[Arquivado] Não consigo atualizar nenhum antivirus nem acessar si

[LucianaOli 0]

Olá, ao iniciar o Windows XP aparece uma mensagem de segunça pedindo se desejo ou não executar um arquivo chamado svchost.exe, após isso não consigo mais atualizar, nem acessar sites de antivirus, creio que pode ser um vírus, por favor me ajudem ...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:09:46, on 6/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\mscomdlg.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\KCeasy\KCeasy.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\KCeasy\giFT\giFTl.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox 3.1 Beta 3\firefox.exe

C:\Documents and Settings\Lineu\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Microsoft App] C:\WINDOWS\mscomdlg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [hpmanager] C:\Windows\System\svchost.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [KCeasy] C:\Arquivos de programas\KCeasy\KCeasy.exe /hide

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239486711187

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239486653578

O17 - HKLM\System\CCS\Services\Tcpip\..\{4379AB13-355D-4097-936C-5DAB3C33F922}: NameServer = 200.204.0.10 200.204.0.138

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 7235 bytes

 

Grata

[PedroN 1]

- Faça o download do SDFIX

 

Reinicie seu computador, e aperte a tecla F8 (F5 em alguns casos) intermitentemente durante a inicialização, até aparecer um menu onde você deverá escolher a opção Modo Seguro

 

1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat

2. Tecle Y para que a ferramenta inicie o processo de remoção

3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente

4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.

5. Uma janela com o relatório do SDFix irá aparecer.

6. Copie e cole este relatório na sua resposta . Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt.

[LucianaOli 0]

Aqui esta o relatorio:

 

SDFix: Version 1.240

Run by Lineu on qua 06/05/2009 at 21:07

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\system\svchost.exe - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-06 21:12:47

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mtkha]

"DisplayName"="Manager Microsoft"

"Type"=dword:00000020

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"

"ObjectName"="LocalSystem"

"Description"="Permite informar erros de serviços e aplicativos executados em ambientes não padrão."

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mtkha\Parameters]

"ServiceDll"=str(2):"C:\WINDOWS\system32\cfgnm.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mtkha]

"DisplayName"="Manager Microsoft"

"Type"=dword:00000020

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"

"ObjectName"="LocalSystem"

"Description"="Permite informar erros de serviços e aplicativos executados em ambientes não padrão."

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mtkha\Parameters]

"ServiceDll"=str(2):"C:\WINDOWS\system32\cfgnm.dll"

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"="C:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Arquivos de programas\\ONGAME\\Metin2\\metin2.bin"="C:\\Arquivos de programas\\ONGAME\\Metin2\\metin2.bin:*:Enabled:metin2"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Arquivos de programas\\KCeasy\\giFT\\giFTl.exe"="C:\\Arquivos de programas\\KCeasy\\giFT\\giFTl.exe:*:Enabled:giFT Loader for KCeasy"

"C:\\Documents and Settings\\Lineu\\temp\\TeamViewer3\\TeamViewer.exe"="C:\\Documents and Settings\\Lineu\\temp\\TeamViewer3\\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Sun 13 Apr 2008 161,513 A.SHR --- "C:\WINDOWS\system32\cfgnm.dll"

Sat 11 Apr 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

 

Finished!

[PedroN 1]

Esqueceu de postar um novo log do hijackthis, poste-o em sua proxima resposta.

 

Como estar o PC?

[LucianaOli 0]

Boa Noite

O pc esta lento, e ainda nao consigo instalar nem acessar sites de antivirus

 

Aqui esta o log do hijackthis que havia esquecido:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:42:02, on 7/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\mscomdlg.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\KCeasy\KCeasy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\KCeasy\giFT\giFTl.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Lineu\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Microsoft App] C:\WINDOWS\mscomdlg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [hpmanager] C:\Windows\System\svchost.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [KCeasy] C:\Arquivos de programas\KCeasy\KCeasy.exe /hide

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239486711187

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239486653578

O17 - HKLM\System\CCS\Services\Tcpip\..\{4379AB13-355D-4097-936C-5DAB3C33F922}: NameServer = 200.204.0.10 200.204.0.138

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 7152 bytes

[PedroN 1]

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

• Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

• Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

• Aguarde a conclusão!

• Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

[LucianaOli 0]

Bom dia!

 

Aqui esta o log do ComboFix:

 

ComboFix 09-05-08.03 - Lineu 09/05/2009 10:27.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.191.52 [GMT -3:00]

Executando de: c:\documents and settings\Lineu\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system\spoolsv.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-09 to 2009-05-09 ))))))))))))))))))))))))))))

.

