[Arquivado] Não consigo executar nenhum antivirus ou antispyware.

[Silas Martins 0]

Repita o CFScript

[Davi Vasconcellos 0]

ComboFix 09-03-31.01 - Marília 2009-04-06 19:48:10.9 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.503.138 [GMT -3:00]

Executando de: C:\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Marília\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

* Criado um novo ponto de restauro

 

FILE ::

c:\windows\System32\symboot.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_dac970nt

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-06 to 2009-04-06 ))))))))))))))))))))))))))))

.

 

2009-04-04 13:11 . 2009-04-04 14:05 <DIR> d-------- c:\arquivos de programas\UsbFix

2009-04-04 05:27 . 2009-04-04 05:27 36,944,440 --a------ C:\Norman_Malware_Cleaner.exe

2009-04-03 05:07 . 2009-04-03 05:07 592 --a------ C:\task-fix.reg

2009-04-01 03:10 . 2009-04-01 03:10 <DIR> d-------- c:\arquivos de programas\Avira

2009-04-01 02:54 . 2009-04-01 02:54 3,012,038 -ra------ C:\ComboFix.exe

2009-03-31 14:41 . 2009-03-31 14:41 <DIR> d-------- C:\avira_antivir_personal_en

2009-03-30 19:27 . 2009-03-30 19:27 32,618,396 --a------ C:\avira_antivir_personal_en.zip

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\documents and settings\Marília\Dados de aplicativos\IObit

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\arquivos de programas\IObit

2009-03-21 08:58 . 2009-03-21 08:58 <DIR> d-------- c:\arquivos de programas\XP Codec Pack

2009-03-21 08:58 . 2008-07-09 06:05 421,888 --a------ c:\windows\system32\ac3filter.acm

2009-03-21 08:33 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys

2009-03-21 08:33 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys

2009-03-21 08:33 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe

2009-03-21 08:33 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe

2009-03-21 08:33 . 2009-02-03 16:35 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll

2009-03-21 05:20 . 2009-03-21 05:20 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-21 03:39 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-21 03:39 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-21 03:26 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-21 03:19 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-21 03:00 . 2009-03-21 05:26 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-21 03:00 . 2006-05-25 10:29 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-19 13:11 . 2009-03-19 13:11 <DIR> d--h----- c:\windows\PIF

2009-03-19 12:56 . 2009-03-19 12:56 <DIR> d-------- c:\arquivos de programas\Lavalys

2009-03-18 23:49 . 2009-04-06 04:04 <DIR> d-------- C:\Hijackthis

2009-03-11 22:28 . 2002-01-05 14:37 344,064 --a------ c:\windows\system32\msvcr70.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-05 07:52 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Image Zone Express

2009-04-01 06:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-03-21 11:33 --------- d-----w c:\arquivos de programas\Realtek

2009-03-12 01:33 --------- d-----w c:\arquivos de programas\Google

2009-02-14 16:40 --------- d-----w c:\arquivos de programas\Unity

2009-02-14 09:05 46,129 ----a-w c:\windows\Fonts\angelina.zip

2009-02-14 09:05 34,131 ----a-w c:\windows\Fonts\blazed.zip

2009-02-14 09:05 141,855 ----a-w c:\windows\Fonts\amaze.zip

2009-02-14 09:04 40,104 ----a-w c:\windows\Fonts\banana_split.zip

2009-02-14 09:04 33,383 ----a-w c:\windows\Fonts\loki_cola.zip

2009-02-14 09:03 74,634 ----a-w c:\windows\Fonts\base_02.zip

2009-02-14 09:03 56,008 ----a-w c:\windows\Fonts\dark_crystal.zip

2009-02-14 09:03 29,847 ----a-w c:\windows\Fonts\adine_kirnberg.zip

2009-02-14 09:03 29,082 ----a-w c:\windows\Fonts\walt_disney.zip

2009-02-14 09:02 25,184 ----a-w c:\windows\Fonts\french_grotesque.zip

2009-02-14 09:02 10,869 ----a-w c:\windows\Fonts\freshman.zip

2009-02-14 09:00 8,655 ----a-w c:\windows\Fonts\grado_gradoo.zip

2009-02-14 09:00 28,674 ----a-w c:\windows\Fonts\graffiti.zip

2009-02-14 09:00 10,431 ----a-w c:\windows\Fonts\grand_stylus.zip

2009-02-14 08:59 26,230 ----a-w c:\windows\Fonts\gravicon_display.zip

2009-02-14 08:58 48,877 ----a-w c:\windows\Fonts\lelf_noir_du_mal.zip

2009-02-14 08:58 21,611 ----a-w c:\windows\Fonts\gregs_other_hand.zip

2009-02-14 08:58 16,680 ----a-w c:\windows\Fonts\gregs_hand.zip

2009-02-12 02:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\MSN Messenger

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-06 21:04 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\SlipStream

2009-02-03 20:32 18,085,888 ----a-w c:\windows\RTHDCPL.EXE

2009-01-21 18:54 1,206,816 ----a-w c:\windows\RtlUpd.exe

.

