[Arquivado] Problemas com Explorer

[Ben-Hur 0]

O explorer.exe vem dando erros... algumas vezes seu processo é automaticamente finalizado sendo necessario que eu o inicialize para continuar a ultilizar o pc.Esse problema começou apos um problema com o Msn messenger.

 

Segue o Hiajcklog:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:31:07, on 19/6/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Glass2k\Glass2k.exe

C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\WINDOWS\dllmgr.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\SYSTEM32\zukmqc.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe

O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Windows Services] Nrtdl.exe

O4 - HKLM\..\Run: [Windows Dll Management Service] dllmgr.exe

O4 - HKLM\..\Run: [Winsock2 driver] ZUKMQC.EXE

O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\RunOnce: [Winsock2 driver] ZUKMQC.EXE

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 9457 bytes

[DigRam 144]

Boa Noite! Ben-Hur

 

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Ben-Hur 0]

Segue os logs Combofix e Hijack respectivamente:

 

 

ComboFix 09-06-18.02 - Administrador 19/06/2009 22:31.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1498 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\kazaabackupfiles

c:\documents and settings\Administrador\l5o5f9l4j2y.exe

c:\documents and settings\Administrador\l5o5f9l4j2y7.exe

c:\documents and settings\Administrador\update.exe

c:\windows\system32\winmgr.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-20 to 2009-06-20 ))))))))))))))))))))))))))))

.

 

2009-06-20 00:11 . 2009-06-20 00:11 -------- d-sh--r- C:\MEMORY

2009-06-19 22:16 . 2009-06-19 22:16 91140 ---h--w- c:\windows\system32\uhioay.exe

2009-06-19 22:15 . 2009-06-19 22:15 91140 ---h--w- c:\windows\system32\zukmqc.exe

2009-06-19 21:59 . 2009-06-19 21:59 91140 ----a-w- C:\bus.exe

2009-06-18 20:35 . 2009-06-18 22:02 84996 --sh--r- c:\windows\dllmgr.exe

2009-06-18 20:35 . 2009-06-18 20:39 84996 ----a-w- c:\documents and settings\Administrador\udpte.exe

2009-06-18 18:08 . 2009-06-18 18:08 108544 --sh--r- c:\documents and settings\poste.exe

2009-06-18 17:40 . 2009-06-18 18:08 108544 ----a-w- c:\documents and settings\Administrador\new.exe

2009-06-18 17:40 . 2009-06-18 17:40 -------- d-sh--r- C:\5_5

2009-06-17 17:02 . 2009-06-17 17:02 -------- d-sh--r- C:\NEXT

2009-06-17 16:57 . 2009-06-17 16:57 -------- d-----w- c:\arquivos de programas\AxBx

2009-06-16 23:57 . 2009-06-16 23:57 91140 ---h--w- c:\windows\system32\ayloyik.exe

2009-06-16 23:55 . 2009-06-16 23:55 91140 ---h--w- c:\windows\system32\jftwqlv.exe

2009-06-16 23:53 . 2009-06-16 23:53 91140 ---h--w- c:\windows\system32\dkpzmsf.exe

2009-06-16 23:50 . 2009-06-20 01:32 200354 ----a-w- c:\windows\system32\log.dll

2009-06-16 23:50 . 2009-06-16 23:50 91140 ---h--w- c:\windows\system32\winctrl.exe

2009-06-16 23:07 . 2009-06-16 23:07 62976 ----a-w- C:\cftmos.exe

2009-06-16 21:16 . 2009-06-16 21:33 84592 ----a-w- c:\documents and settings\Administrador\dada31.exe

2009-06-16 21:13 . 2009-06-16 21:30 84996 --sh--r- c:\windows\Nrtdl.exe

2009-06-16 21:13 . 2009-06-16 21:15 84996 ----a-w- c:\documents and settings\Administrador\dada.exe

2009-06-15 21:54 . 2009-06-15 21:54 -------- d-sh--r- C:\FILES

2009-06-10 22:00 . 2009-06-10 22:00 -------- d-sh--r- C:\DATA

2009-06-04 00:01 . 2009-06-04 00:01 1878984 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

2009-05-23 00:01 . 2009-05-23 00:01 -------- d-----w- c:\arquivos de programas\Defraggler

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-20 01:29 . 2009-04-08 18:24 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-20 01:25 . 2008-12-21 12:17 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DNA

2009-06-19 21:55 . 2009-03-13 16:10 117760 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-06-19 21:55 . 2008-07-30 16:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-06-19 21:55 . 2008-12-21 12:17 -------- d-----w- c:\arquivos de programas\DNA

2009-06-18 18:04 . 2009-04-08 18:24 -------- d-----w- c:\arquivos de programas\Spyware Doctor

2009-06-15 22:30 . 2008-07-30 15:38 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\foobar2000

2009-05-28 15:59 . 2009-03-13 16:06 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2009-05-22 23:05 . 2008-10-27 17:10 -------- d-----w- c:\arquivos de programas\CCleaner

2009-05-18 23:27 . 2009-04-08 18:24 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-05-15 23:55 . 2008-08-09 16:54 34 ----a-w- c:\documents and settings\Administrador\jagex_runescape_preferences.dat

2009-05-08 21:23 . 2009-05-08 21:23 -------- d-----w- c:\arquivos de programas\Free WMA to MP3 Converter

2009-04-25 20:46 . 2009-04-25 20:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DirectX

2009-04-25 20:46 . 2008-09-25 20:56 -------- d-----w- c:\arquivos de programas\EA Games

2009-04-25 20:17 . 2009-04-25 17:49 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

2009-04-25 20:14 . 2009-04-25 17:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools Lite

2009-04-25 20:14 . 2008-10-21 21:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools

2009-04-25 17:50 . 2009-04-25 17:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2009-04-25 17:49 . 2009-04-25 17:49 -------- d-----w- c:\arquivos de programas\DAEMON Tools Toolbar

2009-04-25 17:22 . 2008-10-21 21:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-04-25 17:21 . 2009-04-25 17:21 -------- d-----w- c:\arquivos de programas\PowerISO

2009-04-25 10:34 . 2008-12-21 12:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent

2009-04-23 16:26 . 2009-04-23 16:26 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-04-23 16:26 . 2009-04-23 16:26 -------- d-----w- c:\arquivos de programas\Java

2009-04-23 16:23 . 2009-04-11 22:10 -------- d-----w- c:\arquivos de programas\Total Video Converter

2009-04-23 00:40 . 2008-08-18 01:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\LimeWire

2009-04-05 15:38 . 2001-10-28 14:07 77658 ----a-w- c:\windows\system32\perfc016.dat

2009-04-05 15:38 . 2001-10-28 14:07 449496 ----a-w- c:\windows\system32\perfh016.dat

.

 

------- Sigcheck -------

 

[-] 2004-08-04 02:45 803328 048367EF3E654F8FB83E4DBB1E26B81D c:\windows\system32\wininet.dll

[7] 2004-08-04 02:45 658432 398A619CE60090303042D1F8CC68F712 c:\windows\VistaMizer\old\wininet.dll

 

[-] 2007-03-11 13:18 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys

 

[-] 2004-08-04 02:45 543744 3550BFE59972A67AC2F7781041D28EA7 c:\windows\system32\winlogon.exe

[7] 2004-08-04 02:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\VistaMizer\old\winlogon.exe

 

[-] 2007-03-11 02:20 2276352 A53C82CFAEA08A66E5BE639BA79B8E3F c:\windows\system32\ntkrnlpa.exe

[7] 2007-03-11 02:20 2019328 31DFE96B6B6FA4C9CA098CEAF21B29A5 c:\windows\VistaMizer\old\ntkrnlpa.exe

 

[-] 2004-08-04 02:40 2409472 4BF58C65F1867CDBD1494561C07CF6FB c:\windows\system32\ntoskrnl.exe

[7] 2004-08-04 02:40 2152448 91448D27F6DFAF50DD1D5FD3D8C1F3BD c:\windows\VistaMizer\old\ntoskrnl.exe

 

[-] 2004-08-04 02:45 1552896 D3C07AB98492D1518F5E8341ADBC4F76 c:\windows\explorer.exe

[7] 2004-08-04 02:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\VistaMizer\old\explorer.exe

 

[-] 2004-08-04 02:45 25088 A3F0971DBBA9657034C303B39464EA5B c:\windows\system32\ctfmon.exe

[7] 2004-08-04 02:45 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\VistaMizer\old\ctfmon.exe

 

[-] 2007-03-11 02:21 1548288 B23D1FC94C037AE5F0E05A78B52596A4 c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VisualTaskTips"="c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2008-05-31 65536]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2008-12-21 342848]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-28 1830128]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Winsock2 driver"="ZUKMQC.EXE" - c:\windows\system32\zukmqc.exe [2009-06-19 91140]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Glass2k"="c:\arquivos de programas\Glass2k\Glass2k.exe" [2007-10-16 56325]

"DrvIcon"="c:\arquivos de programas\VistaDriveIcon\DrvIcon.exe" [2008-04-13 49152]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-18 185896]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-03-07 1932568]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-23 148888]

"PWRISOVM.EXE"="c:\arquivos de programas\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]

"Windows Dll Management Service"="dllmgr.exe" - c:\windows\dllmgr.exe [2009-06-18 84996]

"Winsock2 driver"="ZUKMQC.EXE" - c:\windows\system32\zukmqc.exe [2009-06-19 91140]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 25088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2004-08-04 101376]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Blaero Start Orb.lnk - c:\arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe [2006-7-30 521216]

Thoosje Sidebar.lnk - c:\arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288]

Thoosje Vista Sidebar.lnk - c:\arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-7-30 1715400]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoDevMgrUpdate"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 14:05 356352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-07 15:06 10520 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^WinFlip.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\WinFlip.lnk

backup=c:\windows\pss\WinFlip.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\Client.exe"=

"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\benbolux\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"=

"c:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"=

"c:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\No_Crypt_Client_2d.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\The Duel\\GunzLauncher.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\System\\poste.exe"=

"c:\\Documents and Settings\\Administrador\\new.exe"=

"c:\\WINDOWS\\system32\\zukmqc.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7700:TCP"= 7700:TCP:THE DUEL

"7800:TCP"= 7800:TCP:THE DUEL

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/4/2009 15:24 130936]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/3/2009 12:06 325640]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/3/2009 12:06 107912]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [17/2/2009 11:43 9968]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [17/2/2009 11:43 55024]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [7/3/2009 12:06 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [7/3/2009 12:06 298264]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/1/2009 18:59 55136]

R2 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [6/2/2009 18:08 533360]

R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [17/2/2009 11:43 7408]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [8/4/2009 15:24 348752]

S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]

S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*Deregistered* - mchInjDrv

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-33WE-AAX5-24KC2A3453431}]

c:\next\FILES\NEXT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67XOR2B0-3GMC-89VV-JIJ1-24KL2R3251431}]

c:\memory\S-v-6-2009\PeAcE.exe

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

mWindow Title =

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {A8CB1820-2298-4676-9080-87A69D6656C2} = 172.161.169.245,200.165.132.147

FF - ProfilePath -

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-19 22:33

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Winsock2 driver = ZUKMQC.EXE?copper903?##ddos##?alo???????Winsock2 driver?K???fucker?SNapper Fucking BOTS :D??????????mIRC v5.91 Khaled Mardam-Be

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

Winsock2 driver = ZUKMQC.EXE?copper903?##ddos##?alo???????Winsock2 driver?K???fucker?SNapper Fucking BOTS :D??????????mIRC v5.91 Khaled Mardam-Be

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(900)

c:\windows\system32\sfc_os.dll

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\cscui.dll

c:\windows\system32\COMRes.dll

.