 

2009-05-03 02:08 . 2009-05-04 17:42 -------- d-----w c:\arquivos de programas\TibiaBot NG

2009-05-01 14:06 . 2009-05-01 14:06 -------- d-----w c:\documents and settings\Lineu\Dados de aplicativos\teamspeak2

2009-05-01 13:36 . 2009-05-01 13:37 -------- d-----w c:\documents and settings\Lineu\Dados de aplicativos\PhotoFiltre Studio X

2009-04-27 14:00 . 2009-04-27 14:00 -------- d-----w c:\arquivos de programas\Arquivos comuns\Symantec Shared

2009-04-27 14:00 . 2009-05-08 21:00 -------- d-----w c:\arquivos de programas\Norton Security Scan

2009-04-20 21:33 . 2009-05-08 00:17 -------- d-----w c:\documents and settings\Lineu\Dados de aplicativos\Tibia

2009-04-20 21:32 . 2009-05-04 23:41 -------- d-----w c:\arquivos de programas\Tibia

2009-04-20 20:29 . 2009-04-11 05:54 36864 ----a-w c:\windows\mscomdlg.exe

2009-04-17 01:42 . 2009-04-17 01:42 -------- d-----w c:\windows\Profiles

2009-04-17 01:42 . 2009-04-21 15:03 -------- d-----w c:\windows\system32\Adobe

2009-04-17 01:42 . 2009-04-21 03:09 -------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-04-17 01:42 . 2009-04-17 01:42 -------- d-----w c:\documents and settings\Lineu\Dados de aplicativos\InterTrust

2009-04-17 01:42 . 1998-10-29 18:45 306688 ----a-w c:\windows\IsUninst.exe

2009-04-17 01:39 . 2000-06-26 14:45 106496 ----a-w c:\windows\system32\TwnLib20.dll

2009-04-17 01:39 . 2004-07-26 20:16 471040 ------w c:\windows\system32\ImagXRA7.dll

2009-04-17 01:39 . 2004-07-26 20:16 262144 ------w c:\windows\system32\ImagXR7.dll

2009-04-17 01:39 . 2004-07-26 20:16 476320 ------w c:\windows\system32\ImagXpr7.dll

2009-04-17 01:39 . 2004-07-26 20:16 1568768 ------w c:\windows\system32\ImagX7.dll

2009-04-17 01:39 . 2001-07-09 14:50 155648 ----a-w c:\windows\system32\NeroCheck.exe

2009-04-17 01:36 . 2009-04-17 01:36 -------- d-----w c:\arquivos de programas\Arquivos comuns\Ahead

2009-04-17 01:36 . 2009-04-17 01:39 -------- d-----w c:\arquivos de programas\Ahead

2009-04-17 01:36 . 2009-04-17 01:36 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2009-04-17 01:35 . 2003-12-05 09:46 10368 ------w c:\windows\system32\drivers\pfc.sys

2009-04-17 01:34 . 2009-04-17 01:36 -------- d-----w c:\arquivos de programas\CyberLink

2009-04-17 01:34 . 2004-10-01 18:00 40960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

2009-04-17 01:34 . 2009-04-17 01:35 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-04-17 01:34 . 2009-04-17 01:35 -------- d-----w c:\arquivos de programas\CyberLink DVD Solution

2009-04-17 01:33 . 2009-04-17 01:33 -------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2009-04-12 01:04 . 2009-04-12 01:04 0 ----a-w c:\windows\nsreg.dat

2009-04-11 23:50 . 2009-04-11 23:50 -------- d-----w c:\arquivos de programas\MSXML 4.0

2009-04-11 23:17 . 2009-05-09 12:57 -------- d-----w c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3

2009-04-11 23:15 . 2009-04-11 23:15 -------- d-----w c:\arquivos de programas\MSECache

2009-04-11 23:08 . 2008-12-20 22:46 267776 -c----w c:\windows\system32\dllcache\iertutil.dll

2009-04-11 23:08 . 2008-12-19 09:10 13824 -c----w c:\windows\system32\dllcache\ieudinit.exe

2009-04-11 23:08 . 2008-12-20 22:46 52224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll

2009-04-11 23:08 . 2008-12-20 22:46 459264 -c----w c:\windows\system32\dllcache\msfeeds.dll

2009-04-11 23:08 . 2007-04-17 09:32 2455488 -c----w c:\windows\system32\dllcache\ieapfltr.dat

2009-04-11 23:08 . 2008-12-20 22:46 383488 -c----w c:\windows\system32\dllcache\ieapfltr.dll

2009-04-11 23:08 . 2008-12-20 22:46 63488 -c----w c:\windows\system32\dllcache\icardie.dll