 

------- Sigcheck -------

 

2008-10-16 13:09 129048 43d5a34f45998483e541235d71b47992 c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-04-01_ 3.02.50.92 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-16 22:17:04 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll

- 2009-01-06 19:14:08 202,168 ----a-w c:\windows\system32\Adobe\Director\swdir.dll

+ 2009-01-16 22:25:34 202,168 ----a-w c:\windows\system32\Adobe\Director\swdir.dll

+ 2009-01-16 22:17:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll

+ 2009-01-16 21:58:24 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2009-01-16 22:17:46 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

- 2008-12-06 00:25:10 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

+ 2009-01-16 21:45:12 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

- 2008-12-06 00:25:10 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2009-01-16 21:45:12 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2009-01-16 21:54:42 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll

+ 2009-01-16 22:16:22 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

+ 2009-01-16 22:18:16 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll

+ 2009-01-16 22:25:14 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103472.exe

+ 2009-01-16 22:16:08 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2009-01-16 22:16:06 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

- 2008-12-06 00:25:10 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

+ 2009-01-16 21:45:12 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

- 1999-06-25 12:55:30 223,232 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE

+ 1999-06-25 13:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE

+ 2008-03-12 15:29:14 94,465 ----a-w c:\windows\system32\avsda.dll

+ 2008-01-21 21:12:56 41,792 ----a-w c:\windows\system32\drivers\avgntdd.sys

+ 2008-01-21 21:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys

+ 2008-03-04 16:28:53 79,424 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2007-03-01 13:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys

+ 2009-04-06 22:50:31 16,384 ----atw c:\windows\temp\Perflib_Perfdata_ba0.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 226864]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 146680]

"ares"="c:\documents and settings\Marília\Meus documentos\Ares\Ares.exe" [2009-01-27 983040]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 226864]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 180224]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 151552]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 188416]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 122880]

"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]

"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 348160]

"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 413696]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 112496]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 262401]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 c:\windows\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-10 191488]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 284248]

Ralink Wireless Utility.lnk - c:\arquivos de programas\RALINK\Common\RaUI.exe [2009-01-10 671744]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"=

"c:\\WINDOWS\\ALCMTR.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=

"c:\\WINDOWS\\system32\\igfxpers.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=

"c:\\WINDOWS\\system32\\hkcmd.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\RALINK\\Common\\RaUI.exe"=

"c:\\Arquivos de programas\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\WINDOWS\\tsnp2std.exe"=

"c:\\WINDOWS\\system32\\netsh.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"c:\\WINDOWS\\vsnp2std.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\usnsvc.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

"c:\\Arquivos de programas\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

"c:\\WINDOWS\\system32\\WISPTIS.EXE"=

"c:\\Documents and Settings\\Marília\\Meus documentos\\Ares\\Ares.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=

"c:\\Hijackthis\\HiJackThis.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Arquivos de programas\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\WINDOWS\\system32\\igfxsrvc.exe"=

"c:\\Arquivos de programas\\Yahoo!\\Companion\\Installs\\cpn\\ytbb.exe"=

"c:\\WINDOWS\\system32\\cmd.exe"=

 

S2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-04-01 164097]

S2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-04-01 254209]

S2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-04-01 41217]

S2 gupdate1c9947de6b77398;Google Update Service (gupdate1c9947de6b77398);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-21 1684736]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 20:41]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: avsda.dll

TCP: {255D53F9-DA11-4382-A77C-C183289A2512} = 192.168.1.1

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-06 19:50:32

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-606747145-963894560-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(888)

c:\windows\system32\avsda.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

c:\arquivos de programas\IObit\Advanced SystemCare 3\IObitUpdate.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-06 19:52:18 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-06 22:52:15

ComboFix2.txt 2009-04-06 06:59:24

ComboFix3.txt 2009-04-04 07:46:27

ComboFix4.txt 2009-04-03 07:55:57

ComboFix5.txt 2009-04-06 22:47:33

 

Pré-execução: 12 pasta(s) 149.550.772.224 bytes disponíveis

Pós execução: 11 pasta(s) 149,509,275,648 bytes disponíveis

 

250 --- E O F --- 2009-03-21 08:31:15

 

 

 

 

---------------------------------------------------------------------------------------------------------------------

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:53:44, on 6/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\tsnp2std.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Google Update Service (gupdate1c9947de6b77398) (gupdate1c9947de6b77398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 8128 bytes

[Silas Martins 0]

Faço o procedimento abaixo em modo de segurança:

Siga as instruções abaixo:

 

 

CFScript

 

Copie,todo conteúdo citado abaixo e cole no Bloco de Notas.

Salve o arquivo na área de trabalho com o nome de: CFScript.txt

File::

C:\WINDOWS\System32\symboot.exe

Rootkit::

C:\WINDOWS\system32\drivers\jehmgn.sys

RegNull::

[HKEY_USERS\S-1-5-21-606747145-963894560-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DAC970NT]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

"UacDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000000

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"FirewallOverride"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"UacDisableNotify"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

Driver::

"dac970nt"

 

Arraste o CFScript.txt até o ícone do Combofix, conforme ilustração abaixo:

 

Atenda à solicitação,que deverá surgir,para rodar o ComboFix

OBS: Arraste o CFScript até para o ícone até que apareça a janela(pequena) do combofix

Ao final poste o ComboFix.txt juntamente com o novo log do hijackthis

 

Obs.: Execute a ação com o seu pendrive conectado ao PC.

