Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

FDL.GATA

[Arquivado] Malware CiD

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

FDL.GATA    0

FDL.GATA
Postado

Olá, meu log está abaixo, gostariia que me ajudassem a acabar com o malware do CID, fiz de tudo e não consigo!! :unsure:

 

________________________________________________________________________________

______________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:57:02, on 16/02/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16809)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\MagicTune Premium\GammaTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

D:\BACKUP\Aplicativos\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [chic mode] "C:\ProgramData\BatTimeTime.u99z0"

O4 - HKCU\..\Run: [second bat creative peak] "C:\ProgramData\Balm bash info.de9ofe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: GammaTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

 

--

End of file - 9939 bytes

 

 

Abraços :grin:

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! FDL.GATA

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

FDL.GATA    0

FDL.GATA
Postado

Oiii, já fiz tudO issO viu! Eu instaleii tudo e apareceu a janela do bloco de notas com isso que eu vou botar aqui embaixo, eu não vi nada sobre o que disse disso aí ''( C:\Lop SD\LopR_1.txt )''. E sobre o HijackThis eu tbm vou postar aqui embaixo, mas sobre o que falou de ser atualizado, é a versão? Se for, a minha versão é HijackThis 2.0.2, que eu baixei do Baixaki. Espero que ajude, senão pode responder que eu dou um jeito.

 

Um abraço!!

 

:rolleyes:

 

________________________________________________________________________________

 

CONTEÚDO DO BLOCO DE NOTAS DO LopS&D:

 

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft® Windows Vista™ Ultimate ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2140 @ 1.60GHz )

BIOS : Award Modular BIOS v6.00PG

USER : ROSANE ( Not Administrator ! )

BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:88 Go (Free:53 Go)

D:\ (Local Disk) - NTFS - Total:39 Go (Free:13 Go)

E:\ (Local Disk) - NTFS - Total:21 Go (Free:9 Go)

F:\ (CD or DVD)

G:\ (USB)

H:\ (USB)

I:\ (USB)

J:\ (USB)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 17/02/2009|14:24 )

 

[ UAC => 1 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\ProgramData\Axis Readme Second Bat\Axis size.dat

Deletado! - C:\ProgramData\Axis Readme Second Bat\Axis size.exe

Deletado! - C:\ProgramData\BatTimeTime.4tinc

Deletado! - C:\ProgramData\BatTimeTime.u99z0

Deletado! - C:\ProgramData\Balm bash info.de9ofe

Deletado! - C:\ProgramData\Axis Readme Second Bat

-

[ Arquivos/Ficheiros Hosts ] .. RESTAURADO

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em Local

 

[29/01/2009|15:14] C:\Users\ROSANE\AppData\Local\Adobe

[16/01/2009|19:42] C:\Users\ROSANE\AppData\Local\Ahead

[01/02/2009|12:16] C:\Users\ROSANE\AppData\Local\d3d9caps.dat

[15/01/2009|13:36] C:\Users\ROSANE\AppData\Local\Dados de aplicativos

[18/01/2009|16:56] C:\Users\ROSANE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[16/01/2009|03:09] C:\Users\ROSANE\AppData\Local\GDIPFONTCACHEV1.DAT

[17/01/2009|21:41] C:\Users\ROSANE\AppData\Local\Google

[15/01/2009|13:36] C:\Users\ROSANE\AppData\Local\Hist¢rico

[16/02/2009|21:36] C:\Users\ROSANE\AppData\Local\IconCache.db

[14/02/2009|10:38] C:\Users\ROSANE\AppData\Local\Microsoft

[19/01/2009|19:39] C:\Users\ROSANE\AppData\Local\Microsoft Games

[20/01/2009|19:42] C:\Users\ROSANE\AppData\Local\Nero

[15/01/2009|15:50] C:\Users\ROSANE\AppData\Local\Real

[17/02/2009|14:24] C:\Users\ROSANE\AppData\Local\Temp

[15/01/2009|13:36] C:\Users\ROSANE\AppData\Local\Temporary Internet Files

[17/01/2009|12:52] C:\Users\ROSANE\AppData\Local\VirtualStore

 

--------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

 

[16/02/2009 15:49][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{EB561EFB-1911-4088-ABD1-53E3FDFB80FD}.job

[17/02/2009 14:03][--a------] C:\Windows\tasks\AWC Startup.job

[17/02/2009 14:02][--ah-----] C:\Windows\tasks\SA.DAT

[17/02/2009 06:31][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Lista de pastas em C:\ProgramData

 