2009-04-11 23:08 . 2008-12-20 22:46 6066688 -c----w c:\windows\system32\dllcache\ieframe.dll

2009-04-11 22:52 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys

2009-04-11 22:48 . 2008-08-14 13:24 2149376 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe

2009-04-11 22:48 . 2008-08-14 13:24 2070272 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe

2009-04-11 22:48 . 2008-08-14 13:24 2028032 -c----w c:\windows\system32\dllcache\ntkrpamp.exe

2009-04-11 22:48 . 2008-08-14 13:24 2193408 -c----w c:\windows\system32\dllcache\ntoskrnl.exe

2009-04-11 22:34 . 2008-06-14 17:34 272384 -c----w c:\windows\system32\dllcache\bthport.sys

2009-04-11 22:34 . 2008-06-14 17:34 272384 ------w c:\windows\system32\drivers\bthport.sys

2009-04-11 22:17 . 2009-04-12 00:05 -------- d--h--w c:\windows\$hf_mig$

2009-04-11 21:46 . 2008-04-13 21:20 221184 ----a-w c:\windows\system32\wmpns.dll

2009-04-11 21:46 . 2009-04-13 18:35 -------- d-----w c:\arquivos de programas\Windows Media Connect 2

2009-04-11 21:42 . 2009-04-11 21:44 -------- d-----w c:\windows\system32\drivers\UMDF

2009-04-11 21:42 . 2009-04-11 21:42 -------- d-----w c:\windows\system32\LogFiles

2009-04-11 21:34 . 2006-06-29 16:07 14048 ------w c:\windows\system32\spmsg2.dll

2009-04-11 21:30 . 2009-04-11 21:34 -------- d-----w c:\windows\system32\XPSViewer

2009-04-11 21:30 . 2009-04-11 21:30 -------- d-----w c:\arquivos de programas\MSBuild

2009-04-11 21:30 . 2009-04-11 21:30 -------- d-----w c:\arquivos de programas\Reference Assemblies

2009-04-11 21:29 . 2007-07-27 12:41 26488 ----a-w c:\windows\system32\spupdsvc.exe

2009-04-11 21:29 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll

2009-04-11 21:29 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-04-11 21:29 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-04-11 21:29 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll

2009-04-11 21:29 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll

2009-04-11 21:29 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll

2009-04-11 21:29 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll

2009-04-11 21:03 . 2009-04-11 21:05 -------- d-----w c:\windows\system32\URTTemp

2009-04-11 21:00 . 2009-04-11 21:00 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-11 21:00 . 2009-04-11 21:00 -------- d-----w c:\arquivos de programas\Java

2009-04-11 20:58 . 2009-04-11 20:58 -------- d-----w c:\documents and settings\Lineu\Dados de aplicativos\Foxit

2009-04-11 20:58 . 2009-04-11 20:58 -------- d-----w c:\arquivos de programas\Foxit Software

2009-04-11 20:51 . 2007-04-09 16:23 28040 ----a-w c:\windows\system32\mdimon.dll

2009-04-11 20:50 . 2009-04-11 20:50 -------- d-----w c:\arquivos de programas\Microsoft.NET

2009-04-11 20:49 . 2009-04-11 20:50 -------- d-----w c:\windows\SHELLNEW

2009-04-10 19:43 . 2009-05-04 18:20 -------- d-----w c:\arquivos de programas\KCeasy

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-04 22:15 . 2006-01-06 16:09 5423104 ----a-w c:\windows\system32\tlpsplib10.dll

2009-05-04 21:07 . 2009-05-04 20:56 -------- d-----w c:\arquivos de programas\PhotoFiltre Studio X

2009-05-04 16:31 . 2009-05-04 12:44 -------- d-----w c:\arquivos de programas\Teamspeak2_RC2

2009-05-04 14:21 . 2009-05-04 14:21 -------- d-----w c:\arquivos de programas\Marcos Velasco Security

2009-05-04 14:16 . 2009-04-07 14:04 -------- d-----w c:\arquivos de programas\7-Zip

2009-04-15 09:50 . 2003-04-08 11:00 82770 ----a-w c:\windows\system32\perfc016.dat

2009-04-15 09:50 . 2003-04-08 11:00 476876 ----a-w c:\windows\system32\perfh016.dat

2009-04-12 20:47 . 2009-03-30 15:50 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-04-11 23:27 . 2009-04-07 15:12 -------- d-----w c:\arquivos de programas\Windows Live

2009-04-07 16:12 . 2009-04-07 16:12 -------- d-----w c:\arquivos de programas\Asprate

2009-04-07 15:31 . 2009-04-07 15:31 -------- d-----w c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-04-07 15:18 . 2009-04-07 15:12 -------- dcsh--w c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-04-07 14:56 . 2009-04-07 14:56 -------- d-----w c:\arquivos de programas\MessengerPlus! 3