 

 

2º Passo

# Execute a ferramenta HiJackThis;

 

# Selecione o(s) item(s) abaixo indicado(s):

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

E clique em Fix Checked

 

3º Passo

Baixe o Autorun Eatear

Dê um duplo clique no ícone do instalador para iniciar a instalação;

• Escolha o idioma de sua preferência e clique em Ok > Avançar > Marque a opção Eu aceito os termos do contrato > Avançar > Avançar > Avançar > Avançar > Instalar > Concluir.

• Clique com o botão direito do mouse sobre o ícone do Autorun Eater na barra de tarefas (ao lado do relógio do Windows) e vá no menu: Registry Fix e marque estas três opções abaixo:

1. ª) “Fix Task Manager”: para reabilitar o gerenciador de tarefas do Windows.

2.ª) “Fix RegEdit”: para reabilitar o editor de registro.

3.ª) “Fix Folder Options”: para reabilitar as opções de pastas do explorer.

 

Aguardo retorno

[Davi Vasconcellos 0]

O PC não reiniciou em Modo Seguro. E agora, faço os procedimentos em Modo Normal mesmo?

 

Aguardando

[Silas Martins 0]

Sim faça em modo normal

[Davi Vasconcellos 0]

ComboFix 09-03-31.01 - Marília 2009-04-07 11:32:24.10 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.503.156 [GMT -3:00]

Executando de: C:\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Marília\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

* Criado um novo ponto de restauro

 

FILE ::

c:\windows\System32\symboot.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_dac970nt

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-07 to 2009-04-07 ))))))))))))))))))))))))))))

.

 

2009-04-04 13:11 . 2009-04-04 14:05 <DIR> d-------- c:\arquivos de programas\UsbFix

2009-04-04 05:27 . 2009-04-04 05:27 36,944,440 --a------ C:\Norman_Malware_Cleaner.exe

2009-04-03 05:07 . 2009-04-03 05:07 592 --a------ C:\task-fix.reg

2009-04-01 03:10 . 2009-04-01 03:10 <DIR> d-------- c:\arquivos de programas\Avira

2009-04-01 02:54 . 2009-04-01 02:54 3,012,038 -ra------ C:\ComboFix.exe

2009-03-31 14:41 . 2009-03-31 14:41 <DIR> d-------- C:\avira_antivir_personal_en

2009-03-30 19:27 . 2009-03-30 19:27 32,618,396 --a------ C:\avira_antivir_personal_en.zip

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\documents and settings\Marília\Dados de aplicativos\IObit

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\arquivos de programas\IObit

2009-03-21 08:58 . 2009-03-21 08:58 <DIR> d-------- c:\arquivos de programas\XP Codec Pack

2009-03-21 08:58 . 2008-07-09 06:05 421,888 --a------ c:\windows\system32\ac3filter.acm

2009-03-21 08:33 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys

2009-03-21 08:33 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys

2009-03-21 08:33 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe

2009-03-21 08:33 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe

2009-03-21 08:33 . 2009-02-03 16:35 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll

2009-03-21 05:20 . 2009-03-21 05:20 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-21 03:39 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-21 03:39 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-21 03:26 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-21 03:19 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-21 03:00 . 2009-03-21 05:26 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-21 03:00 . 2006-05-25 10:29 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-19 13:11 . 2009-03-19 13:11 <DIR> d--h----- c:\windows\PIF

2009-03-19 12:56 . 2009-03-19 12:56 <DIR> d-------- c:\arquivos de programas\Lavalys

2009-03-18 23:49 . 2009-04-06 19:53 <DIR> d-------- C:\Hijackthis

2009-03-11 22:28 . 2002-01-05 14:37 344,064 --a------ c:\windows\system32\msvcr70.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-05 07:52 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Image Zone Express

2009-04-01 06:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-03-21 11:33 --------- d-----w c:\arquivos de programas\Realtek

2009-03-12 01:33 --------- d-----w c:\arquivos de programas\Google

2009-02-14 16:40 --------- d-----w c:\arquivos de programas\Unity

2009-02-14 09:05 46,129 ----a-w c:\windows\Fonts\angelina.zip

2009-02-14 09:05 34,131 ----a-w c:\windows\Fonts\blazed.zip

2009-02-14 09:05 141,855 ----a-w c:\windows\Fonts\amaze.zip

2009-02-14 09:04 40,104 ----a-w c:\windows\Fonts\banana_split.zip

2009-02-14 09:04 33,383 ----a-w c:\windows\Fonts\loki_cola.zip

2009-02-14 09:03 74,634 ----a-w c:\windows\Fonts\base_02.zip

2009-02-14 09:03 56,008 ----a-w c:\windows\Fonts\dark_crystal.zip

2009-02-14 09:03 29,847 ----a-w c:\windows\Fonts\adine_kirnberg.zip

2009-02-14 09:03 29,082 ----a-w c:\windows\Fonts\walt_disney.zip

2009-02-14 09:02 25,184 ----a-w c:\windows\Fonts\french_grotesque.zip

2009-02-14 09:02 10,869 ----a-w c:\windows\Fonts\freshman.zip

2009-02-14 09:00 8,655 ----a-w c:\windows\Fonts\grado_gradoo.zip

2009-02-14 09:00 28,674 ----a-w c:\windows\Fonts\graffiti.zip

2009-02-14 09:00 10,431 ----a-w c:\windows\Fonts\grand_stylus.zip

2009-02-14 08:59 26,230 ----a-w c:\windows\Fonts\gravicon_display.zip

2009-02-14 08:58 48,877 ----a-w c:\windows\Fonts\lelf_noir_du_mal.zip

2009-02-14 08:58 21,611 ----a-w c:\windows\Fonts\gregs_other_hand.zip

2009-02-14 08:58 16,680 ----a-w c:\windows\Fonts\gregs_hand.zip

2009-02-12 02:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\MSN Messenger

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-03 20:32 18,085,888 ----a-w c:\windows\RTHDCPL.EXE

2009-01-21 18:54 1,206,816 ----a-w c:\windows\RtlUpd.exe

.

 

------- Sigcheck -------

 

2008-10-16 13:09 129048 43d5a34f45998483e541235d71b47992 c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-04-01_ 3.02.50.92 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-16 22:17:04 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll

- 2009-01-06 19:14:08 202,168 ----a-w c:\windows\system32\Adobe\Director\swdir.dll

+ 2009-01-16 22:25:34 202,168 ----a-w c:\windows\system32\Adobe\Director\swdir.dll

+ 2009-01-16 22:17:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll

+ 2009-01-16 21:58:24 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2009-01-16 22:17:46 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

- 2008-12-06 00:25:10 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

+ 2009-01-16 21:45:12 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

- 2008-12-06 00:25:10 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2009-01-16 21:45:12 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2009-01-16 21:54:42 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll

+ 2009-01-16 22:16:22 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

+ 2009-01-16 22:18:16 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll

+ 2009-01-16 22:25:14 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103472.exe

+ 2009-01-16 22:16:08 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2009-01-16 22:16:06 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

- 2008-12-06 00:25:10 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

+ 2009-01-16 21:45:12 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

- 1999-06-25 12:55:30 223,232 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE

+ 1999-06-25 13:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE

+ 2008-03-12 15:29:14 94,465 ----a-w c:\windows\system32\avsda.dll

+ 2008-01-21 21:12:56 41,792 ----a-w c:\windows\system32\drivers\avgntdd.sys

+ 2008-01-21 21:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys

+ 2008-03-04 16:28:53 79,424 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2007-03-01 13:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys

+ 2009-04-07 14:35:51 16,384 ----atw c:\windows\temp\Perflib_Perfdata_c64.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 226864]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 146680]

"ares"="c:\documents and settings\Marília\Meus documentos\Ares\Ares.exe" [2009-01-27 983040]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 226864]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 180224]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 151552]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 188416]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 122880]

"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]

"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 348160]

"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 413696]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 112496]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 262401]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 c:\windows\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-10 191488]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 284248]

Ralink Wireless Utility.lnk - c:\arquivos de programas\RALINK\Common\RaUI.exe [2009-01-10 671744]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"=

"c:\\WINDOWS\\ALCMTR.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=

"c:\\WINDOWS\\system32\\igfxpers.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=

"c:\\WINDOWS\\system32\\hkcmd.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\RALINK\\Common\\RaUI.exe"=

"c:\\Arquivos de programas\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\WINDOWS\\tsnp2std.exe"=

"c:\\WINDOWS\\system32\\netsh.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"c:\\WINDOWS\\vsnp2std.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\usnsvc.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

"c:\\Arquivos de programas\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

"c:\\WINDOWS\\system32\\WISPTIS.EXE"=

"c:\\Documents and Settings\\Marília\\Meus documentos\\Ares\\Ares.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=

"c:\\Hijackthis\\HiJackThis.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Arquivos de programas\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\WINDOWS\\system32\\igfxsrvc.exe"=

"c:\\Arquivos de programas\\Yahoo!\\Companion\\Installs\\cpn\\ytbb.exe"=

"c:\\WINDOWS\\system32\\cmd.exe"=

 

S2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-04-01 164097]

S2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-04-01 254209]

S2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-04-01 41217]

S2 gupdate1c9947de6b77398;Google Update Service (gupdate1c9947de6b77398);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-21 1684736]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-07 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 20:41]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: avsda.dll

TCP: {255D53F9-DA11-4382-A77C-C183289A2512} = 192.168.1.1

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-07 11:35:52

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-606747145-963894560-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(884)

c:\windows\system32\avsda.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

c:\arquivos de programas\IObit\Advanced SystemCare 3\IObitUpdate.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-07 11:37:42 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-07 14:37:39

ComboFix2.txt 2009-04-06 22:52:20

ComboFix3.txt 2009-04-06 06:59:24

ComboFix4.txt 2009-04-04 07:46:27

ComboFix5.txt 2009-04-07 14:31:46

 

Pré-execução: 12 pasta(s) 149.109.919.744 bytes disponíveis

Pós execução: 11 pasta(s) 149,129,175,040 bytes disponíveis

 

249 --- E O F --- 2009-03-21 08:31:15

 

 

 

 

-------------------------------------------------------------------------------------------------------------------------------------

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:17:38, on 7/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Autorun Eater\billy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKLM\..\Run: [Autorun Eater] C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Google Update Service (gupdate1c9947de6b77398) (gupdate1c9947de6b77398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 8481 bytes

 

 

Instalei o Autorun Eater, fiz os procedimentos mas ainda não habilitou o 'Gerenciador'...

 

Aguardando

[Silas Martins 0]

Vou precisar de um log do L2MFix. Clique aqui e baixe.

 

Extraia os arquivos e rode o l2mfix.bat --> opção "run find log". Depois de alguns minutos o bloco de notas deve abrir com um log. É o conteúdo deste log que você deverá colar em sua próxima resposta, bem como o novo log do Hijack.

 

Aguardo retorno.

 

Um abraço.

[Davi Vasconcellos 0]

O download passou bem rapido até os 99% (30 segundos). E agora não sai dos 99% ! Já faz tempo que tá nesses 99%...

 

:mellow:

 

Abraço

[Silas Martins 0]

Encerre o download e começe novamente, as vezes isso ocorre é normal

[Davi Vasconcellos 0]

Já tentei mais 2 vezes e nada!

 

Aguardando

[Silas Martins 0]

Link Alternativo

[Davi Vasconcellos 0]

Silas, continua sem dar certo! Tentei trÊs vezes. Esperei e nada aconteceu novamente (99%).

:huh:

 

No aguardo...

 

Executei o l2mfix e seguem os logs:

 

L2MFIX find log 032106

These are the registry keys present

********************************************************************************

**

Winlogon/notify:

********************************************************************************

**

useragent:

********************************************************************************

**

Shell Extension key:

********************************************************************************

**

HKEY ROOT CLASSIDS:

********************************************************************************

**

Files Found are not all bad files:

OŠ÷‹h¡ÿh¡¸¨žè‚ ÇG ‰Oˆw‹6죉76Nž+÷‰w‹6p¤‰w ‹÷‹>ì£ùÿk¢} - 1252,

 

C:\WINDOWS\SYSTEM32\

rtkcoi~1.dll Tue 3 Feb 2009 16:35:22 A.... 35.840 35,00 K

 

1 item found: 1 file, 0 directories.

Total of file sizes: 35.840 bytes 35,00 K

Locate .tmp files:

 

No matches found.

********************************************************************************

**

Directory Listing of system files:

O volume na unidade C não tem nome.

O número de série do volume é D810-0C38

 

Pasta de C:\WINDOWS\System32

 

21/03/2009 08:33 <DIR> dllcache

10/01/2009 16:23 <DIR> Microsoft

0 arquivo(s) 0 bytes

2 pasta(s) 144.803.098.624 bytes disponíveis

 

 

 

 

---------------------------------------------------------------------------------------------

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:07:11, on 11/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Autorun Eater\billy.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKLM\..\Run: [Autorun Eater] C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Google Update Service (gupdate1c9947de6b77398) (gupdate1c9947de6b77398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 8399 bytes

 

 

abraço.

[Silas Martins 0]

Rode o arquivo l2mfix.bat, aperte <Enter>, então digite 2 e aperte Enter novamente. Depois disso, você deverá apertar qualquer tecla e o computador será reiniciado.

 

Após reiniciar, sua área de trabalho deve sumir e reaparecer. A correção ainda não terminou. Quando ela terminar o Bloco de Notas deve abrir com um log. Anexe este log na sua resposta como você fez antes, junto com um novo log do HijackThis.

 

Vá até a pasta l2mfix que foi criada e copie o arquivo ntrights para o C:\

 

Clique em Iniciar --> Executar, digite cmd e clique em OK. Um prompt de comando vai aparecer.

 

Digite o seguinte:

 

cd c:\

Dê Enter. Agora digite o seguinte comando:

 

ntrights -u Administradores +r SeDebugPrivilege > log.txt

Atenção --> Certifique-se digitar este comando corretamente.

 

Dê Enter novamente. Agora deverá existir um arquivo chamado c:\log.txt. Abra-o e cole o conteúdo aqui.

 

Aguardo retorno.

 

Um abraço.

[Davi Vasconcellos 0]

Seguem os três logs respectivamente: L2mfix, Hijackthis, log.txt

 

L2mfix 032106

Creating Account.

Comando conclu¡do com ˆxito.

 

Adding Administrative privleges.

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX ... successful

 

Running From:

C:\WINDOWS\system32

 

Killing Processes!

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 720 'smss.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 808 'winlogon.exe'

Killing PID 808 'winlogon.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Killing PID 1672 'explorer.exe'

Killing PID 1672 'explorer.exe'

Killing PID 1672 'explorer.exe'

Killing PID 1672 'explorer.exe'

 

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03

Copyright© 2002-2003 Craig.Peacock@beyondlogic.org

Error, Cannot find a process with an image name of rundll32.exe

Restoring Sedebugprivilege:

 

Scanning First Pass. Please Wait!

 

First Pass Completed

 

Second Pass Scanning

 

Second pass Completed!

 

 

 

Restoring Windows Update Certificates.:

 

The following Is the Current Export of the Winlogon notify key:

****************************************************************************

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

"Asynchronous"=dword:00000001

"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\

74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\

00,69,00,6d,00,73,00,6e,00,74,00,66,00,79,00,2e,00,64,00,6c,00,6c,00,00,00

"Startup"="WlDimsStartup"

"Shutdown"="WlDimsShutdown"

"Logon"="WlDimsLogon"

"Logoff"="WlDimsLogoff"

"StartShell"="WlDimsStartShell"

"Lock"="WlDimsLock"

"Unlock"="WlDimsUnlock"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

@=""

"DLLName"="igfxdev.dll"

"Asynchronous"=dword:00000001

"Impersonate"=dword:00000001

"Unlock"="WinlogonUnlockEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

 

The following are the files found:

****************************************************************************

 

Registry Entries that were Deleted:

Please verify that the listing looks ok.

If there was something deleted wrongly there are backups in the backreg folder.