Tempo para conclusão: 2009-06-20 22:35

ComboFix-quarantined-files.txt 2009-06-20 01:35

 

Pré-execução: 20 pasta(s) 45.549.174.784 bytes disponíveis

Pós execução: 20 pasta(s) 45.534.404.608 bytes disponíveis

 

245

 

------------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:50:30, on 19/6/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Glass2k\Glass2k.exe

C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\WINDOWS\dllmgr.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\SYSTEM32\zukmqc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe

O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Windows Dll Management Service] dllmgr.exe

O4 - HKLM\..\Run: [Winsock2 driver] ZUKMQC.EXE

O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\RunOnce: [Winsock2 driver] ZUKMQC.EXE

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 8813 bytes

[DigRam 144]

Bom Dia! Ben-Hur

 

<@> Abra o HijackThis e,em Modo Seguro,dê Fix nestas entradas:

 

O4 - HKLM\..\Run: [Windows Dll Management Service] dllmgr.exe

 

O4 - HKLM\..\Run: [Winsock2 driver] ZUKMQC.EXE

 

O4 - HKCU\..\RunOnce: [Winsock2 driver] ZUKMQC.EXE

 

<@> Terminando,volte ao Modo Normal!

<><><><><><><><><><>

<@> Baixe: < > ( ...by andymanchesta )

<@> Salve-o no Disco Local-C e,descompacte-o aí mesmo.

<@> Reinicie o computador em Modo de Segurança. <-- Link!

<@> Dê um duplo clique em: < runThis.bat >

 

<!> Caso uma janela abra e feche,repentinamente!

<!> Vá em Iniciar --> Executar --> Digite ou cole: %systemdrive%\SDFix\apps\FixPath.exe /Q --> OK!

<!> Reinicie o computador e execute,novamente,o SDFix.

<!> Caso não funcione,verifique a variável %comspec%.

<!> Clique direito do mouse,em Meu Computador --> Propriedades --> Avançadas.

<!> Em Variáveis do Ambiente,verifique se a variável ComSpec,tem o seguinte valor para o cmd.exe:

 

<!> Valor: %SystemRoot%\system32\cmd.exe

<@> Aperte o Y.

<@> Aguarde a conclusão!

<@> Terminando,aperte Enter. ( Ou,qualquer tecla!)

<@> O computador será reiniciado!

<@> Aguarde,ainda,a conclusão da limpeza.

<@> Poste: Report.txt <--

<><><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-33WE-AAX5-24KC2A3453431}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67XOR2B0-3GMC-89VV-JIJ1-24KL2R3251431}]

[-HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ZUKMQC.EXE]

[-HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ZUKMQC.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Winsock2 driver"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Winsock2 driver"=-

File::

c:\Arquivos de programas\Arquivos comuns\System\poste.exe

c:\documents and settings\Administrador\dada31.exe

c:\documents and settings\Administrador\udpte.exe

c:\documents and settings\Administrador\dada.exe

c:\documents and settings\Administrador\new.exe

c:\documents and settings\poste.exe

c:\windows\system32\winctrl.exe

c:\windows\system32\ayloyik.exe

c:\windows\system32\jftwqlv.exe

c:\windows\system32\dkpzmsf.exe

c:\memory\S-v-6-2009\PeAcE.exe

c:\windows\system32\uhioay.exe

c:\windows\system32\zukmqc.exe

c:\windows\system32\log.dll

c:\next\FILES\NEXT.exe

c:\windows\dllmgr.exe

c:\windows\Nrtdl.exe

C:\cftmos.exe

DirLook::

c:\arquivos de programas\AxBx

Folder::

c:\memory\S-v-6-2009

c:\next\FILES

C:\MEMORY

C:\FILES

C:\DATA

C:\5_5

C:\NEXT

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Ben-Hur 0]

Segue os logs Report, Combofix e Hijackthis respectivamente:

 

 

SDFix: Version 1.240

Run by Administrador on sáb 20/06/2009 at 13:43

 

Microsoft Windows XP [versão 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-20 14:03:23

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Arquivos de programas\DAEMON Tools Lite\"

"h0"=dword:00000001

"hdf12"=hex:01,27,f9,9d,93,05,20,1d,8e,32,8b,e6,01,c0,cd,1f,8d,4a,8e,6b,23,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]

"a0"=hex:20,01,00,00,a7,5c,65,48,3a,a0,a1,29,f3,78,4a,b7,f9,39,b1,68,b9,..

"hdf12"=hex:b1,f8,64,bc,3a,54,a7,ec,6e,32,00,e0,22,49,fa,cf,ad,f8,8f,7e,68,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]

"hdf12"=hex:6b,8f,2c,be,d3,09,f8,24,d8,fa,39,25,fc,95,f6,f4,d1,f7,9d,eb,8a,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:b0,1e,26,be,98,ab,75,6d,64,d6,78,e6,1b,6e,05,f0,1c,e0,2a,6f,1d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:10,04,cc,0b,e6,69,41,1f,29,a4,2d,5e,6e,b8,84,41,8f,48,c4,d5,ca,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:0e,e1,ee,7f,90,0e,7d,62,05,20,40,97,73,dc,74,40,aa,9b,cc,12,58,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

"p0"="C:\Arquivos de programas\DAEMON Tools Lite\"

"h0"=dword:00000001

"hdf12"=hex:01,27,f9,9d,93,05,20,1d,8e,32,8b,e6,01,c0,cd,1f,8d,4a,8e,6b,23,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]

"a0"=hex:20,01,00,00,a7,5c,65,48,3a,a0,a1,29,f3,78,4a,b7,f9,39,b1,68,b9,..

"hdf12"=hex:b1,f8,64,bc,3a,54,a7,ec,6e,32,00,e0,22,49,fa,cf,ad,f8,8f,7e,68,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]

"hdf12"=hex:6b,8f,2c,be,d3,09,f8,24,d8,fa,39,25,fc,95,f6,f4,d1,f7,9d,eb,8a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:b0,1e,26,be,98,ab,75,6d,64,d6,78,e6,1b,6e,05,f0,1c,e0,2a,6f,1d,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:10,04,cc,0b,e6,69,41,1f,29,a4,2d,5e,6e,b8,84,41,8f,48,c4,d5,ca,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:0e,e1,ee,7f,90,0e,7d,62,05,20,40,97,73,dc,74,40,aa,9b,cc,12,58,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\DreaMule\\emule.exe"="C:\\Arquivos de programas\\DreaMule\\emule.exe:*:Enabled:Dreamule"

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"="C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"="C:\\Arquivos de programas\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"="C:\\Arquivos de programas\\Megacubo\\megacubo.exe:*:Enabled:MegaCubo"

"C:\\Arquivos de programas\\Garena\\Garena.exe"="C:\\Arquivos de programas\\Garena\\Garena.exe:*:Enabled:Garena"

"C:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\Client.exe"="C:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\Client.exe:*:Enabled:Client"

"C:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\benbolux\\counter-strike\\hl.exe"="C:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\benbolux\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"="C:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe:*:Enabled:Guitar Hero III"

"C:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"="C:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe:*:Enabled:Gears of War"

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"="C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"

"C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="C:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"

"C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"

"C:\\Arquivos de programas\\DNA\\btdna.exe"="C:\\Arquivos de programas\\DNA\\btdna.exe:*:Enabled:DNA"

"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"="C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"="C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme:*:Enabled:GunBound"

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"="C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"="C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

"C:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"="C:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"="C:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe:*:Enabled:Gunz"

"C:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\No_Crypt_Client_2d.exe"="C:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\No_Crypt_Client_2d.exe:*:Enabled:Ultima Online Client"

"C:\\Arquivos de programas\\LevelUpGames\\The Duel\\GunzLauncher.exe"="C:\\Arquivos de programas\\LevelUpGames\\The Duel\\GunzLauncher.exe:*:Enabled:The Duel"

"C:\\Arquivos de programas\\Arquivos comuns\\System\\poste.exe"="C:\\Arquivos de programas\\Arquivos comuns\\System\\poste.exe:*:Enabled:Windows Update"

"C:\\Documents and Settings\\Administrador\\new.exe"="C:\\Documents and Settings\\Administrador\\new.exe:*:Enabled:Windows Update"

"C:\\WINDOWS\\system32\\zukmqc.exe"="C:\\WINDOWS\\system32\\zukmqc.exe:*:Disabled:zukmqc"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Thu 18 Jun 2009 108,544 ..SHR --- "C:\Documents and Settings\poste.exe"

Thu 18 Jun 2009 84,996 ..SHR --- "C:\WINDOWS\dllmgr.exe"

Tue 16 Jun 2009 84,996 ..SHR --- "C:\WINDOWS\Nrtdl.exe"

Thu 14 May 2009 53,248 A.SHR --- "C:\DATA\FILES\BEAST.exe"

Tue 16 Jun 2009 91,140 ...H. --- "C:\WINDOWS\system32\ayloyik.exe"

Tue 16 Jun 2009 91,140 ...H. --- "C:\WINDOWS\system32\dkpzmsf.exe"

Tue 16 Jun 2009 91,140 ...H. --- "C:\WINDOWS\system32\jftwqlv.exe"

Fri 19 Jun 2009 91,140 ...H. --- "C:\WINDOWS\system32\uhioay.exe"

Tue 16 Jun 2009 91,140 ...H. --- "C:\WINDOWS\system32\winctrl.exe"

Fri 19 Jun 2009 91,140 ...H. --- "C:\WINDOWS\system32\zukmqc.exe"

Thu 18 Jun 2009 108,544 ..SHR --- "C:\Arquivos de programas\Arquivos comuns\System\poste.exe"

Sat 21 Feb 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 30 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

 

Finished!

 

-----------------------------------------------------------------------------------------------------------------------------------------

 

 

 

 

ComboFix 09-06-19.01 - Administrador 20/06/2009 14:15.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1335 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

 

FILE ::

"c:\arquivos de programas\Arquivos comuns\System\poste.exe"

"C:\cftmos.exe"

"c:\documents and settings\Administrador\dada.exe"

"c:\documents and settings\Administrador\dada31.exe"

"c:\documents and settings\Administrador\new.exe"

"c:\documents and settings\Administrador\udpte.exe"

"c:\documents and settings\poste.exe"

"c:\memory\S-v-6-2009\PeAcE.exe"

"c:\next\FILES\NEXT.exe"

"c:\windows\dllmgr.exe"

"c:\windows\Nrtdl.exe"

"c:\windows\system32\ayloyik.exe"

"c:\windows\system32\dkpzmsf.exe"

"c:\windows\system32\jftwqlv.exe"

"c:\windows\system32\log.dll"

"c:\windows\system32\uhioay.exe"

"c:\windows\system32\winctrl.exe"

"c:\windows\system32\zukmqc.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\5_5

C:\DATA

C:\FILES

C:\MEMORY

C:\NEXT

c:\5_5\5\DesKTop.ini

c:\arquivos de programas\Arquivos comuns\System\poste.exe

C:\cftmos.exe

c:\data\FILES\BEAST.exe

c:\data\FILES\Desktop.ini

c:\documents and settings\Administrador\dada.exe

c:\documents and settings\Administrador\dada31.exe

c:\documents and settings\Administrador\new.exe

c:\documents and settings\Administrador\udpte.exe

c:\documents and settings\poste.exe

c:\files\REMOVED\Desktop.ini

c:\memory\S-v-6-2009\Desktop.ini

c:\memory\S-v-6-2009\PeAcE.exe

c:\next\FILES\Desktop.ini

c:\next\FILES\NEXT.exe

c:\windows\dllmgr.exe

c:\windows\Nrtdl.exe

c:\windows\system32\ayloyik.exe

c:\windows\system32\dkpzmsf.exe

c:\windows\system32\jftwqlv.exe

c:\windows\system32\log.dll

c:\windows\system32\uhioay.exe

c:\windows\system32\winctrl.exe

c:\windows\system32\zukmqc.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-20 to 2009-06-20 ))))))))))))))))))))))))))))

.

 

2009-06-20 16:42 . 2009-06-20 16:42 577536 ----a-w- c:\windows\system32\dllcache\user32.dll

2009-06-20 16:41 . 2009-06-20 16:41 -------- d-----w- c:\windows\ERUNT

2009-06-20 16:32 . 2009-06-20 17:04 -------- d-----w- C:\SDFix

2009-06-20 16:29 . 2009-06-20 16:32 1529241 ----a-w- C:\SDFix.exe

2009-06-19 21:59 . 2009-06-19 21:59 91140 ----a-w- C:\bus.exe

2009-06-17 16:57 . 2009-06-17 16:57 -------- d-----w- c:\arquivos de programas\AxBx

2009-06-04 00:01 . 2009-06-04 00:01 1878984 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

2009-05-23 00:01 . 2009-05-23 00:01 -------- d-----w- c:\arquivos de programas\Defraggler

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-20 17:15 . 2008-12-21 12:17 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DNA

2009-06-20 17:05 . 2009-03-13 16:10 117760 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-06-20 17:05 . 2008-07-30 16:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-06-20 17:05 . 2008-12-21 12:17 -------- d-----w- c:\arquivos de programas\DNA

2009-06-20 01:29 . 2009-04-08 18:24 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-18 18:04 . 2009-04-08 18:24 -------- d-----w- c:\arquivos de programas\Spyware Doctor

2009-06-15 22:30 . 2008-07-30 15:38 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\foobar2000

2009-05-28 15:59 . 2009-03-13 16:06 -------- d-----w- c:\arquivos de programas\SUPERAntiSpyware

2009-05-22 23:05 . 2008-10-27 17:10 -------- d-----w- c:\arquivos de programas\CCleaner

2009-05-18 23:27 . 2009-04-08 18:24 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-05-15 23:55 . 2008-08-09 16:54 34 ----a-w- c:\documents and settings\Administrador\jagex_runescape_preferences.dat

2009-05-08 21:23 . 2009-05-08 21:23 -------- d-----w- c:\arquivos de programas\Free WMA to MP3 Converter

2009-04-25 20:46 . 2009-04-25 20:46 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DirectX

2009-04-25 20:46 . 2008-09-25 20:56 -------- d-----w- c:\arquivos de programas\EA Games

2009-04-25 20:17 . 2009-04-25 17:49 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

2009-04-25 20:14 . 2009-04-25 17:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools Lite

2009-04-25 20:14 . 2008-10-21 21:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools

2009-04-25 17:50 . 2009-04-25 17:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2009-04-25 17:49 . 2009-04-25 17:49 -------- d-----w- c:\arquivos de programas\DAEMON Tools Toolbar

2009-04-25 17:22 . 2008-10-21 21:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-04-25 17:21 . 2009-04-25 17:21 -------- d-----w- c:\arquivos de programas\PowerISO

2009-04-25 10:34 . 2008-12-21 12:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent

2009-04-23 16:26 . 2009-04-23 16:26 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-04-23 16:26 . 2009-04-23 16:26 -------- d-----w- c:\arquivos de programas\Java

2009-04-23 16:23 . 2009-04-11 22:10 -------- d-----w- c:\arquivos de programas\Total Video Converter

2009-04-23 00:40 . 2008-08-18 01:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\LimeWire

2009-04-05 15:38 . 2001-10-28 14:07 77658 ----a-w- c:\windows\system32\perfc016.dat

2009-04-05 15:38 . 2001-10-28 14:07 449496 ----a-w- c:\windows\system32\perfh016.dat

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\arquivos de programas\AxBx ----

 

2009-06-17 16:57 . 2009-06-17 16:57 75 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\CleanVirusMSN.url

2009-06-17 16:57 . 2009-06-17 16:57 2378 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\unins000.dat

2009-05-04 15:40 . 2009-05-04 15:40 1972600 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\CleanVirusMSN.exe

2009-05-04 14:58 . 2009-05-04 14:58 345280 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\mdpe_msn2.dat

2009-05-04 14:57 . 2009-05-04 14:57 9309 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\sig_msn2.dat

2009-02-27 13:25 . 2009-02-27 13:25 10612576 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\mdpe_msn.dat

2009-02-27 13:22 . 2009-02-27 13:22 1248048 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\sig_msn.dat

2006-02-07 22:08 . 2006-02-07 22:08 139264 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\vk_sscan.dll

2004-06-27 04:00 . 2004-06-27 04:00 77257 ----a-w- c:\arquivos de programas\AxBx\Clean Virus MSN\unins000.exe

 

 

------- Sigcheck -------

 

[-] 2004-08-04 02:45 803328 048367EF3E654F8FB83E4DBB1E26B81D c:\windows\system32\wininet.dll

[7] 2004-08-04 02:45 658432 398A619CE60090303042D1F8CC68F712 c:\windows\VistaMizer\old\wininet.dll

 

[-] 2007-03-11 13:18 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys

 

[-] 2004-08-04 02:45 543744 3550BFE59972A67AC2F7781041D28EA7 c:\windows\system32\winlogon.exe

[7] 2004-08-04 02:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\VistaMizer\old\winlogon.exe

 

[-] 2007-03-11 02:20 2276352 A53C82CFAEA08A66E5BE639BA79B8E3F c:\windows\system32\ntkrnlpa.exe

[7] 2007-03-11 02:20 2019328 31DFE96B6B6FA4C9CA098CEAF21B29A5 c:\windows\VistaMizer\old\ntkrnlpa.exe

 

[-] 2004-08-04 02:40 2409472 4BF58C65F1867CDBD1494561C07CF6FB c:\windows\system32\ntoskrnl.exe

[7] 2004-08-04 02:40 2152448 91448D27F6DFAF50DD1D5FD3D8C1F3BD c:\windows\VistaMizer\old\ntoskrnl.exe

 

[-] 2004-08-04 02:45 1552896 D3C07AB98492D1518F5E8341ADBC4F76 c:\windows\explorer.exe

[7] 2004-08-04 02:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\VistaMizer\old\explorer.exe

 

[-] 2004-08-04 02:45 25088 A3F0971DBBA9657034C303B39464EA5B c:\windows\system32\ctfmon.exe

[7] 2004-08-04 02:45 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\VistaMizer\old\ctfmon.exe

 

[-] 2007-03-11 02:21 1548288 B23D1FC94C037AE5F0E05A78B52596A4 c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-06-20_01.33.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-20 16:46 . 2009-06-20 16:46 16384 c:\windows\temp\Perflib_Perfdata_400.dat

+ 2009-06-20 16:41 . 2009-06-20 16:41 253952 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2009-06-20 16:41 . 2008-08-07 18:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2009-06-20 16:41 . 2009-06-20 16:41 253952 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2009-06-20 16:41 . 2008-08-07 18:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE

+ 2009-06-20 16:41 . 2009-06-20 16:41 8921088 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2009-06-20 16:41 . 2009-06-20 16:41 8921088 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VisualTaskTips"="c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe" [2008-05-31 65536]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2008-12-21 342848]

"SUPERAntiSpyware"="c:\arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-28 1830128]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Glass2k"="c:\arquivos de programas\Glass2k\Glass2k.exe" [2007-10-16 56325]

"DrvIcon"="c:\arquivos de programas\VistaDriveIcon\DrvIcon.exe" [2008-04-13 49152]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-18 185896]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-03-07 1932568]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-23 148888]

"PWRISOVM.EXE"="c:\arquivos de programas\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 25088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2004-08-04 101376]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Blaero Start Orb.lnk - c:\arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe [2006-7-30 521216]

Thoosje Sidebar.lnk - c:\arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288]

Thoosje Vista Sidebar.lnk - c:\arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 524288]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-7-30 1715400]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoDevMgrUpdate"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 14:05 356352 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-03-07 15:06 10520 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^WinFlip.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\WinFlip.lnk

backup=c:\windows\pss\WinFlip.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\Client.exe"=

"c:\\Arquivos de programas\\Valve\\Steam\\SteamApps\\benbolux\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"=

"c:\\Arquivos de programas\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"c:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"=

"c:\\Arquivos de programas\\EA Games\\Ultima Online Mondain's Legacy\\No_Crypt_Client_2d.exe"=

"c:\\Arquivos de programas\\LevelUpGames\\The Duel\\GunzLauncher.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7700:TCP"= 7700:TCP:THE DUEL

"7800:TCP"= 7800:TCP:THE DUEL

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/4/2009 15:24 130936]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/3/2009 12:06 325640]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/3/2009 12:06 107912]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS [17/2/2009 11:43 9968]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [17/2/2009 11:43 55024]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [7/3/2009 12:06 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [7/3/2009 12:06 298264]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/1/2009 18:59 55136]

R2 fsssvc;Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [6/2/2009 18:08 533360]

R3 SASENUM;SASENUM;c:\arquivos de programas\SUPERAntiSpyware\SASENUM.SYS [17/2/2009 11:43 7408]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [8/4/2009 15:24 348752]

S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]

S3 XDva223;XDva223;\??\c:\windows\system32\XDva223.sys --> c:\windows\system32\XDva223.sys [?]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

mWindow Title =

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {A8CB1820-2298-4676-9080-87A69D6656C2} = 172.161.169.245,200.165.132.147

FF - ProfilePath -

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-20 14:17

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(896)

c:\windows\system32\sfc_os.dll

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\cscui.dll

c:\windows\system32\COMRes.dll

.

Tempo para conclusão: 2009-06-20 14:19

ComboFix-quarantined-files.txt 2009-06-20 17:19

ComboFix2.txt 2009-06-20 01:35

 

Pré-execução: 21 pasta(s) 45.404.958.720 bytes disponíveis

Pós execução: 21 pasta(s) 45.391.020.032 bytes disponíveis

 

278

 

-------------------------------------------------------------------------------------------------------------------

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:28:19, on 20/6/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Glass2k\Glass2k.exe

C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

C:\WINDOWS\system32\CF9947.exe

C:\WINDOWS\explorer.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe

O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 8719 bytes

[DigRam 144]

Boa Tarde! Ben-Hur

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><>

<@> Faça um escaneamento,online,em: < Eset Nod32 >

<@> Utilize o navegador Internet Explorer.

<@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.

<@> Marque a caixa: "YES, I accept the Terms of Use" --> Start.

<@> Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( C:\Arquivos de programas\EsetOnlineScanner\log )

 

Abraços!

[Ben-Hur 0]

Segue o log do ESET:

 

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=6

# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

# OnlineScanner.ocx=1.0.0.5863

# api_version=3.0.2

# EOSSerial=82c77b3d7e3d9e48a01ea0c18a64e05f

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-06-21 04:50:33

# local_time=2009-06-21 01:50:33 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1046

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=1026 61 83 95 70830149375000

# scanned=60908

# found=2

# cleaned=2

# scan_time=721

C:\Arquivos de programas\Arquivos comuns\System\poste.exe Win32/Injector.QX cavalo de Tróia (limpo por exclusão (após a próxima reinicialização) - em quarentena) 00000000000000000000000000000000

C:\Arquivos de programas\LevelUpGames\The Duel\GunzLauncher.exe provavelmente uma variante de Win32/TrojanDownloader.Agent cavalo de Tróia (limpo por exclusão - em quarentena) 00000000000000000000000000000000

[DigRam 144]

Boa Tarde! Ben-Hur

 

<@> Baixe: < Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[Ben-Hur 0]

Desculpe a demora....não tive como fazer isso antes...

 

ai segue o log Malwarebytes e Hiajck respectivamente:

 

 

Malwarebytes' Anti-Malware 1.38

Versão do banco de dados: 2325

Windows 5.1.2600 Service Pack 2

 

23/6/2009 17:47:21

mbam-log-2009-06-23 (17-47-21).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 157404

Tempo decorrido: 24 minute(s), 34 second(s)

 

Processos da Memória infectados: 1

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 1

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 6

 

Processos da Memória infectados:

C:\WINDOWS\dllmgr.exe (Backdoor.Bot) -> Unloaded process successfully.

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update (Trojan.Agent) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\dllmgr.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\documents and settings\administrador\clt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\documents and settings\administrador\suf.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\system volume information\_restore{0c162325-8188-4ae7-8296-b75498d6106e}\RP33\A0004921.exe (Rogue.Installer) -> Quarantined and deleted successfully.

c:\WINDOWS\images003-jpg.zip (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Arquivos comuns\System\poste.exe (Trojan.Agent) -> Delete on reboot.

 

----------------------------------------------------------------------------------------------------------------------------

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:50:45, on 23/6/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Glass2k\Glass2k.exe

C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Windows\system32\Fixdirs32.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\abod.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe

O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Windows Dll Management Service] dllmgr.exe

O4 - HKLM\..\Run: [MSN] C:\Windows\system32\Fixdirs32.exe

O4 - HKLM\..\Run: [virx] abod.exe

O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 9228 bytes

[DigRam 144]

Boa Noite! Ben-Hur

 

<@> Abra o HijackThis e,em Modo Seguro,dê Fix nestas entradas:

 

O4 - HKLM\..\Run: [Windows Dll Management Service] dllmgr.exe

 

O4 - HKLM\..\Run: [MSN] C:\Windows\system32\Fixdirs32.exe

 

O4 - HKLM\..\Run: [virx] abod.exe

 

<@> Reinicie em Modo Normal!

<><><><><><><><><>

<@> Baixe: < Avenger.zip >

<@> Descompacte-o,para o Desktop!

<@> Selecione e copie,tudo o que estiver abaixo da palavra CODE,para o Bloco de Notas.

 

Files to delete:C:\Windows\system32\Fixdirs32.exeC:\WINDOWS\dllmgr.exeC:\WINDOWS\abod.exeDrivers to disable:CiSvc

<@> Estando desconectado,vá ao Bloco de Notas e aplique os atalhos: ( control + a ) --> ( control + c )

<@> Execute,agora,o Avenger.exe

<@> Clique com o direito do mouse,na janela Input script here.

<@> Clique em Paste ou ( control + v ). <-- Colar!

<@> Clique em Execute.

<@> Escolha "Yes",duas vezes,quando solicitado.

<@> Terminando o script,o computador será reiniciado.

<@> Ps: Na mensagem: "Não há nenhum disco na unidade. Insira um disco na unidade." --> Clique em continuar!

<@> É possivel que o computador,seja reiniciado mais de uma vez!

<@> Poste:

 

<1> C:\avenger.txt <-- Relatório!

<2> Log do HijackThis,atualizado.

 

Abraços!

[Ben-Hur 0]

segue o log Avenger e Hijack respectivamente:

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

File "C:\Windows\system32\Fixdirs32.exe" deleted successfully.

 

Error: file "C:\WINDOWS\dllmgr.exe" not found!

Deletion of file "C:\WINDOWS\dllmgr.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

File "C:\WINDOWS\abod.exe" deleted successfully.

Driver "CiSvc" disabled successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

------------------------------------------------------------------------------------

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:43:16, on 24/6/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Glass2k\Glass2k.exe

C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Arquivos de programas\Styler\TB\StylerTB.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Glass2k] C:\Arquivos de programas\Glass2k\Glass2k.exe

O4 - HKLM\..\Run: [DrvIcon] C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKCU\..\Run: [VisualTaskTips] "C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe" noTrayIcon

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Blaero Start Orb.lnk = C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

O4 - Startup: Thoosje Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Arquivos de programas\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB1820-2298-4676-9080-87A69D6656C2}: NameServer = 172.161.169.245,200.165.132.147

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

 

--

End of file - 8963 bytes

[DigRam 144]

Boa Noite! Ben-Hur

 

<@> Baixe: < > (...par A.Rothstein & dj Quiou )

<@> Salve-o no desktop!

<@> Feche programas que estejam abertos,e execute a ferramenta.

<@> Clique no botão Recherche,para iniciar o scan. <-- Aguarde!

<@> Terminando,teremos relacionados os itens que serão removidos.

<@> Clique no botão Supression para remover os itens encontrados.

<@> Clique,à seguir,em Quitter.

<@> Poste,caso queira,o relatório: ( C:\TCleaner.txt ) <--

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

<@> Estando tudo Ok,crie um ponto limpo na Restauração do Sistema.

<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

<@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.

<@> Para maiores detalhes,leia o Tutorial: < Link >

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

<!> O log do HijackThis está limpo!

<!> Tudo Ok?

 

Abraços!

[Ben-Hur 0]

postarei em breve o log do toolcleaner....

 

bem, existem duas coisas que ainda me incomodam:

 

1º- o Windows Live Messenger executa sozinho(nao ao ligar o computador) por exemplo: eu fexo o Windows live Messenger, alguns minutos ou até segundos depois ele "aparece" no canto direito embaixo denovo como se eu nao o tivesse fechado.

 

2º- Apareceram algumas vezes uma "janelinha" de prompt com uma mensagem de aviso de uma tentativa de invasão ou coisa parecida.

 

 

obrigado!

[DigRam 144]

postarei em breve o log do toolcleaner....

 

bem, existem duas coisas que ainda me incomodam:

 

1º- o Windows Live Messenger executa sozinho(nao ao ligar o computador) por exemplo: eu fexo o Windows live Messenger, alguns minutos ou até segundos depois ele "aparece" no canto direito embaixo denovo como se eu nao o tivesse fechado.

 

2º- Apareceram algumas vezes uma "janelinha" de prompt com uma mensagem de aviso de uma tentativa de invasão ou coisa parecida.

 

 

obrigado!

<><><><><><><><><>

Bom Dia! Ben-Hur

 

1º- o Windows Live Messenger executa sozinho(nao ao ligar o computador) por exemplo: eu fexo o Windows live Messenger, alguns minutos ou até segundos depois ele "aparece" no canto direito embaixo denovo como se eu nao o tivesse fechado.

<!> Procure desabilitá-lo,da inicialização,indo ao Utilitário da configuração do sistema.

<!> Ps: Caso não resolva,desinstale-o! Sendo que,durante o processo,escolha Reparar.

<><><><><><><><><>

2º- Apareceram algumas vezes uma "janelinha" de prompt com uma mensagem de aviso de uma tentativa de invasão ou coisa parecida.

<!> Verificou se está relacionado ao Avg8?

 

Abraços!

[Ben-Hur 0]

Bem, nao vou postar o log do ToolCleaner pois ele apenas removeu coisas que para mim eram superficiais, e como voce disse que nao era necessario entao fica por isso mesmo.

 

Porem segue uma imagem da "janelinha" prompt que eu disse:

 

 

 

Não sei se possui relaçao com o AVG8.De qualquer maneira pretendo mudar de anti-virus.Penso em instalar o Avast Home Edition.

 

 

Bem, o problema inicial com o Explorer foi resolvido!Mais uma vez Muito Obrigado!

[DigRam 144]

Boa Noite! Ben-Hur

 

Porem segue uma imagem da "janelinha" prompt que eu disse:

<!> Pelo visto,ainda,temos malware no PC.

 

Não sei se possui relaçao com o AVG8.De qualquer maneira pretendo mudar de anti-virus.Penso em instalar o Avast Home Edition.

<!> O Avira é superior,mas...fica à seu gosto a escolha.

<><><><><><><><><><>

<@> Utilizando o Windows Explorer,delete o ficheiro em destaque:

 

C:\DOCUME~1\ADMINI~1\red.exe <--

 

<@> Baixe: < a-squared Free 4.5 >

 

<!> Link Opcional: < >

 

<@> Salve-o em Arquivos de programas.

<@> Abra o programa e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: "Scan PC"

<@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar".

<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".

<@> Salve e poste o relatório desta verificação. ( a2scan_xxyy09-xxxxxx.txt )

 

Abraços!

[Ben-Hur 0]

Segue o log do A-Square, com algumas observaçoes antes que talves possam ajudar:

 

Obs1:Não foi possivel Desisntalar o AVG pelo seguinte erro:

 

Máquina local: preparado para a instalação

Instalação:

Erro: Não é possível desinstalar. O produto não está instalado.

 

 

Obs2:O gerenciador de tarefas quando aberto , se auto-finaliza.

 

Obs3:O Explorer.exe voltou a dar erros ao iniciar o computador.

 

Obs4:O progama Autorun Eater detectou alguns virus provenientes dos pen-drives utilizados neste computador, porem ele nao foi capaz de remove-los.

 

Obs5:O progama a-Square nao foi capaz de remover alguns virus detectados.

 

Obs6:Musicas(audio em geral), Videos(Jogos, etc) e o mouse vem dando "travadinhas" durante a utilização.

 

Segue apartir daqui o log do A-Square:

 

a-squared Free - Versão 4.5

Última atualização 28/6/2009 13:27:03

 

Configurações da análise:

 

Scan type: deep

Objetos: Memória, Rastros, Cookies, C:\, D:\

Análise de arquivos: Ligado

Heurística: Desligado

Análise de ADS: Ligado

 

Início da análise: 28/6/2009 13:54:36

 

[296] C:\WINDOWS\dllmgr.exe detectado: Virus.Win32.CeeInject!IK

c:\arquivos de programas\bittorrent detectado: Trace.Directory.Bittorrent 5.0!A2

c:\documents and settings\all users\menu iniciar\programas\bittorrent detectado: Trace.Directory.Bittorrent 5.0!A2

Value: HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bittorrent --> Order detectado: Trace.Registry.Bittorrent 5.0!A2

Value: HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser --> ITBarLayout detectado: Trace.Registry.SweetIM Toolbar for Internet Explorer 3.3!A2

c:\arquivos de programas\bittorrent\bittorrent.exe detectado: Trace.File.Bittorrent 5.0!A2

c:\documents and settings\all users\menu iniciar\programas\bittorrent\bittorrent.lnk detectado: Trace.File.Bittorrent 5.0!A2

c:\documents and settings\administrador\desktop\bittorrent.lnk detectado: Trace.File.Bittorrent 5.0!A2

Key: HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-500\software\kazaa detectado: Trace.Registry.KaZaA!A2

C:\Documents and Settings\Administrador\Cookies\administrador@atdmt[2].txt detectado: Trace.TrackingCookie.atdmt!A2

C:\5_5\5\OG.exe detectado: Trojan.Win32.Buzus!IK

C:\Arquivos de programas\DreaMule\incoming\Crack.FLATOUT2.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

C:\Arquivos de programas\Electronic Arts\SPORE\Sporebin\SporeApp.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

C:\Arquivos de programas\Outlook Express\wab.exe detectado: Trojan-Spy.Zbot!IK

C:\Arquivos de programas\Razor\Update.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

C:\Backup\World of Warcraft\AptUpdate.exe detectado: Generic.PWS.WoW!IK

C:\Backup\World of Warcraft\howow.exe detectado: Generic.PWS.WoW!IK

C:\C\Settings\cl.exe detectado: Trojan.Win32.Buzus!IK

C:\DATA\FILES\BEAST.exe detectado: Riskware.Win32.VBInject!IK

C:\Documents and Settings\Administrador\Configurações locais\Temp\CLK.exe detectado: Trojan.Win32.Buzus!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil18780D24.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil1F163BE4.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil387769F1.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil4B434729.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil66720590.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil87070564.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil8E7BB590.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filAA032040.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filAA6A1099.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filC040C464.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filC4863969.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filC55C4B79.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filCCE731D1.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filEA6E9B44.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filEFB63829.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filF20406C9.dat/unnamed detectado: Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Desktop\Desktop Files\Total Video Converter 3.11(serial+programa) PSP_downloads.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Desktop\Downloads\uninstall.exe detectado: Trojan.Swizzor!IK

C:\Documents and Settings\Administrador\Meus documentos\Dmailer\Dmailer_for_Lexar_v7_0_334.exe detectado: Trojan.Agent!IK

C:\Documents and Settings\Administrador\Meus documentos\Escola\Espanhol.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\Minhas imagens\MAV\Logomarcas Igreja\Arquivos digitais.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\Musicas\Eric Cross 2008 - The Art Of Composition (Hip Hop).rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\Musicas\Pregador_Luo-m_sica_de_guerra_-_1__miss_o_2008.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\My Received Files\ENBSeries ben-hur.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\NDS\0696 - Jump Ultimate Stars (U) - PATCH.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\Sony Vegas Pro 8.0c Full\Keygen.exe detectado: Riskware.MultiKeygenPatch!IK

C:\Documents and Settings\Administrador\Meus documentos\UO Role Play\builds12.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\UO Role Play\patch11.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun107.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun113.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun127.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun131.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun149.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun50.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun53.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun56.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun59.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun62.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun64.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun67.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun71.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun75.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun78.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun82.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun86.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun91.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun95.inf detectado: Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun98.inf detectado: Trojan.AutorunINF!IK

C:\FILES\REMOVED\BEST.exe detectado: Virus.Trojan.Win32.Buzus!IK

C:\MEMORY\S-v-6-2009\PeAcE.exe detectado: Trojan.Win32.Buzus!IK

C:\Nsum\F\Tud.exe detectado: Virus.Trojan.Win32.Agent!IK

C:\RECYCLER\S-1-5-21-1757981266-1035525444-725345543-500\Dc4.exe detectado: Virus.Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004276.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004293.exe detectado: Trojan-Dropper.Agent!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004295.exe detectado: Virus.Win32.VB!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004296.exe detectado: Virus.Win32.VB!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004531.exe detectado: Trojan-Spy.Win32.Zbot!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004532.exe detectado: Riskware.Win32.VBInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004544.exe detectado: Trojan.Win32.Inject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004552.exe detectado: Trojan-Dropper.Agent!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004635.exe detectado: Trojan.Win32.VB!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP32\A0004765.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP32\A0004767.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP32\A0004768.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP33\A0004804.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP33\A0004805.exe detectado: Trojan.Win32.VB!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP33\A0004821.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0004963.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0004982.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0004998.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005002.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005026.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005041.exe detectado: Backdoor.Win32.Gaertob!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005044.exe detectado: Riskware.Win32.Injector!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005046.exe detectado: Trojan.Win32.Zapchast!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005053.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005066.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005091.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005102.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005103.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005121.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005122.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005146.exe detectado: Riskware.Win32.VBInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005147.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005165.exe detectado: Riskware.Win32.VBInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005167.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005168.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005379.exe detectado: Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005380.exe detectado: Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005384.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005385.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005387.exe detectado: Riskware.Win32.VBInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005390.exe detectado: Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005391.exe detectado: Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005392.exe detectado: Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005417.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005505.exe detectado: Backdoor.Win32.Gaertob!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005507.exe detectado: Riskware.Win32.Injector!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005524.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005526.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005629.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005631.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005632.exe detectado: Riskware.Win32.VBInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP40\A0005640.exe detectado: Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP41\A0005677.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP41\A0005679.exe detectado: Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP41\A0005680.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP42\A0005681.exe detectado: Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005684.exe detectado: Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005712.exe detectado: Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005713.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005716.exe detectado: Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005717.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005721.exe detectado: Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005745.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005747.exe detectado: Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005748.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005749.exe detectado: Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005772.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005775.exe detectado: Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005920.exe detectado: Trojan.Win32.Ransom!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005924.exe detectado: Trojan-Dropper.Agent!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005925.exe detectado: Backdoor.Win32.Gaertob!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005926.exe detectado: Backdoor.Win32.Gaertob!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005927.exe detectado: Riskware.Win32.Injector!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005928.exe detectado: Riskware.Win32.Injector!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005948.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005992.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006508.exe detectado: Virus.Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006549.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006551.exe detectado: Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006554.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006556.exe detectado: Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006557.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006558.exe detectado: Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006559.exe detectado: Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006561.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006566.exe detectado: Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006568.exe detectado: Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006569.exe detectado: Riskware.Win32.Injector!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006571.exe detectado: Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006592.exe detectado: Trojan.Win32.Buzus!IK

C:\WINDOWS\dllmgr.exe detectado: Virus.Win32.CeeInject!IK

C:\WINDOWS\images003-jpg.zip/Fixdirs32.exe detectado: Riskware.Win32.Injector!IK

C:\WINDOWS\system32\ddd\Beclickz.dll detectado: IRC.Flood!IK

C:\WINDOWS\system32\ddd\imds.hlp detectado: Backdoor.IRC.Zapchast!IK

C:\WINDOWS\system32\ddd\ionfgs.hlp detectado: Backdoor.IRC.Cloner!IK

C:\WINDOWS\system32\ddd\irsss.hlp detectado: Backdoor.IRC.Zapchast!IK

C:\WINDOWS\system32\ddd\ODCB.INI detectado: Trojan.Ircflood!IK

C:\WINDOWS\system32\ddd\Refix.ocx detectado: Backdoor.IRC.Zapchast!IK

C:\WINDOWS\system32\ddd\winregs.ocx detectado: Backdoor.IRC.Zapchast!IK

D:\BACKUP\AGE OF EMPIRES\Age Of Empires II\mythxpak.exe detectado: Virus.Win32.Sality!IK

D:\BACKUP\Ben\WLM_9.0_Beta.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

D:\Crysis Warhead\#readme#\paul.original.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

D:\Emuladores\Mega\Tiny Toon Adventures - Acme All Stars (E)_emulabr.com.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

D:\Emuladores\N64\Roms\marioparty3.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

D:\Fotos\Backup Maquina\Backup Maquina.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

D:\PES2009\brasileirao\PES2009_EDIT01.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

D:\Ultima Online Utilitarios\Client 300000000000000000000.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

D:\Ultima Online Utilitarios\EasyUO.exe detectado: Trojan-Downloader.Win32.VB!IK

D:\Ultima Online Utilitarios\Kit Dimension.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

D:\Ultima Online Utilitarios\kit_dgshard.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

D:\Ultima Online Utilitarios\Macros.rar/éüîç-åøå detectado: Backdoor.Win32.Gaertob!IK

 

Analisado

 

Arquivos: 192477

Objetos: 619200

Cookies: 147

Processos: 50

 

Encontrado

 

Arquivos: 173

Objetos: 8

Cookies: 1

Processos: 1

Chaves do registro: 0

 

Fim da análise: 28/6/2009 15:46:05

Duração da análise: 1:51:29

 

D:\Ultima Online Utilitarios\EasyUO.exe Em quarentena Trojan-Downloader.Win32.VB!IK

D:\BACKUP\AGE OF EMPIRES\Age Of Empires II\mythxpak.exe Em quarentena Virus.Win32.Sality!IK

C:\WINDOWS\system32\ddd\ODCB.INI Em quarentena Trojan.Ircflood!IK

C:\WINDOWS\system32\ddd\ionfgs.hlp Em quarentena Backdoor.IRC.Cloner!IK

C:\WINDOWS\system32\ddd\imds.hlp Em quarentena Backdoor.IRC.Zapchast!IK

C:\WINDOWS\system32\ddd\irsss.hlp Em quarentena Backdoor.IRC.Zapchast!IK

C:\WINDOWS\system32\ddd\Refix.ocx Em quarentena Backdoor.IRC.Zapchast!IK

C:\WINDOWS\system32\ddd\winregs.ocx Em quarentena Backdoor.IRC.Zapchast!IK

C:\WINDOWS\system32\ddd\Beclickz.dll Em quarentena IRC.Flood!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005920.exe Em quarentena Trojan.Win32.Ransom!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP40\A0005640.exe Em quarentena Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP41\A0005679.exe Em quarentena Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP42\A0005681.exe Em quarentena Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005684.exe Em quarentena Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005712.exe Em quarentena Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005716.exe Em quarentena Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005747.exe Em quarentena Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005749.exe Em quarentena Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005775.exe Em quarentena Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006556.exe Em quarentena Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006571.exe Em quarentena Riskware.Win32.DelfInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005046.exe Em quarentena Trojan.Win32.Zapchast!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005044.exe Em quarentena Riskware.Win32.Injector!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005507.exe Em quarentena Riskware.Win32.Injector!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005927.exe Em quarentena Riskware.Win32.Injector!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005928.exe Em quarentena Riskware.Win32.Injector!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006569.exe Em quarentena Riskware.Win32.Injector!IK

C:\WINDOWS\images003-jpg.zip/Fixdirs32.exe Em quarentena Riskware.Win32.Injector!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004635.exe Em quarentena Trojan.Win32.VB!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP33\A0004805.exe Em quarentena Trojan.Win32.VB!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004544.exe Em quarentena Trojan.Win32.Inject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004531.exe Em quarentena Trojan-Spy.Win32.Zbot!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004295.exe Em quarentena Virus.Win32.VB!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004296.exe Em quarentena Virus.Win32.VB!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004293.exe Em quarentena Trojan-Dropper.Agent!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004552.exe Em quarentena Trojan-Dropper.Agent!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005924.exe Em quarentena Trojan-Dropper.Agent!IK

C:\Nsum\F\Tud.exe Em quarentena Virus.Trojan.Win32.Agent!IK

C:\FILES\REMOVED\BEST.exe Em quarentena Virus.Trojan.Win32.Buzus!IK

C:\RECYCLER\S-1-5-21-1757981266-1035525444-725345543-500\Dc4.exe Em quarentena Virus.Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006508.exe Em quarentena Virus.Trojan.Win32.Buzus!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun107.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun113.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun127.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun131.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun149.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun50.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun53.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun56.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun59.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun62.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun64.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun67.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun71.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun75.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun78.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun82.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun86.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun91.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun95.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\All Users\Dados de aplicativos\Autorun Eater\Autorun Backup\autorun98.inf Em quarentena Trojan.AutorunINF!IK

C:\Documents and Settings\Administrador\Meus documentos\Sony Vegas Pro 8.0c Full\Keygen.exe Em quarentena Riskware.MultiKeygenPatch!IK

C:\Documents and Settings\Administrador\Meus documentos\Dmailer\Dmailer_for_Lexar_v7_0_334.exe Em quarentena Trojan.Agent!IK

C:\Documents and Settings\Administrador\Desktop\Downloads\uninstall.exe Em quarentena Trojan.Swizzor!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil18780D24.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil1F163BE4.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil387769F1.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil4B434729.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil66720590.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil87070564.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\fil8E7BB590.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filAA032040.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filAA6A1099.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filC040C464.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filC4863969.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filC55C4B79.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filCCE731D1.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filEA6E9B44.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filEFB63829.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft\AVG Antispyware 7.5\quarantine\filF20406C9.dat/unnamed Em quarentena Trojan.Zlob!IK

C:\DATA\FILES\BEAST.exe Em quarentena Riskware.Win32.VBInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004532.exe Em quarentena Riskware.Win32.VBInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005146.exe Em quarentena Riskware.Win32.VBInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005165.exe Em quarentena Riskware.Win32.VBInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005387.exe Em quarentena Riskware.Win32.VBInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005632.exe Em quarentena Riskware.Win32.VBInject!IK

C:\Backup\World of Warcraft\AptUpdate.exe Em quarentena Generic.PWS.WoW!IK

C:\Backup\World of Warcraft\howow.exe Em quarentena Generic.PWS.WoW!IK

C:\Arquivos de programas\Outlook Express\wab.exe Em quarentena Trojan-Spy.Zbot!IK

C:\Arquivos de programas\DreaMule\incoming\Crack.FLATOUT2.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

C:\Arquivos de programas\Electronic Arts\SPORE\Sporebin\SporeApp.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

C:\Arquivos de programas\Razor\Update.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Desktop\Desktop Files\Total Video Converter 3.11(serial+programa) PSP_downloads.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\Escola\Espanhol.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\Minhas imagens\MAV\Logomarcas Igreja\Arquivos digitais.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\Musicas\Eric Cross 2008 - The Art Of Composition (Hip Hop).rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\Musicas\Pregador_Luo-m_sica_de_guerra_-_1__miss_o_2008.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\My Received Files\ENBSeries ben-hur.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\NDS\0696 - Jump Ultimate Stars (U) - PATCH.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\UO Role Play\builds12.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

C:\Documents and Settings\Administrador\Meus documentos\UO Role Play\patch11.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005041.exe Em quarentena Backdoor.Win32.Gaertob!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005505.exe Em quarentena Backdoor.Win32.Gaertob!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005925.exe Em quarentena Backdoor.Win32.Gaertob!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005926.exe Em quarentena Backdoor.Win32.Gaertob!IK

D:\BACKUP\Ben\WLM_9.0_Beta.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

D:\Crysis Warhead\#readme#\paul.original.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

D:\Emuladores\Mega\Tiny Toon Adventures - Acme All Stars (E)_emulabr.com.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

D:\Emuladores\N64\Roms\marioparty3.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

D:\Fotos\Backup Maquina\Backup Maquina.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

D:\PES2009\brasileirao\PES2009_EDIT01.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

D:\Ultima Online Utilitarios\Client 300000000000000000000.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

D:\Ultima Online Utilitarios\Kit Dimension.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

D:\Ultima Online Utilitarios\kit_dgshard.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

D:\Ultima Online Utilitarios\Macros.rar/éüîç-åøå Em quarentena Backdoor.Win32.Gaertob!IK

C:\5_5\5\OG.exe Em quarentena Trojan.Win32.Buzus!IK

C:\C\Settings\cl.exe Em quarentena Trojan.Win32.Buzus!IK

C:\Documents and Settings\Administrador\Configurações locais\Temp\CLK.exe Em quarentena Trojan.Win32.Buzus!IK

C:\MEMORY\S-v-6-2009\PeAcE.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP29\A0004276.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP32\A0004765.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP32\A0004767.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP32\A0004768.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP33\A0004804.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP33\A0004821.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0004963.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0004982.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0004998.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005002.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005026.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005053.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005066.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005091.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005102.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005103.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005121.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005122.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005147.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005167.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP34\A0005168.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005384.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005385.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005417.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005524.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005526.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005629.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP39\A0005631.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP41\A0005677.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP41\A0005680.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005713.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005717.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005745.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005748.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005772.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005948.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005992.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006549.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006554.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006557.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006561.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006566.exe Em quarentena Trojan.Win32.Buzus!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006592.exe Em quarentena Trojan.Win32.Buzus!IK

C:\Documents and Settings\Administrador\Cookies\administrador@atdmt[2].txt Em quarentena Trace.TrackingCookie.atdmt!A2

Key: HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-500\software\kazaa Em quarentena Trace.Registry.KaZaA!A2

c:\arquivos de programas\bittorrent\bittorrent.exe Em quarentena Trace.File.Bittorrent 5.0!A2

c:\documents and settings\all users\menu iniciar\programas\bittorrent\bittorrent.lnk Em quarentena Trace.File.Bittorrent 5.0!A2

c:\documents and settings\administrador\desktop\bittorrent.lnk Em quarentena Trace.File.Bittorrent 5.0!A2

Value: HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser --> ITBarLayout Em quarentena Trace.Registry.SweetIM Toolbar for Internet Explorer 3.3!A2

Value: HKEY_USERS\S-1-5-21-1757981266-1035525444-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Bittorrent --> Order Em quarentena Trace.Registry.Bittorrent 5.0!A2

c:\arquivos de programas\bittorrent Em quarentena Trace.Directory.Bittorrent 5.0!A2

c:\documents and settings\all users\menu iniciar\programas\bittorrent Em quarentena Trace.Directory.Bittorrent 5.0!A2

[296] C:\WINDOWS\dllmgr.exe Em quarentena Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005379.exe Em quarentena Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005380.exe Em quarentena Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005390.exe Em quarentena Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005391.exe Em quarentena Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP38\A0005392.exe Em quarentena Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP43\A0005721.exe Em quarentena Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006551.exe Em quarentena Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006558.exe Em quarentena Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006559.exe Em quarentena Virus.Win32.CeeInject!IK

C:\System Volume Information\_restore{0C162325-8188-4AE7-8296-B75498D6106E}\RP44\A0006568.exe Em quarentena Virus.Win32.CeeInject!IK

C:\WINDOWS\dllmgr.exe Em quarentena Virus.Win32.CeeInject!IK

C:\Nsum\F\Tud.exe Em quarentena Virus.Trojan.Win32.Agent!IK

C:\Nsum\F\Tud.exe Em quarentena Virus.Trojan.Win32.Agent!IK

C:\Nsum\F\Tud.exe Em quarentena Virus.Trojan.Win32.Agent!IK

 

Em quarentena

 

Arquivos: 176

Objetos: 8

Cookies: 1

 

C:\Nsum\F\Tud.exe Excluído Virus.Trojan.Win32.Agent!IK

C:\Documents and Settings\Administrador\Cookies\administrador@atdmt[2].txt Excluído Trace.TrackingCookie.atdmt!A2

C:\Nsum\F\Tud.exe Excluído Virus.Trojan.Win32.Agent!IK

C:\Nsum\F\Tud.exe Excluído Virus.Trojan.Win32.Agent!IK

 

Excluído

 

Arquivos: 3

Objetos: 0

Cookies: 1

 

 

 

 

Abraço.

[DigRam 144]

Boa Tarde! Ben-Hur

 

<@> A desinstalação do AVG8,sempre foi problemática!

<@> Baixe: < avgremover >

<@> Execute,portanto,essa ferramenta para a desinstalação.

<><><><><><><><><><>

<@> Baixe: < AVPTool > ( by Kaspersky Labs )

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é muito demorada. <-- Aguarde!

<@> Caso seja encontrada infecções,clique em "disinfect".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events".

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

<><><><><><><><><><>

<@> Baixe: < DDS > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.

<@> Estando desconectado,execute a ferramenta! --> Duplo clique em dds.scr.

<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--

<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.

<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--

<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.

<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.

<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!

 

Abraços!

[Ben-Hur 0]

Obs1: após a remoçao do AVG e a instalaçao do Avast, o Avast encontou varios virus.

 

Obs2: após a remoçao dos virus pelo avast o ploblema com o Explorer.exe nao persistiu.

 

Obs3:Com relação as "travadinhas" que eu havia dito, li que poderia ser o HD que pudesse estar danificado. Existe algum meio de comprovar isso?

 

 

Segue os Logs Kaspersky, DDS e Attach:

 

 

Scan

----

Scanned: 1386

Detected: 3

Untreated: 0

Start time: 30/6/2009 13:48:44

Duration: 00:02:32

Finish time: 30/6/2009 13:51:16

 

 

Detected

--------

Status Object

------ ------

deleted: Trojan program Trojan.Win32.Agent.cnbc File: c:\thun\f\thund.exe

deleted: Trojan program Trojan.Win32.Buzus.bhok File: c:\5_5\5\og.exe

deleted: Trojan program Trojan.Win32.Buzus.bizq File: c:\c\settings\cl.exe

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

30/6/2009 13:49:49 File: c:\thun\f\thund.exe detected Trojan program 'Trojan.Win32.Agent.cnbc'

30/6/2009 13:49:50 File: c:\thun\f\thund.exe not disinfected postponed

30/6/2009 13:49:50 File: c:\5_5\5\og.exe detected Tro

563

j

563

an program 'Trojan.Win32.Buzus.bhok'

30/6/2009 13:49:50 File: c:\5_5\5\og.exe not disinfected postponed

30/6/2009 13:49:50 File: c:\c\settings\cl.exe detected Trojan program 'Trojan.Win32.Buzus.bizq'

30/6/2009 13:49:50 File: c:\c\settings\cl.exe not disinfected postponed

30/6/2009 13:50:37 File: c:\thun\f\thund.exe detected Trojan program 'Trojan.Win32.Agent.cnbc'

30/6/2009 13:51:12 Startup object: HKLM\Software\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-01WE-AAX5-314CCA314112}\{67KLN5J0-4OPM-01WE-AAX5-314CCA314112} deleted

30/6/2009 13:51:13 File: c:\thun\f\thund.exe deleted

30/6/2009 13:51:13 File: c:\5_5\5\og.exe detected Trojan program 'Trojan.Win32.Buzus.bhok'

30/6/2009 13:51:14 Startup object: HKLM\Software\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-01WE-AAX5-314CCA324372}\{67KLN5J0-4OPM-01WE-AAX5-314CCA324372} deleted

30/6/2009 13:51:15 File: c:\5_5\5\og.exe deleted

30/6/2009 13:51:15 File: c:\c\settings\cl.exe detected Trojan program 'Trojan.Win32.Buzus.bizq'

30/6/2009 13:51:16 Startup object: HKLM\Software\Microsoft\Active Setup\Installed Components\{67XOR2B0-3G

2b1b

MC-89V

564

V-JIJ1-32KL2R3233771}\{67XOR2B0-3GMC-89VV-JIJ1-32KL2R3233771} deleted

30/6/2009 13:51:16 File: c:\c\settings\cl.exe deleted

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

All objects 1386 3 3 0 0 2 128 0 0

System memory 701 0 0 0 0 1 0 0 0

Startup objects 682 3 3 0 0 1 128 0 0

Disk boot sectors 3 0 0 0 0 0 0 0 0

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

------------------------------------------------------------

 

 

DDS (Ver_09-06-26.01) - NTFSx86

Run by Administrador at 14:25:58,95 on ter 30/06/

563

2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1534 [GMT -3:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe

C:\Arquivos de programas\Canon\MultiPASS\mpservic.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Glass2k\Glass2k.exe

C:\Arquivos de programas\VistaDriveIcon\DrvIcon.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\syst

563

em32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Blaero Start Orb\Blaero Start Orb 2.0.exe

C:\Documents and Settings\Administrador\Desktop\Downloads\thoosje-sidebar-3.0-installer.exe

C:\Arquivos de programas\Thoosje Vista Sidebar\Thoosje Sidebar.exe

C:\Documents and Settings\Administrador\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = about:blank

mWindow Title =

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\arquivos de programas\orbitdownloader\orbitcth.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\a

564

rquivos de programas\windows live\family safety\fssbho.dll

BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\arquivos de programas\windows live\messenger\wlchtc.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\arquivos de programas\styler\tb\StylerTB.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows

563

live\toolbar\wltcore.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\arquivos de programas\orbitdownloader\GrabPro.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [VisualTaskTips] "c:\arquivos de programas\visualtasktips\VisualTaskTips.exe" noTrayIcon

uRun: [bitTorrent DNA] "c:\arquivos de programas\dna\btdna.exe"

uRun: [sUPERAntiSpyware] c:\arquivos de programas\superantispyware\SUPERAntiSpyware.exe

uRun: [DAEMON Tools Lite] "c:\arquivos de programas\daemon tools lite\daemon.exe" -autorun

uRun: [uIWatcher] c:\arquivos de programas\ashampoo\ashampoo uninstaller 4\UIWatcher.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Glass2k] c:\arquivos de programas\glass2k\Glass2k.exe

mRun: [DrvIcon] c:\arquivos de programas\vistadriveicon\DrvIcon.exe

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbar

564

Init

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [PWRISOVM.EXE] c:\arquivos de programas\poweriso\PWRISOVM.EXE

mRun: [Windows Dll Management Service] dllmgr.exe

mRun: [Windows Driver] UDSERV.EXE

mRun: [Autorun Eater] c:\arquivos de programas\autorun eater\oldmcdonald.exe

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\blaero~1.lnk - c:\arquivos de programas\blaero start orb\Blaero Start Orb 2.0.exe

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\thoosj~1.lnk - c:\arquivos de programas\thoosje sidebar v2.3\Thoosje Vista Sidebar.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\orbit.lnk - c:\arquivos de programas\orbitdownloader\orbitdm.exe

uPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

dPolicies-explorer: NoResolveTrack = 1 (0x1)

dPolicies-explorer: NoD

563

evMgrUpdate = 0 (0x0)

IE: &Download by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~1\office11\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~1\office11\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://

563

java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

TCP: {A8CB1820-2298-4676-9080-87A69D6656C2} = 172.161.169.245,200.165.132.147

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\arquivos de programas\superantispyware\SASWINLO.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\arquivos de programas\superantispyware\SASSEH.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\2uxhzj0s.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\all users\dados de aplicativos\nexonus\ngm\npNxGameUS.dll

FF - HiddenExtens

564

ion: Java Console: No Registry Reference - c:&

564

#092;arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

 

============= SERVICES / DRIVERS ===============

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-8 130936]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-29 114768]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\superantispyware\SASDIFSV.SYS [2009-2-17 9968]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\superantispyware\SASKUTIL.SYS [2009-2-17 55024]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared free\a2service.exe [2009-6-28 718880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-29 20560]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast4\ashServ.exe [2009-6-29 138680]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-9 55136]

R2 fsssvc;Windows Live Proteção para a Família;c:\arquivos de program

563

as\windows live\family safety\fsssvc.exe

563

[2009-2-6 533360]

R2 SeaPort;SeaPort;c:\arquivos de programas\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]

R3 SASENUM;SASENUM;c:\arquivos de programas\superantispyware\SASENUM.SYS [2009-2-17 7408]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast4\ashMaiSv.exe [2009-6-29 254040]

S3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast4\ashWebSv.exe [2009-6-29 352920]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\admini~1\config~1\temp\cprf.tmp --> c:\docume~1\admini~1\config~1\temp\CPRF.tmp [?]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\spyware doctor\pctsAuxs.exe [2009-4-8 348752]

S3 sdCoreService;PC Tools Security Service;c:\arquivos de programas\spyware doctor\pctsSvc.exe [2009-4-8 1095560]

S3 XDva186;XDva186;\??\c:\windows\system32\xdva186.sys --> c:\windows\system32\XDva186.sys [?]

S3 XDva223;XDva223;\??\c:\windows\system32\xdva223.sys --> c:\windows\system32\XDva223.sys [?]

 

=============== Created

564

Last 30 ================

 

2009-06-30 14:14 <DIR> --d-

564

---- c:\arquivos de programas\Thoosje Vista Sidebar

2009-06-30 13:40 819,232 a--sh--- c:\windows\system32\drivers\fidbox.dat

2009-06-30 13:40 11,720 a--sh--- c:\windows\system32\drivers\fidbox.idx

2009-06-30 12:38 42,633,504 a------- c:\arquivos de programas\setup_7.0.0.290_30.06.2009_17-01.exe

2009-06-29 16:31 1,060,864 a------- c:\windows\system32\MFC71.dll

2009-06-28 13:46 71,168 a------- c:\documents and settings\administrador\update.exe

2009-06-28 13:46 47,149 a------- c:\documents and settings\administrador\VDysx5.exe

2009-06-28 12:25 <DIR> --d----- c:\arquivos de programas\a-squared Free

2009-06-28 12:13 <DIR> --d----- C:\Hijack

2009-06-28 11:53 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Autorun Eater

2009-06-28 11:53 <DIR> --d----- c:\arquivos de programas\Autorun Eater

2009-06-28 11:52 53,540,608 a------- c:\arquivos de programas\a2FreeSetup.exe

2009-06-28 11:47 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Ashampoo

2009-06-28 11:47 39,776 a------- c:\windows\system32\DfSdkBt64.exe

2009-06-28 11:47 33,632 a------- c:\windows\system32\DfSdkBt.exe

200

563

9-06-28 11:47 <DIR> --d----- c:\arquivos de programas&

563

#092;Ashampoo

2009-06-27 09:51 17,597 a------- c:\windows\MPTBox.INI

2009-06-25 21:45 33,951 a------- c:\windows\system32\log.dll

2009-06-25 21:45 <DIR> --d----- c:\windows\system32\kazaabackupfiles

2009-06-25 21:37 <DIR> --d----- c:\windows\mpass XP patch

2009-06-25 21:28 <DIR> --d----- c:\windows\NTBJRSTR

2009-06-25 21:27 <DIR> --d----- c:\arquivos de programas\Canon

2009-06-25 20:55 <DIR> --d----- c:\temp\C530

2009-06-25 20:55 <DIR> --d----- C:\Temp

2009-06-25 13:20 <DIR> --d----- c:\windows\system32\wbem\Repository

2009-06-25 13:20 <DIR> --dshr-- C:\C

2009-06-25 12:38 8,976 a----r-- c:\windows\system32\MPRSTR.DRV

2009-06-25 12:38 60 a----r-- c:\windows\system32\CANONBJ.HLP

2009-06-23 16:29 <DIR> --dshr-- C:\Nsum

2009-06-23 13:12 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Malwarebytes

2009-06-23 13:10 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-23 13:10 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-06-23 13:10 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Ma

563

lwarebytes

2009-06-23 13:10 <DIR> --d----- c:\arquivos de progr

563

amas\Malwarebytes' Anti-Malware

2009-06-22 18:28 <DIR> --d----- c:\windows\system32\ddd

2009-06-21 13:24 <DIR> --d----- c:\arquivos de programas\ESET

2009-06-21 08:18 <DIR> --dshr-- C:\Thun

2009-06-21 08:17 <DIR> --dshr-- C:\5_5

2009-06-20 17:41 <DIR> --dshr-- C:\FILES

2009-06-20 17:00 401,920 a------- c:\windows\system32\CF9623.exe

2009-06-20 16:59 401,920 a------- c:\windows\system32\cmd.execf

2009-06-20 16:16 <DIR> --dshr-- C:\DATA

2009-06-20 14:40 <DIR> --dshr-- C:\MEMORY

2009-06-20 13:42 577,536 a------- c:\windows\system32\dllcache\user32.dll

2009-06-20 13:41 <DIR> --d----- c:\windows\ERUNT

2009-06-20 13:41 <DIR> --d----- C:\Backups

2009-06-19 22:30 161,792 a------- c:\windows\SWREG.exe

2009-06-19 22:30 155,136 a------- c:\windows\PEV.exe

2009-06-19 22:30 98,816 a------- c:\windows\sed.exe

 

==================== Find3M ====================

 

2009-05-18 20:27 130,936 a------- c:\windows\system32\drivers\PCTCore.sys

2009-05-15 20:55 34 a------- c:\documents and settings\administrador\jagex_runescape_preferences.dat

2009-04-23 13:26 410,98

564

4 a------- c:\windows\system32\deploytk.dll

2009-04-05 12:38 449

564

,496 a------- c:\windows\system32\perfh016.dat

2009-04-05 12:38 77,658 a------- c:\windows\system32\perfc016.dat

 

============= FINISH: 14:26:22,92 ===============

 

 

---------------------------------------------------------------------------------------------------

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-06-26.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 30/7/2008 09:14:08

System Uptime: 30/6/2009 13:57:23 (1 hours ago)

 

Motherboard: Gigabyte Technology Co., Ltd. | | G31M-S2L

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 1584/266mhz

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 1584/266mhz

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 1584/266mhz

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 1584/266mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 146 GiB total, 46,17 GiB free.

D: is FIXED (NTFS) - 86 GiB total, 24,202 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Descript

563

ion: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC

Device ID: PCI&

563

#092;VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&3A0400F3&0&00E1

Manufacturer: Realtek Semiconductor Corp.

Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&3A0400F3&0&00E1

Service: RTLE8023xp

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Hamachi Network Interface

Device ID: ROOT\NET\0000

Manufacturer: LogMeIn, Inc.

Name: Hamachi Network Interface

PNP Device ID: ROOT\NET\0000

Service: hamachi

 

==== System Restore Points ===================

 

RP27: 18/6/2009 15:04:35 - Spyware Doctor: Cleaning Threats

RP28: 18/6/2009 15:19:55 - Spyware Doctor: Cleaning Threats

RP29: 19/6/2009 22:28:03 - Ponto de verificação do sistema

RP30: 21/6/2009 14:12:46 - Ponto de verificação do sistema

RP31: 21/6/2009 14:34:37 - Removed Ultima Online: Mondain's Legacy

RP32: 21/6/2009 14:36:27 - Installed Ultima Online: Mondain's Legacy

RP33: 22/6/2009 15:41:51 - Ponto de verificação do sistema

RP34: 23/6/2009 17:45:50 - Ponto de verificação do sistema

RP35: 25/6/2009 10:58:11 - Ponto de verificação do sistema

RP36: 25/6/2009 12:38:00 - Driver de impressora não assinado Canon MultiPASS C5 instalado.

RP37: 25/6/2009 12:40:44 - Driver

564

de impressora não assinado Canon MultiPASS C5 instalado.

RP38: 25/6/2009 12:5

564

5:36 - Operação de restauração

RP39: 25/6/2009 13:20:11 - Operação de restauração

RP40: 25/6/2009 21:28:50 - Driver de impressão Canon MultiPASS C530 Fax instalado

RP41: 25/6/2009 21:28:56 - Driver de impressão Canon MultiPASS C530 Printer instalado

RP42: 25/6/2009 21:35:35 - Driver de impressora não assinado Canon MultiPASS C5 instalado.

RP43: 25/6/2009 21:37:23 - Driver de impressora não assinado Canon MultiPASS C5 instalado.

RP44: 27/6/2009 09:53:54 - Removed FlatOut2

RP45: 28/6/2009 12:53:39 - Ponto de verificação do sistema

RP46: 29/6/2009 16:17:29 - Removed AVG Free 8.5

RP47: 29/6/2009 16:18:30 - Removed AVG Free 8.5

RP48: 29/6/2009 16:34:21 - Installed AVG Free 8.0

 

==== Installed Programs ======================

 

a-squared Free 4.5

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Arquivo do WinRAR

Ashampoo UnInstaller 4.00

Assassin's Creed

Assistente de Conexão do Windows Live

Atualização para Windows XP (KB898461)

Autorun Eater v2.4

avast! Antivirus

BitTorrent

CCleaner (remove only)

Choice Guard

Counter-Strike

Crysis WARHEAD®

Defraggler (remove only)

DNA

DVD2one V2.3.0

ESET Online Scanner v3

Ferramenta de Carregamento do Windows Live

foobar2000 v0.9.5.4

Foxit Reader

Free WMA to MP3 Converter 1.16

Garena

Gears of War

GTA San Andreas

Guitar Hero III

Ham

563

achi 1.0.3.0

High Definition Audio Driver Package - KB888111

Hotfix for Window

563

s XP (KB926239)

ImageMixer 3

Java 6 Update 13

Junk Mail filter update

K-Lite Codec Pack 3.8.5 Full

LimeWire 5.0.11

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office Live Add-in 1.3

Microsoft Office Professional Edition 2003

Microsoft Search Enhancement Pack

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.0.11)

MSVCRT

Need for Speed Underground 2

Nero Suite

NotePad++ 3.6

NVIDIA Drivers

NVIDIA PhysX v8.09.04

Orbit Downloader

Photo Viewer 2.3

Picture Package Music Transfer

PowerISO

Ragnarok Online

RealPlayer

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Segoe UI

Skype™ 3.8

Sony Media Manager 2.2

Sony Picture Utility

Sony Vegas 7.0

SopCast 3.0.3

SPORE™

Spyware Doctor 6.0

Steam

SUPERAntiSpyware Free Edition

System Requirements Lab

Thoosje Vista Sidebar

Ultima Onlin

4e2

e: Mondain's Legacy

VDownloader 0.82

VistaMizer 2.5.2.0

Visual Task Tips 3.3

Warcraft III:

47e

All Products

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live Proteção para a Família

Windows Live Sync

Windows Live Toolbar

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows Movie Maker 2.0

World of Warcraft

Xbox 360 Controller for Windows

 

==== Event Viewer Messages From Past Week ========

 

28/6/2009 17:32:37, Informações: Windows File Protection [64005] - O sistema de arquivos protegido wab.exe não pôde ser restaurado para sua versão válida original porque o processo de restauração 'Proteção de arquivos do Windows' foi cancelado pela interação do usuário; o nome de usuário é Administrador. A versão do arquivo incorreto é desconhecido.

25/6/2009 21:30:01, Informações: Windows File Protection [64005] - O sistema de arquivos protegido comcat.dll não pôde ser restaurado para sua versão válida original porque o processo de restauração 'Proteção de ar

621

 

61c

quivos do Windows' foi cancelado pela interação do usuário; o nome de usuário é Administrador. A versão do arquivo incorreto é 4.71.1441.1.

 

==== End Of File ===========================

 

 

Abraço!

[DigRam 144]

Bom Dia! Ben-Hur

 

Obs3:Com relação as "travadinhas" que eu havia dito, li que poderia ser o HD que pudesse estar danificado. Existe algum meio de comprovar isso?

<!> Somente retirando o HD,e levando-o a um Técnico.

<!> Ps: Avarias em um dos pentes de memória,também causam esses sintomas.

<><><><><><><><><><><>

<@> Baixe,novamente,o ComboFix.exe.

<@> Salve-o no desktop!

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

Folder::

c:\windows\system32\ddd

C:\C\settings

C:\thun\f

C:\5_5\5

C:\C

C:\Nsum

C:\Thun

C:\5_5

C:\FILES

C:\DATA

C:\MEMORY

File::

C:\docume~1\admini~1\config~1\temp\CPRF.tmp

C:\DOCUME~1\ADMINI~1\red.exe

C:\windows\dllmgr.exe

DDS::

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [bitTorrent DNA] "c:\arquivos de programas\dna\btdna.exe"

mRun: [Windows Dll Management Service] dllmgr.exe

mRun: [Windows Driver] UDSERV.EXE

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UDSERV.EXE]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Dll Management Service"=-

"Windows Driver"=-

Driver::

"GarenaPEngine"

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!