[05/02/2009|13:22] C:\ProgramData\64aceroam

[20/01/2009|19:03] C:\ProgramData\Adobe

[02/11/2006|10:00] C:\ProgramData\Application Data

[16/02/2009|07:16] C:\ProgramData\avg8

[15/01/2009|13:33] C:\ProgramData\Dados de aplicativos

[02/11/2006|10:00] C:\ProgramData\Desktop

[15/01/2009|13:33] C:\ProgramData\Documentos

[02/11/2006|10:00] C:\ProgramData\Documents

[15/01/2009|16:59] C:\ProgramData\DVD Shrink

[02/11/2006|10:00] C:\ProgramData\Favorites

[15/01/2009|13:33] C:\ProgramData\Favoritos

[15/01/2009|20:11] C:\ProgramData\Google

[15/01/2009|15:05] C:\ProgramData\Hewlett-Packard

[08/02/2009|14:09] C:\ProgramData\HP

[15/01/2009|15:07] C:\ProgramData\HP Product Assistant

[15/01/2009|15:09] C:\ProgramData\HPSSUPPLY

[03/02/2009|17:19] C:\ProgramData\hpzinstall.log

[15/01/2009|13:33] C:\ProgramData\Menu Iniciar

[06/02/2009|23:09] C:\ProgramData\Messenger Plus!

[03/02/2009|19:25] C:\ProgramData\Microsoft

[15/01/2009|13:33] C:\ProgramData\Modelos

[15/01/2009|16:23] C:\ProgramData\Nero

[17/01/2009|08:35] C:\ProgramData\NOS

[16/01/2009|03:07] C:\ProgramData\ntuser.pol

[16/01/2009|03:08] C:\ProgramData\NVIDIA

[15/01/2009|15:50] C:\ProgramData\Real

[05/02/2009|13:05] C:\ProgramData\Simply Super Software

[02/11/2006|10:00] C:\ProgramData\Start Menu

[05/02/2009|13:15] C:\ProgramData\TEMP

[02/11/2006|10:00] C:\ProgramData\Templates

[15/01/2009|15:10] C:\ProgramData\WEBREG

[16/01/2009|21:49] C:\ProgramData\WildTangent

[15/01/2009|15:55] C:\ProgramData\WLInstaller

[13/02/2009|06:45] C:\ProgramData\Yahoo! Companion

 

--------------------\\ Lista de pastas em C:\Program Files

 

[20/01/2009|19:02] C:\Program Files\Adobe

[15/01/2009|13:33] C:\Program Files\Arquivos Comuns [C:\Program Files\Common Files]