****************************************************************************

REGEDIT4

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"SV1"=""

****************************************************************************

Desktop.ini Contents:

****************************************************************************

 

****************************************************************************

Checking for L2MFix account(0=no 1=yes):

0

Zipping up files for submission:

zip warning: name not matched: dlls\*.*

 

zip error: Nothing to do! (backup.zip)

adding: backregs/shell.reg (188 bytes security) (deflated 73%)

 

 

 

 

 

------------------------------------------------------------------------------------------------------------------

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:39:31, on 11/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Autorun Eater\billy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cmd.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKLM\..\Run: [Autorun Eater] C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Google Update Service (gupdate1c9947de6b77398) (gupdate1c9947de6b77398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 8414 bytes

 

 

 

 

-------------------------------------------------------------------------------------------------------

 

 

 

 

Granting SeDebugPrivilege to Administradores ... successful

 

 

 

 

 

Pronto.

Abraço.

[Silas Martins 0]

Copie,todo conteúdo citado abaixo e cole no Bloco de Notas.

Salve o arquivo na área de trabalho com o nome de: CFScript.txt

File::

c:\windows\Fonts\angelina.zip

c:\windows\Fonts\blazed.zip

c:\windows\Fonts\amaze.zip

c:\windows\Fonts\banana_split.zip

c:\windows\Fonts\loki_cola.zip

c:\windows\Fonts\base_02.zip

c:\windows\Fonts\dark_crystal.zip

c:\windows\Fonts\adine_kirnberg.zip

c:\windows\Fonts\walt_disney.zip

c:\windows\Fonts\french_grotesque.zip

c:\windows\Fonts\freshman.zip

c:\windows\Fonts\grado_gradoo.zip

c:\windows\Fonts\graffiti.zip

c:\windows\Fonts\grand_stylus.zip

c:\windows\Fonts\gravicon_display.zip

c:\windows\Fonts\lelf_noir_du_mal.zip

c:\windows\Fonts\gregs_other_hand.zip

c:\windows\Fonts\gregs_hand.zip

C:\WINDOWS\System32\symboot.exe

Rootkit::

C:\WINDOWS\system32\drivers\jehmgn.sys

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DAC970NT]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

"UacDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000000

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"FirewallOverride"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"UacDisableNotify"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

Driver::

"dac970nt"

 

Arraste o CFScript.txt até o ícone do Combofix, conforme ilustração abaixo:

 

Atenda à solicitação,que deverá surgir,para rodar o ComboFix

OBS: Arraste o CFScript até para o ícone até que apareça a janela(pequena) do combofix

Ao final poste o ComboFix.txt juntamente com o novo log do hijackthis

 

Obs.: Execute a ação com o seu pendrive conectado ao PC.

 

 

2º Passo

# Execute a ferramenta HiJackThis;

 

# Selecione o(s) item(s) abaixo indicado(s):

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

E clique em Fix Checked

[Davi Vasconcellos 0]

Seguem:

 

ComboFix 09-03-31.01 - Marília 2009-04-12 0:29:52.11 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.503.246 [GMT -3:00]

Executando de: C:\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Marília\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

* Criado um novo ponto de restauro

.

- MODO DE FUNCIONALIDADE REDUZIDA -

 

FILE ::

c:\windows\Fonts\adine_kirnberg.zip

c:\windows\Fonts\amaze.zip

c:\windows\Fonts\angelina.zip

c:\windows\Fonts\banana_split.zip

c:\windows\Fonts\base_02.zip

c:\windows\Fonts\blazed.zip

c:\windows\Fonts\dark_crystal.zip

c:\windows\Fonts\french_grotesque.zip

c:\windows\Fonts\freshman.zip

c:\windows\Fonts\grado_gradoo.zip

c:\windows\Fonts\graffiti.zip

c:\windows\Fonts\grand_stylus.zip

c:\windows\Fonts\gravicon_display.zip

c:\windows\Fonts\gregs_hand.zip

c:\windows\Fonts\gregs_other_hand.zip

c:\windows\Fonts\lelf_noir_du_mal.zip

c:\windows\Fonts\loki_cola.zip

c:\windows\Fonts\walt_disney.zip

c:\windows\System32\symboot.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Fonts\adine_kirnberg.zip

c:\windows\Fonts\amaze.zip

c:\windows\Fonts\angelina.zip

c:\windows\Fonts\banana_split.zip

c:\windows\Fonts\base_02.zip

c:\windows\Fonts\blazed.zip

c:\windows\Fonts\dark_crystal.zip

c:\windows\Fonts\french_grotesque.zip

c:\windows\Fonts\freshman.zip

c:\windows\Fonts\grado_gradoo.zip

c:\windows\Fonts\graffiti.zip

c:\windows\Fonts\grand_stylus.zip

c:\windows\Fonts\gravicon_display.zip

c:\windows\Fonts\gregs_hand.zip

c:\windows\Fonts\gregs_other_hand.zip

c:\windows\Fonts\lelf_noir_du_mal.zip

c:\windows\Fonts\loki_cola.zip

c:\windows\Fonts\walt_disney.zip

c:\windows\IE4 Error Log.txt

c:\windows\system32\lo2.txtt

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-12 to 2009-04-12 ))))))))))))))))))))))))))))

.