2009-04-07 14:28 . 2009-04-07 14:26 -------- d-----w c:\arquivos de programas\Google

2009-04-06 18:05 . 2009-04-06 18:05 -------- d-----w c:\arquivos de programas\ONGAME

2009-04-04 00:10 . 2009-04-04 00:10 552 ----a-w c:\windows\system32\d3d8caps.dat

2009-04-03 20:35 . 2009-04-03 20:35 -------- d-----w c:\arquivos de programas\Telefonica

2009-03-30 15:52 . 2009-03-30 15:52 -------- d-----w c:\arquivos de programas\microsoft frontpage

2009-03-30 15:50 . 2003-04-08 11:00 67 --sha-w c:\windows\Fonts\desktop.ini

2009-03-30 15:49 . 2009-03-30 15:49 -------- d-----w c:\arquivos de programas\Serviços on-line

2009-03-30 15:48 . 2009-03-30 15:48 -------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-03-30 15:46 . 2009-03-30 15:46 21844 ----a-w c:\windows\system32\emptyregdb.dat

2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w c:\windows\system32\msvcp71.dll

2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w c:\windows\system32\msvcr71.dll

2009-02-27 16:37 . 2009-02-27 16:37 1571840 ----a-w c:\windows\system32\sfcfiles.dll

2009-02-27 16:37 . 2009-02-27 16:37 1003008 ----a-w c:\windows\system32\syssetup.dll

2009-02-27 16:37 . 2009-02-27 16:37 24576 ----a-w c:\windows\system32\nlsdl.dll

2009-02-27 16:36 . 2009-02-27 16:36 26112 ----a-w c:\windows\system32\idndl.dll

2009-02-27 16:36 . 2009-02-27 16:36 23552 ----a-w c:\windows\system32\normaliz.dll

2009-02-27 16:36 . 2009-02-27 16:36 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-02-27 16:36 . 2009-02-27 16:36 156160 ----a-w c:\windows\system32\msls31.dll

2009-02-27 16:36 . 2009-02-27 16:36 45568 ----a-w c:\windows\system32\mshta.exe

2009-02-27 16:36 . 2009-02-27 16:36 40960 ----a-w c:\windows\system32\licmgr10.dll

2009-02-27 16:36 . 2009-02-27 16:36 36352 ----a-w c:\windows\system32\imgutil.dll

2009-02-27 16:36 . 2009-02-27 16:36 55296 ----a-w c:\windows\system32\iesetup.dll

2009-02-27 16:36 . 2009-02-27 16:36 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-27 16:36 . 2009-02-27 16:36 17408 ----a-w c:\windows\system32\corpol.dll

2009-02-27 16:36 . 2009-02-27 16:36 71680 ----a-w c:\windows\system32\admparse.dll

2009-02-09 14:06 . 2008-04-13 20:54 1846912 ----a-w c:\windows\system32\win32k.sys

2008-04-13 21:20 . 2008-04-13 21:20 161513 --sha-r c:\windows\system32\cfgnm.dll

.

 

------- Sigcheck -------

 

[-] 2009-02-27 16:37 1571840 1D01C384F3BA123EB6F09769DEA005AC c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-07 39408]

"MessengerPlus3"="c:\arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2009-04-07 190024]

"KCeasy"="c:\arquivos de programas\KCeasy\KCeasy.exe" [2008-02-03 1276928]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MessengerPlus3"="c:\arquivos de programas\MessengerPlus! 3\MsgPlus.exe" [2009-04-07 190024]

"Microsoft App"="c:\windows\mscomdlg.exe" [2009-04-11 36864]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-11 148888]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"OWJU Agent"="c:\windows\system32\Sys32\OWJU.exe" [2009-05-03 486400]

"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]

"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-03-11 147456]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-05-17 77824]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_2"="shell32" [X]

"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

"wave"= serwvdrv.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\ONGAME\\Metin2\\metin2.bin"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\KCeasy\\giFT\\giFTl.exe"=

"c:\\Documents and Settings\\Lineu\\temp\\TeamViewer3\\TeamViewer.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4344:TCP"= 4344:TCP:qblxvjv

 

S2 mtkha;Manager Microsoft;c:\windows\system32\svchost.exe -k netsvcs [13/4/2008 18:21 14336]

 

--- ---

 

*NewlyCreated* - TCPIP_PATCHER

*Deregistered* - tcpip_patcher

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

mtkha

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-05-08 c:\windows\Tasks\Norton Security Scan for Lineu.job

- c:\arquivos de programas\Norton Security Scan\Nss.exe [2009-03-13 08:53]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-hpmanager - c:\windows\System\svchost.exe

 

 

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: {4379AB13-355D-4097-936C-5DAB3C33F922} = 200.204.0.10 200.204.0.138

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

FF - ProfilePath - c:\documents and settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\arquivos de programas\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-09 10:30

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mtkha]

"ServiceDll"="c:\windows\system32\cfgnm.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-05-09 10:32

ComboFix-quarantined-files.txt 2009-05-09 13:32

 

Pré-execução: 10 pasta(s) 14.562.009.088 bytes disponíveis

Pós execução: 9 pasta(s) 14.604.587.008 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

239

 

 

E aqui o log do HijackThis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:39:39, on 9/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\mscomdlg.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\KCeasy\KCeasy.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\KCeasy\giFT\giFTl.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox 3.1 Beta 3\firefox.exe

C:\Documents and Settings\Lineu\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Microsoft App] C:\WINDOWS\mscomdlg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [KCeasy] C:\Arquivos de programas\KCeasy\KCeasy.exe /hide

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239486711187

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239486653578

O17 - HKLM\System\CCS\Services\Tcpip\..\{4379AB13-355D-4097-936C-5DAB3C33F922}: NameServer = 200.204.0.10 200.204.0.138

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 6522 bytes

[PedroN 1]

Faça o download do ◘ KidoKiller.zip by Kaspersky:

http://data2.kaspersky-labs.com:8080/special/KidoKiller.zip

Basta baixar e executar. Irá aparecer o prompt de comando do DOS.

Caso peça alguma opção, escolha -y

[LucianaOli 0]

nao consigo abrir este site :(

[PedroN 1]

Tente esse.

 

◘ F-Downadup Removal Tool by F-Secure

ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip

ou esse endereço:

ftp://193.110.109.53/anti-virus/tools/beta/f-downadup.zip

Baixe o .zip e descompacte-o. Execute o .exe e aguarde a limpeza.

[LucianaOli 0]

Consegui baixar somente pelo 2º link, o executei.

 

Novo log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:00:22, on 9/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\mscomdlg.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\KCeasy\KCeasy.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\KCeasy\giFT\giFTl.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Lineu\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Microsoft App] C:\WINDOWS\mscomdlg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [OWJU Agent] C:\WINDOWS\system32\Sys32\OWJU.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [KCeasy] C:\Arquivos de programas\KCeasy\KCeasy.exe /hide

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239486711187

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239486653578

O17 - HKLM\System\CCS\Services\Tcpip\..\{4379AB13-355D-4097-936C-5DAB3C33F922}: NameServer = 200.204.0.10 200.204.0.138

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 6585 bytes

[PedroN 1]

Acesse o site do virus total e envie o arquivo em destaque para uma análise.

 

http://www.virustotal.com/pt/

 

C:\WINDOWS\mscomdlg.exe.

 

Poste os resultados.

[LucianaOli 0]

Não consegui acessar este site, mais ja notei uma diferença no pc, alguns acentos não estavam funcionando, não sei se tem relação ou não com outro problema, + ja é uma coisa a menos ^^.

[PedroN 1]

• Vá a este Link,e baixe: < Malwarebytes >

• Atualize o programa!

• Escolha o escaneamento Rápido!

• Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt + HijackThis,atualizado.

[LucianaOli 0]

Log do Mbam

 

Malwarebytes' Anti-Malware 1.36

Versão do banco de dados: 1945

Windows 5.1.2600 Service Pack 3

 

10/5/2009 16:17:31

mbam-log-2009-05-10 (16-17-31).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 64246

Tempo decorrido: 7 minute(s), 37 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

Log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:20:24, on 10/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\mscomdlg.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\KCeasy\KCeasy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\KCeasy\giFT\giFTl.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox 3.1 Beta 3\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Lineu\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Microsoft App] C:\WINDOWS\mscomdlg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [KCeasy] C:\Arquivos de programas\KCeasy\KCeasy.exe /hide

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239486711187

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239486653578

O17 - HKLM\System\CCS\Services\Tcpip\..\{4379AB13-355D-4097-936C-5DAB3C33F922}: NameServer = 200.204.0.10 200.204.0.138

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 6731 bytes

[LucianaOli 0]

Nao consegui atualiza-lo, sempre da um erro

[PedroN 1]

Acesse este site: http://www.kaspersky.com/virusscanner

 

Clique em

 

Siga as instruções de configuração do verificador conforme imagem abaixo.

 

 

poste o log do scan aqui mesmo no tópico

[LucianaOli 0]

Log do kaspersky:

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Monday, May 11, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Monday, May 11, 2009 12:43:16

Records in database: 2160437

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

 

Scan statistics:

Files scanned: 30206

Threat name: 2

Infected objects: 5

Suspicious objects: 0

Duration of the scan: 01:54:32

 

 

File name / Threat name / Threats count

explorer.exe\OWJU.006/explorer.exe\OWJU.006 Infected: not-a-virus:Monitor.Win32.Ardamax.m 1

C:\WINDOWS\system32\Sys32\OWJU.006/C:\WINDOWS\system32\Sys32\OWJU.006 Infected: not-a-virus:Monitor.Win32.Ardamax.m 1

C:\WINDOWS\system32\Sys32\OWJU.007/C:\WINDOWS\system32\Sys32\OWJU.007 Infected: not-a-virus:Monitor.Win32.Ardamax.o 1

C:\WINDOWS\system32\Sys32\OWJU.006 Infected: not-a-virus:Monitor.Win32.Ardamax.m 1

C:\WINDOWS\system32\Sys32\OWJU.007 Infected: not-a-virus:Monitor.Win32.Ardamax.o 1

 

The selected area was scanned.

[PedroN 1]

Baixe o A-Squared Free 4.0 instale e atualize, depois vá na parte de scan pc e escolha o scan a fundo para fazer uma limpeza completa e eficaz, depois do exame que pode demorar um pouco dependendo da quantidade de arquivo e depois delete todos os virus encontrados e se puder clique em salvar em log e normalmente ele fica salvo em Meus documentos -> A-Squared -> Scansets abra o log e copie o conteudo e coloque aqui o resultado do scan para sabermos o que foi removido. OK

[LucianaOli 0]

Scan do A-Squared

a-squared Free - Versão 4.5

Última atualização 13/5/2009 10:25:28

 

Configurações da análise:

 

Scan type: deep

Objetos: Memória, Rastros, Cookies, C:\, D:\

Análise de arquivos: Ligado

Heurística: Desligado

Análise de ADS: Ligado

 

Início da análise: 14/5/2009 09:14:28

 

[2904] C:\Arquivos de programas\KCeasy\giFT\giFTl.exe detectado: Trojan.Hijacker!IK

C:\Documents and Settings\Lineu\Cookies\lineu@2o7[1].txt detectado: Trace.TrackingCookie.2o7!A2

C:\Documents and Settings\Lineu\Cookies\lineu@adserver.dialhost.com[2].txt detectado: Trace.TrackingCookie.adserv!A2

C:\Documents and Settings\Lineu\Cookies\lineu@adservingml[2].txt detectado: Trace.TrackingCookie.adserv!A2

C:\Documents and Settings\Lineu\Cookies\lineu@advertising[2].txt detectado: Trace.TrackingCookie.advertising!A2

C:\Documents and Settings\Lineu\Cookies\lineu@atdmt[2].txt detectado: Trace.TrackingCookie.atdmt!A2

C:\Documents and Settings\Lineu\Cookies\lineu@bravenet[2].txt detectado: Trace.TrackingCookie.bravenet!A2

C:\Documents and Settings\Lineu\Cookies\lineu@bs.serving-sys[2].txt detectado: Trace.TrackingCookie.bs.serving-sys!A2

C:\Documents and Settings\Lineu\Cookies\lineu@compras.naturlink[2].txt detectado: Trace.TrackingCookie.com!A2

C:\Documents and Settings\Lineu\Cookies\lineu@compras.naturlink[3].txt detectado: Trace.TrackingCookie.com!A2

C:\Documents and Settings\Lineu\Cookies\lineu@doubleclick[2].txt detectado: Trace.TrackingCookie.doubleclick!A2

C:\Documents and Settings\Lineu\Cookies\lineu@google.com[1].txt detectado: Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Lineu\Cookies\lineu@google.com[2].txt detectado: Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Lineu\Cookies\lineu@ig.com[1].txt detectado: Trace.TrackingCookie.ig.com!A2

C:\Documents and Settings\Lineu\Cookies\lineu@media.photobucket[1].txt detectado: Trace.TrackingCookie.media!A2

C:\Documents and Settings\Lineu\Cookies\lineu@mediaplex[1].txt detectado: Trace.TrackingCookie.media!A2

C:\Documents and Settings\Lineu\Cookies\lineu@serving-sys[2].txt detectado: Trace.TrackingCookie.serving-sys!A2

C:\Documents and Settings\Lineu\Cookies\lineu@smartadserver[2].txt detectado: Trace.TrackingCookie.smartadserver!A2

C:\Documents and Settings\Lineu\Cookies\lineu@specificclick[2].txt detectado: Trace.TrackingCookie.specificclick!A2

C:\Documents and Settings\Lineu\Cookies\lineu@statcounter[1].txt detectado: Trace.TrackingCookie.statcounter!A2

C:\Documents and Settings\Lineu\Cookies\lineu@trafficmp[2].txt detectado: Trace.TrackingCookie.trafficmp!A2

C:\Documents and Settings\Lineu\Cookies\lineu@zedo[1].txt detectado: Trace.TrackingCookie.zedo!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1239498284296880 detectado: Trace.TrackingCookie.com!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1239498284671891 detectado: Trace.TrackingCookie.zedo!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1239498284671892 detectado: Trace.TrackingCookie.zedo!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1241445800281254 detectado: Trace.TrackingCookie.count!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1242256973515625 detectado: Trace.TrackingCookie.webtrends!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1242258890281250 detectado: Trace.TrackingCookie.webtrends!A2

C:\Arquivos de programas\KCeasy\giFT\giFTl.exe detectado: Trojan.Hijacker!IK

C:\Arquivos de programas\KCeasy\My Shared Folder\kceasy-0.19-rc1-setup.exe/giFTl.exe detectado: Trojan.Hijacker!IK

C:\Documents and Settings\Lineu\Meus documentos\Downloads\ElfBot-417-Cracked.zip/elfbot.dll detectado: Trojan.Unpacked!IK

C:\Documents and Settings\Lineu\Meus documentos\Downloads\tlpsplib10.dll detectado: Trojan.Crypt!IK

C:\Qoobox\Quarantine\C\WINDOWS\system\spoolsv.exe.vir detectado: Gen.Trojan!IK

C:\System Volume Information\_restore{478CC276-E2DD-4441-89EF-5CF811760BFE}\RP2\A0001097.exe detectado: Gen.Trojan!IK

C:\System Volume Information\_restore{478CC276-E2DD-4441-89EF-5CF811760BFE}\RP2\A0002139.exe detectado: Virus.Win32.Ardamax.EK!IK

C:\System Volume Information\_restore{478CC276-E2DD-4441-89EF-5CF811760BFE}\RP2\A0002140.exe detectado: Trojan-Spy.Win32.Ardamax!IK

C:\WINDOWS\system32\tlpsplib10.dll detectado: Trojan.Crypt!IK

D:\Clips e Musicas\converter musicas e crack\4U WMA MP3 Converter Version 2.2.3 KeyGen.exe detectado: Virus.Win32.Downloader.LL!IK

D:\NOD 32 Até 2050.rar/NOD32_v3.0.642_32bits_FiX_1.2-TemDono.exe detectado: Possible-Threat.HackAV.Node32!IK

 

Analisado

 

Arquivos: 69774

Objetos: 651477

Cookies: 1259

Processos: 34

 

Encontrado

 

Arquivos: 11

Objetos: 0

Cookies: 29

Processos: 1

Chaves do registro: 0

 

Fim da análise: 14/5/2009 10:24:39

Duração da análise: 1:10:11

 

D:\NOD 32 Até 2050.rar/NOD32_v3.0.642_32bits_FiX_1.2-TemDono.exe Excluído Possible-Threat.HackAV.Node32!IK

D:\Clips e Musicas\converter musicas e crack\4U WMA MP3 Converter Version 2.2.3 KeyGen.exe Excluído Virus.Win32.Downloader.LL!IK

C:\System Volume Information\_restore{478CC276-E2DD-4441-89EF-5CF811760BFE}\RP2\A0002140.exe Excluído Trojan-Spy.Win32.Ardamax!IK

C:\System Volume Information\_restore{478CC276-E2DD-4441-89EF-5CF811760BFE}\RP2\A0002139.exe Excluído Virus.Win32.Ardamax.EK!IK

C:\Qoobox\Quarantine\C\WINDOWS\system\spoolsv.exe.vir Excluído Gen.Trojan!IK

C:\System Volume Information\_restore{478CC276-E2DD-4441-89EF-5CF811760BFE}\RP2\A0001097.exe Excluído Gen.Trojan!IK

C:\Documents and Settings\Lineu\Meus documentos\Downloads\tlpsplib10.dll Excluído Trojan.Crypt!IK

C:\WINDOWS\system32\tlpsplib10.dll Excluído Trojan.Crypt!IK

C:\Documents and Settings\Lineu\Meus documentos\Downloads\ElfBot-417-Cracked.zip/elfbot.dll Excluído Trojan.Unpacked!IK

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1242256973515625 Excluído Trace.TrackingCookie.webtrends!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1242258890281250 Excluído Trace.TrackingCookie.webtrends!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1241445800281254 Excluído Trace.TrackingCookie.count!A2

C:\Documents and Settings\Lineu\Cookies\lineu@zedo[1].txt Excluído Trace.TrackingCookie.zedo!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1239498284671891 Excluído Trace.TrackingCookie.zedo!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1239498284671892 Excluído Trace.TrackingCookie.zedo!A2

C:\Documents and Settings\Lineu\Cookies\lineu@trafficmp[2].txt Excluído Trace.TrackingCookie.trafficmp!A2

C:\Documents and Settings\Lineu\Cookies\lineu@statcounter[1].txt Excluído Trace.TrackingCookie.statcounter!A2

C:\Documents and Settings\Lineu\Cookies\lineu@specificclick[2].txt Excluído Trace.TrackingCookie.specificclick!A2

C:\Documents and Settings\Lineu\Cookies\lineu@smartadserver[2].txt Excluído Trace.TrackingCookie.smartadserver!A2

C:\Documents and Settings\Lineu\Cookies\lineu@serving-sys[2].txt Excluído Trace.TrackingCookie.serving-sys!A2

C:\Documents and Settings\Lineu\Cookies\lineu@media.photobucket[1].txt Excluído Trace.TrackingCookie.media!A2

C:\Documents and Settings\Lineu\Cookies\lineu@mediaplex[1].txt Excluído Trace.TrackingCookie.media!A2

C:\Documents and Settings\Lineu\Cookies\lineu@ig.com[1].txt Excluído Trace.TrackingCookie.ig.com!A2

C:\Documents and Settings\Lineu\Cookies\lineu@google.com[1].txt Excluído Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Lineu\Cookies\lineu@google.com[2].txt Excluído Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Lineu\Cookies\lineu@doubleclick[2].txt Excluído Trace.TrackingCookie.doubleclick!A2

C:\Documents and Settings\Lineu\Cookies\lineu@compras.naturlink[2].txt Excluído Trace.TrackingCookie.com!A2

C:\Documents and Settings\Lineu\Cookies\lineu@compras.naturlink[3].txt Excluído Trace.TrackingCookie.com!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1239498284296880 Excluído Trace.TrackingCookie.com!A2

C:\Documents and Settings\Lineu\Cookies\lineu@bs.serving-sys[2].txt Excluído Trace.TrackingCookie.bs.serving-sys!A2

C:\Documents and Settings\Lineu\Cookies\lineu@bravenet[2].txt Excluído Trace.TrackingCookie.bravenet!A2

C:\Documents and Settings\Lineu\Cookies\lineu@atdmt[2].txt Excluído Trace.TrackingCookie.atdmt!A2

C:\Documents and Settings\Lineu\Cookies\lineu@advertising[2].txt Excluído Trace.TrackingCookie.advertising!A2

C:\Documents and Settings\Lineu\Cookies\lineu@adserver.dialhost.com[2].txt Excluído Trace.TrackingCookie.adserv!A2

C:\Documents and Settings\Lineu\Cookies\lineu@adservingml[2].txt Excluído Trace.TrackingCookie.adserv!A2

C:\Documents and Settings\Lineu\Cookies\lineu@2o7[1].txt Excluído Trace.TrackingCookie.2o7!A2

[2904] C:\Arquivos de programas\KCeasy\giFT\giFTl.exe Excluído Trojan.Hijacker!IK

C:\Arquivos de programas\KCeasy\giFT\giFTl.exe Excluído Trojan.Hijacker!IK

C:\Arquivos de programas\KCeasy\My Shared Folder\kceasy-0.19-rc1-setup.exe/giFTl.exe Excluído Trojan.Hijacker!IK

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1242256973515625 Excluído Trace.TrackingCookie.webtrends!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1242258890281250 Excluído Trace.TrackingCookie.webtrends!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1241445800281254 Excluído Trace.TrackingCookie.count!A2

C:\Documents and Settings\Lineu\Cookies\lineu@zedo[1].txt Excluído Trace.TrackingCookie.zedo!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1239498284671891 Excluído Trace.TrackingCookie.zedo!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1239498284671892 Excluído Trace.TrackingCookie.zedo!A2

C:\Documents and Settings\Lineu\Cookies\lineu@compras.naturlink[2].txt Excluído Trace.TrackingCookie.com!A2

C:\Documents and Settings\Lineu\Cookies\lineu@compras.naturlink[3].txt Excluído Trace.TrackingCookie.com!A2

C:\Documents and Settings\Lineu\Dados de aplicativos\Mozilla\Firefox\Profiles\k9i4vs30.default\cookies.sqlite:1239498284296880 Excluído Trace.TrackingCookie.com!A2

 

Excluído

 

Arquivos: 11

Objetos: 0

Cookies: 36