----w c:\documents and settings\Sérgio Murilo\Dados de aplicativos\fltk.org

2009-01-04 17:13 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avg8

2009-01-03 19:13 --------- d-----w c:\arquivos de programas\Sierra

2009-01-01 04:18 --------- d-----w c:\arquivos de programas\CCleaner

2008-12-29 22:41 --------- d-----w c:\arquivos de programas\EA GAMES

2008-12-16 02:21 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-12-16 02:21 --------- d-----w c:\arquivos de programas\Java

2008-12-16 02:21 --------- d-----w c:\arquivos de programas\IrfanView

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-04 16:29 139,264 ----a-w c:\windows\system32\sndvol32.exe

2008-11-24 14:32 57,344 ----a-w c:\windows\system32\ff_vfw.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"proxysupport"="c:\docume~1\SRGIOM~1\DADOSD~1\CITYLE~1\fork mess new.exe" [2009-01-30 565248]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-19 925696]

"PCSuiteTrayApplication"="c:\arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2008-12-16 136600]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"Ad-Watch"="c:\arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-05 509784]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"Nokia.PCSync"="c:\arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\eMule\\eMule.exe"=

"c:\\Arquivos de programas\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"=

"c:\\Arquivos de programas\\FlashGet\\flashget.exe"=

"c:\\Rohan\\rohanclient.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

"c:\\Arquivos de programas\\Sierra\\FEARCombat\\fpupdate.exe"=

"c:\\Arquivos de programas\\Sierra\\FEARCombat\\FEARMP.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Arquivos de programas\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"20608:TCP"= 20608:TCP:zzzzzz

"33620:UDP"= 33620:UDP:zzzzzzzzzzzzzza

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-05 64160]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-02-10 c:\windows\Tasks\A407A11291E85F5E.job

- c:\docume~1\srgiom~1\dadosd~1\cityle~1\Team Mode Amok.exe [2009-01-30 14:01]

 

2009-02-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-05 13:23]

.

.

------- Scan Suplementar -------

.

IE: &Download All with FlashGet - c:\arquivos de programas\FlashGet\jc_all.htm

IE: &Download with FlashGet - c:\arquivos de programas\FlashGet\jc_link.htm

IE: Download Link Using Mega Manager...

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {BB2832CC-5551-439D-A9FB-DCDBA2841BF2} = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Sérgio Murilo\Dados de aplicativos\Mozilla\Firefox\Profiles\u4dtabb0.default\

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox 3 Beta 5\plugins\np-mswmp.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-10 23:17:05

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1454471165-1229272821-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:44,d7,61,c9,00,80,f9,76,45,95,8b,db,f4,9d,e9,e3,49,2c,0e,3a,5c,2b,86,

31,b5,dd,a1,46,fb,e1,fb,cb,3b,2d,cb,01,97,71,dc,97,d9,fa,f7,b8,d5,2e,b2,10,\

"??"=hex:85,81,73,9a,21,c7,93,a8,e9,d8,68,4f,ca,fa,f6,0e

 

[HKEY_USERS\S-1-5-21-1454471165-1229272821-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:95,a8,cc,71,d3,86,60,8a,eb,e8,e6,4e,11,dc,ec,aa,8c,4f,33,3a,2b,

8c,f9,33,59,bc,72,26,e0,ae,d3,46,07,9a,31,0a,bb,bd,23,9e,71,19,f3,0a,9e,52,\

"rkeysecu"=hex:8e,de,97,a1,52,7b,3e,6f,de,38,27,95,0d,11,ad,10

.

Tempo para conclusão: 2009-02-10 23:18:02

ComboFix-quarantined-files.txt 2009-02-11 01:17:53

ComboFix2.txt 2009-02-11 01:07:29

ComboFix3.txt 2009-02-10 15:10:21

ComboFix4.txt 2009-02-10 15:01:06

 

Pré-execução: 24 pasta(s) 63.041.957.888 bytes disponíveis

Pós execução: 24 pasta(s) 63,027,609,600 bytes disponíveis

 

186 --- E O F --- 2009-01-14 18:35:28

[Silas Martins 0]

Baixe o Malwarebytes Anti-Malware

 

 

* Inicie a instalação clique em "mbam-setup.exe";

* Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir.

* Marque "Verificação Rápida" e depois clique em Verificar.

* Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

* Se algo for detectado, veja se tudo está marcado e clique em "Remover";

* O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

* Copie e cole esse log, juntamente com o novo log do hijacktihis .

Aguado o retorno.

[Leno 0]

Feito... ai vai o log do malware

 

Malwarebytes' Anti-Malware 1.34

Versão do banco de dados: 1750

Windows 5.1.2600 Service Pack 3

 

11/2/2009 20:57:57

mbam-log-2009-02-11 (20-57-57).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 63442

Tempo decorrido: 1 minute(s), 45 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

 

 

 

 

E aqui o log do hijack

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:10:19, on 11/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" /tray

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [proxysupport] C:\DOCUME~1\SRGIOM~1\DADOSD~1\CITYLE~1\fork mess new.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{BB2832CC-5551-439D-A9FB-DCDBA2841BF2}: NameServer = 192.168.1.1

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)

 

--

End of file - 6899 bytes

[Silas Martins 0]

Reconhece esse arquivo??:

C:\DOCUME~1\SRGIOM~1\DADOSD~1\CITYLE~1\fork mess new.exe

Aguardo retorno

[Leno 0]

nao reconheco,,como so eu uso o pc,tenho certeza q naum instalei isso u.U

[Silas Martins 0]

Siga as instruções abaixo:

 

Baixe o Killbox

Execute o KillBox,clique em Delete on Reboot.

Copie a lista abaixo:

C:\DOCUME~1\SRGIOM~1\DADOSD~1\CITYLE~1\fork mess new.exe

 

Vá ao Killbox.E clique em File > Paste from clipboard. Clique em All Files.

 

Pressione "X". Responda "NÃO" à pergunta.

 

Reinicie

o computador em Modo Seguro (após reiniciar aperte a tecla F8 repetidamente até aparecer uma tela preta em DOS e escolha Modo Seguro).

 

Execute o HijackThis, clique em Do a system scan only e selecione as linhas:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [proxysupport] C:\DOCUME~1\SRGIOM~1\DADOSD~1\CITYLE~1\fork mess new.exe

Clique em Fix Checked

Feito isso Reinicie em modo normal e gere um novo log do Hijackthis.

 

Aguardo retorno.

[Leno 0]

Cara,axo que resolveu ^_^ nao abriu mais nenhum pop up,e sumiram os iexplorer do gerenciador :DDD

ai vai o log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:44:09, on 18/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox 3 Beta 5\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{BB2832CC-5551-439D-A9FB-DCDBA2841BF2}: NameServer = 192.168.1.1

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)

 

--

End of file - 6311 bytes

 

 

Valeu a ajuda :DD tomara q nao tenha mais nada hehe

[Silas Martins 0]

Log Limpo.

[Silas Martins 0]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.