 

2009-04-11 02:32 . 2005-01-13 21:41 112,912 --a------ C:\Ntrights.exe

2009-04-11 01:47 . 2009-04-11 01:52 <DIR> d-------- C:\l2mfix

2009-04-11 01:44 . 2009-04-11 01:45 331,721 --a------ C:\l2mfix.rar

2009-04-07 12:11 . 2009-04-12 00:31 <DIR> d-------- c:\arquivos de programas\Autorun Eater

2009-04-04 13:11 . 2009-04-04 14:05 <DIR> d-------- c:\arquivos de programas\UsbFix

2009-04-04 05:27 . 2009-04-04 05:27 36,944,440 --a------ C:\Norman_Malware_Cleaner.exe

2009-04-03 05:07 . 2009-04-03 05:07 592 --a------ C:\task-fix.reg

2009-04-01 03:10 . 2009-04-01 03:10 <DIR> d-------- c:\arquivos de programas\Avira

2009-04-01 02:54 . 2009-04-01 02:54 3,012,038 -ra------ C:\ComboFix.exe

2009-03-31 14:41 . 2009-03-31 14:41 <DIR> d-------- C:\avira_antivir_personal_en

2009-03-30 19:27 . 2009-03-30 19:27 32,618,396 --a------ C:\avira_antivir_personal_en.zip

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\documents and settings\Marília\Dados de aplicativos\IObit

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\arquivos de programas\IObit

2009-03-21 08:58 . 2009-03-21 08:58 <DIR> d-------- c:\arquivos de programas\XP Codec Pack

2009-03-21 08:58 . 2008-07-09 06:05 421,888 --a------ c:\windows\system32\ac3filter.acm

2009-03-21 08:33 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys

2009-03-21 08:33 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys

2009-03-21 08:33 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe

2009-03-21 08:33 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe

2009-03-21 08:33 . 2009-02-03 16:35 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll

2009-03-21 05:20 . 2009-03-21 05:20 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-21 03:39 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-21 03:39 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-21 03:26 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-21 03:19 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-21 03:00 . 2009-03-21 05:26 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-21 03:00 . 2006-05-25 10:29 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-19 13:11 . 2009-03-19 13:11 <DIR> d--h----- c:\windows\PIF

2009-03-19 12:56 . 2009-03-19 12:56 <DIR> d-------- c:\arquivos de programas\Lavalys

2009-03-18 23:49 . 2009-04-11 02:39 <DIR> d-------- C:\Hijackthis

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-11 03:05 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Image Zone Express

2009-04-01 06:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-03-21 11:33 --------- d-----w c:\arquivos de programas\Realtek

2009-03-12 01:33 --------- d-----w c:\arquivos de programas\Google

2009-02-14 16:40 --------- d-----w c:\arquivos de programas\Unity

2009-02-12 02:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\MSN Messenger

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-03 20:32 18,085,888 ----a-w c:\windows\RTHDCPL.EXE

2009-01-21 18:54 1,206,816 ----a-w c:\windows\RtlUpd.exe

.

 

------- Sigcheck -------

 

2008-10-16 13:09 129048 43d5a34f45998483e541235d71b47992 c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-04-01_ 3.02.50.92 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-16 22:17:04 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll

- 2009-01-06 19:14:08 202,168 ----a-w c:\windows\system32\Adobe\Director\swdir.dll

+ 2009-01-16 22:25:34 202,168 ----a-w c:\windows\system32\Adobe\Director\swdir.dll

+ 2009-01-16 22:17:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll

+ 2009-01-16 21:58:24 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2009-01-16 22:17:46 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

- 2008-12-06 00:25:10 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

+ 2009-01-16 21:45:12 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

- 2008-12-06 00:25:10 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2009-01-16 21:45:12 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2009-01-16 21:54:42 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll

+ 2009-01-16 22:16:22 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

+ 2009-01-16 22:18:16 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll

+ 2009-01-16 22:25:14 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103472.exe

+ 2009-01-16 22:16:08 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2009-01-16 22:16:06 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

- 2008-12-06 00:25:10 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

+ 2009-01-16 21:45:12 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

- 1999-06-25 12:55:30 223,232 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE

+ 1999-06-25 13:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE

+ 2008-03-12 15:29:14 94,465 ----a-w c:\windows\system32\avsda.dll

+ 2008-01-21 21:12:56 41,792 ----a-w c:\windows\system32\drivers\avgntdd.sys

+ 2008-01-21 21:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys

+ 2008-03-04 16:28:53 79,424 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2007-03-01 13:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys

+ 2009-04-12 03:31:12 16,384 ----atw c:\windows\temp\Perflib_Perfdata_ec.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 226864]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 146680]

"ares"="c:\documents and settings\Marília\Meus documentos\Ares\Ares.exe" [2009-01-27 983040]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 226864]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 180224]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 151552]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 188416]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 122880]

"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]

"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 348160]

"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 413696]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 112496]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 262401]

"Autorun Eater"="c:\arquivos de programas\Autorun Eater\oldmcdonald.exe" [2008-11-27 501768]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 c:\windows\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-10 191488]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 284248]

Ralink Wireless Utility.lnk - c:\arquivos de programas\RALINK\Common\RaUI.exe [2009-01-10 671744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"=

"c:\\WINDOWS\\ALCMTR.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=

"c:\\WINDOWS\\system32\\igfxpers.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=

"c:\\WINDOWS\\system32\\hkcmd.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\RALINK\\Common\\RaUI.exe"=

"c:\\Arquivos de programas\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\WINDOWS\\tsnp2std.exe"=