[15/01/2009|15:25] C:\Program Files\AVG

[16/01/2009|00:25] C:\Program Files\BitLocker

[12/02/2009|21:16] C:\Program Files\CCleaner

[20/01/2009|19:02] C:\Program Files\Common Files

[23/01/2009|18:00] C:\Program Files\CoolSMS

[15/01/2009|15:25] C:\Program Files\DVD Shrink

[15/01/2009|20:11] C:\Program Files\Google

[15/01/2009|15:06] C:\Program Files\Hewlett-Packard

[15/01/2009|15:09] C:\Program Files\HP

[15/01/2009|14:51] C:\Program Files\InstallShield Installation Information

[12/02/2009|07:08] C:\Program Files\Internet Explorer

[16/01/2009|21:40] C:\Program Files\IObit

[15/01/2009|15:50] C:\Program Files\K-Lite Codec Pack

[15/01/2009|14:46] C:\Program Files\KWorld Multimedia

[23/01/2009|17:10] C:\Program Files\Lavalys

[15/01/2009|14:51] C:\Program Files\MagicTune Premium

[06/02/2009|23:01] C:\Program Files\Messenger Plus! Live

[03/02/2009|19:20] C:\Program Files\Microsoft

[16/01/2009|03:05] C:\Program Files\Microsoft Games

[15/01/2009|20:30] C:\Program Files\Microsoft IntelliPoint

[15/01/2009|15:14] C:\Program Files\Microsoft Office

[15/01/2009|16:57] C:\Program Files\Microsoft SQL Server Compact Edition

[03/02/2009|19:25] C:\Program Files\Microsoft Sync Framework

[15/01/2009|15:14] C:\Program Files\Microsoft Visual Studio

[16/01/2009|00:19] C:\Program Files\Microsoft Works

[15/01/2009|15:13] C:\Program Files\Microsoft.NET

[02/11/2006|09:41] C:\Program Files\Movie Maker

[02/11/2006|09:35] C:\Program Files\MSBuild

[02/11/2006|09:35] C:\Program Files\MSN

[15/01/2009|20:57] C:\Program Files\MSXML 4.0

[15/01/2009|16:23] C:\Program Files\Nero

[17/01/2009|08:35] C:\Program Files\NOS

[18/01/2009|16:43] C:\Program Files\Real

[02/11/2006|09:35] C:\Program Files\Reference Assemblies

[15/01/2009|14:50] C:\Program Files\SEC

[05/02/2009|11:44] C:\Program Files\Spyware Doctor

[15/01/2009|15:57] C:\Program Files\Total Video Converter

[05/02/2009|13:06] C:\Program Files\Trojan Remover

[02/11/2006|10:00] C:\Program Files\Uninstall Information

[30/01/2009|19:15] C:\Program Files\WildGames

[15/01/2009|23:21] C:\Program Files\Windows Calendar

[02/11/2006|09:41] C:\Program Files\Windows Collaboration

[15/01/2009|23:21] C:\Program Files\Windows Defender

[02/11/2006|09:41] C:\Program Files\Windows Journal

[03/02/2009|19:26] C:\Program Files\Windows Live

[15/01/2009|16:44] C:\Program Files\Windows Live Favorites

[03/02/2009|19:19] C:\Program Files\Windows Live SkyDrive

[03/02/2009|19:25] C:\Program Files\Windows Live Toolbar

[12/02/2009|07:03] C:\Program Files\Windows Mail

[15/01/2009|23:21] C:\Program Files\Windows Media Player

[15/01/2009|13:33] C:\Program Files\Windows NT

[02/11/2006|09:41] C:\Program Files\Windows Photo Gallery

[15/01/2009|23:21] C:\Program Files\Windows Sidebar

[15/01/2009|20:07] C:\Program Files\WinRAR

[12/02/2009|21:15] C:\Program Files\Yahoo!

 

--------------------\\ Lista de pastas em C:\Program Files\Common Files

 

[20/01/2009|19:02] C:\Program Files\Common Files\Adobe

[15/01/2009|15:14] C:\Program Files\Common Files\DESIGNER

[15/01/2009|15:06] C:\Program Files\Common Files\Hewlett-Packard

[15/01/2009|15:07] C:\Program Files\Common Files\HP

[15/01/2009|14:42] C:\Program Files\Common Files\InstallShield

[03/02/2009|19:19] C:\Program Files\Common Files\microsoft shared

[15/01/2009|16:24] C:\Program Files\Common Files\Nero

[18/01/2009|16:52] C:\Program Files\Common Files\Real

[02/11/2006|08:18] C:\Program Files\Common Files\Services

[15/01/2009|13:33] C:\Program Files\Common Files\Sistema [C:\Program Files\Common Files\System]

[02/11/2006|08:18] C:\Program Files\Common Files\SpeechEngines

[15/01/2009|23:21] C:\Program Files\Common Files\System

[15/01/2009|15:54] C:\Program Files\Common Files\Windows Live

[15/01/2009|15:59] C:\Program Files\Common Files\WindowsLiveInstaller

[18/01/2009|16:52] C:\Program Files\Common Files\xing shared

 

--------------------\\ Process

 

( 81 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-17 14:24:52

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:134][D:9]-> C:\Users\ROSANE\AppData\Local\Temp

[F:84][D:1]-> C:\Users\ROSANE\AppData\Roaming\MICROS~1\Windows\Cookies

[F:95][D:5]-> C:\Users\ROSANE\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:13][D:4]-> C:\$Recycle.Bin

 

1 - "C:\Lop SD\LopR_1.txt" - 17/02/2009|14:25 - Option : [2]

 

--------------------\\ Verificação completa em 14:25:44

[ UAC => 1 ]

 

________________________________________________________________________________

_______

 

CONTEÚDO DO BLOCO DE NOTAS DO HIJACKTHIS:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:43:49, on 17/02/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16809)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\MagicTune Premium\GammaTray.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

D:\BACKUP\Aplicativos\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: GammaTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe

O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

 

--

End of file - 9661 bytes

 

________________________________________________________________________________

________

 

 

Pronto!

 

:grin:

 

 

Abraçoos!!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! FDL.GATA

 

<!> Estando tudo Ok,crie um ponto limpo de Restauração do Sistema.

<!> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<!> Marque: Desativar Restauração do Sistema --> Aplicar --> Ok.

<!> Depois,desmarque novamente! --> Aplicar --> Ok.

<!> Para maiores detalhes,vá em: < Docs >

------------------------------------

<!> O log está limpo! :grin:

<!> CiD,ainda,lhe incomoda?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito