Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

williamot

[Arquivado] Cavalo de Tróia

Recommended Posts

O mu avg tá achando um cavalo de tróia, porém ele não consegue remove-lo, ele ate´consegue mas sempre volta sem ao menos reiniciar o computador.

 

O nome do cavalo de tróia é "Cavalo de Tróia Generic_c.ZOC"

 

Tem uns 4 em quarentena, e sempre aparece mais. :(

 

 

Abaixo segue um log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:54:00, on 2/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Microsoft IntelliType Pro\itype.exe

C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Microsoft IntelliType Pro\dpupdchk.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Documents and Settings\Willian Mota\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [itype] "C:\Arquivos de programas\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

 

--

End of file - 6333 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

williamot boa noite.

 

• Vá a este Link,e baixe: < Malwarebytes >

Atualize o programa!

• Escolha o escaneamento Rápido!

Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt + HijackThis,atualizado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue os logs

 

Malwarebytes:

 

Malwarebytes' Anti-Malware 1.36

Versão do banco de dados: 2070

Windows 5.1.2600 Service Pack 3

 

3/5/2009 12:09:53

mbam-log-2009-05-03 (12-09-53).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 79832

Tempo decorrido: 9 minute(s), 29 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

 

 

 

 

 

 

Hijackthis.:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:14:01, on 3/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Microsoft IntelliType Pro\itype.exe

C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Microsoft IntelliPoint\dpupdchk.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Willian Mota\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [itype] "C:\Arquivos de programas\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=29223

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

 

--

End of file - 6983 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

Aguarde a conclusão!

Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue novos logs

 

 

ComboFix 09-05-02.4 - Willian Mota 03/05/2009 15:27.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.191 [GMT -3:00]

Executando de: c:\documents and settings\Willian Mota\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\Cache

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-03 to 2009-05-03 ))))))))))))))))))))))))))))

.

 

2009-05-03 15:22 . 2009-05-03 15:22 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2009-05-03 15:21 . 2009-05-03 15:21 -------- d-----w c:\arquivos de programas\SUPERAntiSpyware

2009-05-03 15:21 . 2009-05-03 15:21 -------- d-----w c:\documents and settings\Willian Mota\Dados de aplicativos\SUPERAntiSpyware.com

2009-05-03 15:20 . 2009-05-03 15:20 -------- d-----w c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-05-03 14:58 . 2009-05-03 14:58 -------- d-----w c:\documents and settings\Willian Mota\Dados de aplicativos\Malwarebytes

2009-05-03 14:57 . 2009-05-03 14:57 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-05-03 14:57 . 2009-05-03 15:20 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-05-03 02:17 . 2009-05-03 02:17 -------- d-----w c:\windows\Sun

2009-05-03 02:16 . 2009-05-03 02:15 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-03 02:14 . 2009-05-03 02:14 -------- d-----w c:\arquivos de programas\Java

2009-05-03 00:18 . 2009-05-03 04:11 -------- d--h--w C:\$AVG8.VAULT$

2009-05-02 02:11 . 2009-05-02 02:11 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-05-02 02:05 . 2009-05-02 02:05 -------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-05-01 19:16 . 2009-05-01 19:16 -------- d-----w c:\arquivos de programas\Arquivos comuns\xing shared

2009-05-01 19:15 . 2009-05-01 19:15 -------- d-----w C:\Program Files

2009-05-01 19:15 . 2009-05-01 19:16 -------- d-----w c:\arquivos de programas\Arquivos comuns\Real

2009-05-01 00:22 . 2009-05-01 00:22 -------- d-----w c:\documents and settings\Willian Mota\Dados de aplicativos\Myfreecomm

2009-05-01 00:18 . 2009-05-01 00:18 -------- d-----w c:\arquivos de programas\Arquivos comuns\Software FX Shared

2009-05-01 00:17 . 2009-05-01 00:17 -------- d-----w c:\arquivos de programas\Arquivos comuns\Myfreecomm

2009-05-01 00:17 . 2009-05-01 00:17 -------- d-----w c:\arquivos de programas\Myfreecomm

2009-04-23 15:55 . 2009-04-23 15:55 -------- d-----w c:\arquivos de programas\Microsoft Silverlight

2009-04-23 15:04 . 2009-04-23 15:04 -------- d-----w c:\documents and settings\Willian Mota\Dados de aplicativos\iLike

2009-04-16 01:38 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-16 01:38 . 2009-03-06 14:20 286208 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-16 01:38 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe

2009-04-16 01:38 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-16 01:38 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-16 01:38 . 2009-02-09 10:53 683520 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-16 01:38 . 2009-02-09 10:53 731648 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-16 01:38 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-16 01:38 . 2009-02-09 10:53 730624 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-16 01:36 . 2008-04-21 21:15 216064 -c----w c:\windows\system32\dllcache\wordpad.exe

2009-04-04 01:47 . 2009-04-04 01:47 -------- d-----w c:\arquivos de programas\Arquivos comuns\Macromedia Shared

2009-04-04 01:47 . 2009-04-04 01:47 -------- d-----w c:\arquivos de programas\Arquivos comuns\Macromedia

2009-04-04 01:46 . 2009-04-04 01:47 -------- d-----w c:\arquivos de programas\Macromedia

2009-04-04 01:45 . 2009-04-04 01:45 -------- d-----w c:\windows\Downloaded Installations

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-03 18:22 . 2009-03-14 17:20 6 ---ha-w c:\windows\Tasks\SA.DAT

2009-05-01 19:15 . 2003-03-18 23:14 499712 ----a-w c:\windows\system32\msvcp71.dll

2009-05-01 19:15 . 2003-02-21 07:42 348160 ----a-w c:\windows\system32\msvcr71.dll

2009-05-01 14:44 . 2009-03-16 01:21 11952 ----a-w c:\windows\system32\avgrsstx.dll

2009-05-01 14:44 . 2009-03-16 01:21 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-05-01 14:43 . 2009-03-16 01:21 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-04-28 19:42 . 2009-03-16 01:48 2828 --sha-w c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2009-04-23 23:57 . 2009-03-14 23:03 -------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-04-16 07:04 . 2001-10-28 12:07 83082 ----a-w c:\windows\system32\perfc016.dat

2009-04-16 07:04 . 2001-10-28 12:07 470158 ----a-w c:\windows\system32\perfh016.dat

2009-03-28 01:14 . 2009-03-28 01:05 -------- d-----w c:\arquivos de programas\eMule

2009-03-28 00:55 . 2009-03-28 00:43 -------- d-----w c:\arquivos de programas\uTorrent

2009-03-20 01:05 . 2009-03-20 01:05 -------- d-----r c:\arquivos de programas\Skype

2009-03-16 02:19 . 2009-03-14 19:13 -------- d-----w c:\arquivos de programas\Microsoft Works

2009-03-16 01:48 . 2009-03-16 01:48 8 --sh--r c:\documents and settings\All Users\Dados de aplicativos\35A2F4204F.sys

2009-03-16 01:44 . 2009-03-16 01:44 -------- d-----w c:\arquivos de programas\Arquivos comuns\Protexis

2009-03-16 01:40 . 2009-03-16 01:40 -------- d-----w c:\arquivos de programas\Arquivos comuns\Corel

2009-03-16 01:37 . 2009-03-16 01:37 -------- d-----w c:\arquivos de programas\Corel

2009-03-15 21:58 . 2009-03-15 21:58 -------- d-----w c:\arquivos de programas\QuickTime

2009-03-15 01:23 . 2009-03-15 01:23 -------- d-----w c:\arquivos de programas\Bonjour

2009-03-15 01:05 . 2009-03-15 01:05 -------- d-----w c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-03-15 00:03 . 2009-03-15 00:03 -------- d-----w c:\arquivos de programas\temp

2009-03-14 23:13 . 2009-03-14 23:13 -------- d-----w c:\arquivos de programas\Google

2009-03-14 23:13 . 2009-03-14 23:13 -------- d-----w c:\arquivos de programas\Microsoft

2009-03-14 23:13 . 2009-03-14 23:12 -------- d-----w c:\arquivos de programas\Windows Live

2009-03-14 23:13 . 2009-03-14 23:13 -------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2009-03-14 23:11 . 2009-03-14 23:10 -------- d-----w c:\arquivos de programas\Arquivos comuns\snp2std

2009-03-14 23:10 . 2009-03-14 18:04 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-03-14 23:10 . 2009-03-14 17:38 -------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2009-03-14 22:36 . 2009-03-14 22:36 -------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2009-03-14 20:27 . 2009-03-14 17:12 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-03-14 19:30 . 2009-03-14 19:30 201728 ----a-w c:\windows\system32\PolarClock3.scr

2009-03-14 19:13 . 2009-03-14 19:13 -------- d-----w c:\arquivos de programas\Microsoft.NET

2009-03-14 18:41 . 2009-03-14 18:41 -------- d-----w c:\arquivos de programas\AVG

2009-03-14 18:41 . 2009-03-14 18:41 0 ----a-w c:\windows\nsreg.dat

2009-03-14 18:04 . 2009-03-14 18:04 -------- d-----w c:\arquivos de programas\Realtek Sound Manager

2009-03-14 18:04 . 2009-03-14 18:04 -------- d-----w c:\arquivos de programas\AvRack

2009-03-14 18:04 . 2009-03-14 18:04 -------- d-----w c:\arquivos de programas\VIA

2009-03-14 17:57 . 2009-03-14 17:57 -------- d-----w c:\arquivos de programas\Microsoft IntelliPoint

2009-03-14 17:56 . 2009-03-14 17:56 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2009-03-14 17:56 . 2009-03-14 17:56 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-03-14 17:56 . 2009-03-14 17:56 -------- d-----w c:\arquivos de programas\Microsoft IntelliType Pro

2009-03-14 17:55 . 2009-03-14 17:55 -------- d-----w c:\arquivos de programas\MSXML 6.0

2009-03-14 17:15 . 2009-03-14 17:15 -------- d-----w c:\arquivos de programas\microsoft frontpage

2009-03-14 17:13 . 2001-10-28 12:06 67 --sha-w c:\windows\Fonts\desktop.ini

2009-03-14 17:10 . 2009-03-14 17:10 -------- d-----w c:\arquivos de programas\Serviços on-line

2009-03-14 17:09 . 2009-03-14 17:09 -------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-03-14 17:07 . 2009-03-14 17:07 21844 ----a-w c:\windows\system32\emptyregdb.dat

2009-03-06 14:20 . 2004-08-04 03:45 286208 ----a-w c:\windows\system32\pdh.dll

2009-02-20 08:10 . 2004-08-04 03:45 668160 ----a-w c:\windows\system32\wininet.dll

2009-02-20 08:10 . 2004-08-04 03:45 81920 ----a-w c:\windows\system32\ieencode.dll

2009-02-10 22:07 . 2004-08-04 00:40 2070272 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 14:06 . 2004-08-04 03:38 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:25 . 2004-08-04 03:40 2193280 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:25 . 2004-08-04 03:45 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:53 . 2004-08-04 03:45 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:53 . 2004-08-04 03:45 731648 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:53 . 2004-08-04 03:45 683520 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:53 . 2004-08-04 03:45 730624 ----a-w c:\windows\system32\ntdll.dll

2009-02-06 21:52 . 2009-02-06 21:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-06 10:39 . 2001-10-28 12:07 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 19:58 . 2004-08-04 03:45 56832 ----a-w c:\windows\system32\secur32.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"itype"="c:\arquivos de programas\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]

"IntelliPoint"="c:\arquivos de programas\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"tsnp2std"="c:\windows\tsnp2std.exe" [2006-05-22 262144]

"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-05-01 1947928]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-05-01 198160]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-05-03 148888]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-09-16 69632]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 15:05 356352 ----a-w c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-05-01 14:44 11952 ----a-w c:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^VIA RAID TOOL.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\VIA RAID TOOL.lnk

backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2006-11-07 61504]

R3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]

R3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]

R3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]

R3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2006-11-07 86368]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-05-01 325896]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-01 108552]

S1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]

S1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]

S2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2009-05-01 908568]

S2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-05-01 298776]

S3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]

 

 

--- ---

 

*NewlyCreated* - SASDIFSV

*NewlyCreated* - SASENUM

*NewlyCreated* - SASKUTIL

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95dead00-1425-11de-8d4e-00115bfb6137}]

\Shell\AutoRun\command - 9.cmd

\Shell\explore\Command - 9.cmd

\Shell\open\Command - 9.cmd

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-FixCamera - c:\windows\FixCamera.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Willian Mota\Dados de aplicativos\Mozilla\Firefox\Profiles\5fkd39gd.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-03 15:30

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(4040)

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL

c:\arquivos de programas\Microsoft Office\OFFICE11\msohev.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

.

Tempo para conclusão: 2009-05-03 15:33

ComboFix-quarantined-files.txt 2009-05-03 18:32

 

Pré-execução: 13 pasta(s) 23.074.955.264 bytes disponíveis

Pós execução: 12 pasta(s) 23.446.233.088 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

228 --- E O F --- 2009-04-30 11:49

 

 

 

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:35:41, on 3/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Microsoft IntelliType Pro\itype.exe

C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\tsnp2std.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Microsoft IntelliPoint\dpupdchk.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Willian Mota\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [itype] "C:\Arquivos de programas\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=29223

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

 

--

End of file - 6852 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95dead00-1425-11de-8d4e-00115bfb6137}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

2)

 

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.