"c:\\WINDOWS\\system32\\netsh.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"c:\\WINDOWS\\vsnp2std.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\usnsvc.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

"c:\\Arquivos de programas\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

"c:\\WINDOWS\\system32\\WISPTIS.EXE"=

"c:\\Documents and Settings\\Marília\\Meus documentos\\Ares\\Ares.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=

"c:\\Hijackthis\\HiJackThis.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Arquivos de programas\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\WINDOWS\\system32\\igfxsrvc.exe"=

"c:\\Arquivos de programas\\Yahoo!\\Companion\\Installs\\cpn\\ytbb.exe"=

"c:\\WINDOWS\\system32\\cmd.exe"=

"c:\\Arquivos de programas\\internet explorer\\iexplore.exe"= c:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE

"c:\\WINDOWS\\Explorer.EXE"=

"c:\\WINDOWS\\system32\\rundll32.exe"=

 

R3 dac970nt;dac970nt;\??\c:\windows\system32\drivers\fjhgnn.sys --> c:\windows\system32\drivers\fjhgnn.sys [?]

S2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-04-01 164097]

S2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-04-01 254209]

S2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-04-01 41217]

S2 gupdate1c9947de6b77398;Google Update Service (gupdate1c9947de6b77398);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-21 1684736]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 20:41]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: avsda.dll

TCP: {255D53F9-DA11-4382-A77C-C183289A2512} = 192.168.1.1

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-12 00:31:27

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-606747145-963894560-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\Autorun Eater\billy.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

c:\windows\system32\netsh.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-12 0:33:31 - Máquina reiniciou

 

Pré-execução: 13 pasta(s) 143.303.168.000 bytes disponíveis

 

 

 

 

 

---------------------------------------------------------

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:35:45, on 12/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\tsnp2std.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Autorun Eater\billy.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKLM\..\Run: [Autorun Eater] C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Google Update Service (gupdate1c9947de6b77398) (gupdate1c9947de6b77398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 8358 bytes

[Silas Martins 0]

* Baixe o VundoFix.

 

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

 

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

 

* Terminado o scan clique em Remove Vundo;

 

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

 

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

 

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do ComboFix.

 

2 Passo

 

 

Fixwareout.

 

Baixe o Fixwareout.

 

Feche todos os programas.

 

Execute o FixWareout (dê duplo clique sobre o ícone) --> "Next" --> "Install" --> "Finish" --> aperte qualquer tecla para continuar --> caso a ferramenta peça reboot, clique em Ok.

 

Verifique o arquivo C:\fixwareout\report.txt.

 

Preciso que coloque o conteúdo do report.txt em sua próxima resposta.

 

 

 

3ºPasso

 

Vá até Virus total aqui→ http://www.virustotal.com/pt

 

* Na caixa que fica em cima Enviar arquivo;

 

o

 C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

* Clique no botão browse e localize o arquivo indicado acima

* O arquivo irá ser examinado por diferentes softwares antivirus, por favor aguarde.

* Copie e cole esse resultado

 

 

Abraços.

[Davi Vasconcellos 0]

Seguem:

 

Username "Marília" - 12/04/2009 2:19:23 [Fixwareout edited 9/01/2007]

 

~~~~~ Prerun check

 

Liberação do cache do DNS Resolver bem-sucedida.

 

 

System was rebooted successfully.

 

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

 

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"

"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"

"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"

"HP Software Update"="C:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"

"FixCamera"="C:\\WINDOWS\\FixCamera.exe"

"tsnp2std"="C:\\WINDOWS\\tsnp2std.exe"

"snp2std"="C:\\WINDOWS\\vsnp2std.exe"

"Adobe Reader Speed Launcher"="\"C:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

"RTHDCPL"="RTHDCPL.EXE"

"avgnt"="\"C:\\Arquivos de programas\\Avira\\AntiVir PersonalEdition Premium\\avgnt.exe\" /min"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe\""

"swg"="C:\\Arquivos de programas\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

"ares"="\"C:\\Documents and Settings\\Marília\\Meus documentos\\Ares\\Ares.exe\" -h"

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

 

 

 

 

----------------------------------------------

 

 

 

 

VundoFix V7.0.6

 

Scan started at 02:08:28 12/4/2009

 

Listing files found while scanning....

 

No infected files were found.

 

 

Beginning removal...

 

Beginning removal...

 

 

 

Obs.: O site "Virus Total" demorou muito (muito mesmo) para abrir e não abriu! Testei com outros sites e páginas, mas o www.virustotal.com/pt não passava da metade!!

 

 

Aguardo...

Abraço.!

[Silas Martins 0]

Vá ao http://brazil.kaspersky.com/antivirus-online-gratis/ e faça o Scan Online da Kaspersky

Quanto ao arquivo tente verifica-lo nesse aqui http://virusscan.jotti.org

C:\Arquivos de programas\Autorun Eater\oldmcdonald.exe

Poste o relatório final do Scan do Jotti e do kaspersky online

[Davi Vasconcellos 0]

Silas,

não está dando certo com nenhum dos links (estou preocupado)! O 1º link demora e depois aparece "A pagina não pode ser exibida ", "Servidor não encontrado" (abro outros sites normalmente) e o 2º link nem aparece nada, fica apenas carregando, mas nunca acaba de carregar.

O negócio tá complicado aqui ein?!

:upset:

 

Aguardo...

Abraço!