Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Yukko~

[Resolvido!] Computador lesado + Processos suspeitos

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Yukko~    0

Yukko~
Postado

Ei. Olé mais uma vez.

 

O problema dessa vez é o seguinte: a lentidão.

 

Simplesmente, a velocidade caiu hmm.. pela metade quase. E assim, ao abrir o gerenciador de tarefas, percebi a presença de alguns processos que antes não haviam lá. Culpo a lentidão talvez pelo excesso de programas pesados, mas não sei, prefiro confirmar aqui.

 

HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:41:22, on 9/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.exe

D:\WINDOWS\system32\csrcs.exe

D:\ARQUIV~1\AVG\AVG8\avgtray.exe

D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

D:\WINDOWS\RTHDCPL.EXE

D:\WINDOWS\system32\ctfmon.exe

D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

D:\WINDOWS\system32\HPZipm12.exe

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\WINDOWS\system32\svchost.exe

D:\ARQUIV~1\AVG\AVG8\avgrsx.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

D:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

D:\Arquivos de programas\AVG\AVG8\avgscanx.exe

D:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Documents and Settings\Gabriela\Desktop\Programas AM\HiJackThis.exe

D:\WINDOWS\system32\cmd.exe

D:\WINDOWS\system32\net.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - D:\ARQUIV~1\Neopets\Toolbar\Toolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - D:\ARQUIV~1\Neopets\Toolbar\Toolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [startCCC] "D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] D:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [csrcs] D:\WINDOWS\system32\csrcs.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar com o FDM - file://D:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://D:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7037 bytes

 

 

 

 

Agradeço desde já, queridos :*

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

1ª Etapa

 

- Faça o download do SDFix e salve no desktop;

 

● Dê um duplo clique no SDFix.exe e a ferramenta será instalada em D:\SDFix. Mas não o execute ainda;

● Reinicie seu computador seu computador em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro);

● Entre na pasta do SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat;

● Tecle Y para que a ferramenta inicie o processo de remoção;

● Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Faça isso. Seu computador será reiniciado automaticamente;

● Após reiniciar, a ferramenta ainda será executada novamente, irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla novamente;

● Uma janela com o relatório do SDFix irá aparecer;

● O log abrirá automaticamente para você. Estará salvo na pasta do SDFix com o nome Report.txt;

 

Faça um novo log do HijackThis e cole na sua próxima resposta, juntamente com o log do SDFix.

 

 

2ª Etapa

 

- Faça o download do ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em D:\ComboFix.txt.

 

Em sua próxima resposta, cole os logs do SDFix e ComboFix, por favor.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Yukko~    0

Yukko~
Postado

Aqui estãos os logs:

 

SDFix

 

SDFix: Version 1.240

Run by Gabriela on --- 10/07/2009 at 18:54

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: D:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

D:\WINDOWS\system32\csrcs.exe - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-10 18:59:28

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gfktlge]

"DisplayName"="Image Config"

"Type"=dword:00000020

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"

"ObjectName"="LocalSystem"

"Description"="Fornece configuração automática para os adaptadores 802.11"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gfktlge\Parameters]

"ServiceDll"=str(2):"D:\WINDOWS\system32\zaajaomz.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="D:\Arquivos de programas\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:be,46,0f,2f,2b,cc,fb,ab,5b,66,a1,d8,00,2c,c3,42,9f,f9,57,db,13,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,2f,4c,80,2c,95,15,24,2d,0b,0e,c0,8a,d1,5c,12,0a,b1,..

"khjeh"=hex:69,aa,84,f8,6d,7b,dc,46,0d,e4,40,38,fd,cd,a2,92,58,a2,0f,48,cc,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:8b,28,8d,fd,a6,5e,08,c9,91,08,c7,ab,7d,b6,67,70,35,99,87,f7,b7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gfktlge]

"DisplayName"="Image Config"

"Type"=dword:00000020

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"

"ObjectName"="LocalSystem"

"Description"="Fornece configuração automática para os adaptadores 802.11"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gfktlge\Parameters]

"ServiceDll"=str(2):"D:\WINDOWS\system32\zaajaomz.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="D:\Arquivos de programas\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:be,46,0f,2f,2b,cc,fb,ab,5b,66,a1,d8,00,2c,c3,42,9f,f9,57,db,13,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,2f,4c,80,2c,95,15,24,2d,0b,0e,c0,8a,d1,5c,12,0a,b1,..

"khjeh"=hex:69,aa,84,f8,6d,7b,dc,46,0d,e4,40,38,fd,cd,a2,92,58,a2,0f,48,cc,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:8b,28,8d,fd,a6,5e,08,c9,91,08,c7,ab,7d,b6,67,70,35,99,87,f7,b7,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\\Arquivos de programas\\Messenger\\msmsgs.exe"="D:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"D:\\Arquivos de programas\\DreMule\\emule.exe"="D:\\Arquivos de programas\\DreMule\\emule.exe:*:Enabled:Dreamule"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"D:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"="D:\\Arquivos de programas\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"D:\\Arquivos de programas\\Free Download Manager\\fdm.exe"="D:\\Arquivos de programas\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager"

"D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"D:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"D:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"D:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"D:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="D:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"D:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"="D:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

"D:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"="D:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"

"D:\\Arquivos de programas\\Electronic Arts\\MySims\\bin\\MySims.exe"="D:\\Arquivos de programas\\Electronic Arts\\MySims\\bin\\MySims.exe:*:Enabled:MySims"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"D:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"D:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="D:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

Remaining Files :

 

 

File Backups: - D:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Tue 3 Aug 2004 93,184 A.SH. --- "D:\Arquivos de programas\Internet Explorer\iexplore.exe"

Tue 3 Aug 2004 60,416 A.SH. --- "D:\Arquivos de programas\Outlook Express\msimn.exe"

Wed 22 Oct 2008 949,072 A.SHR --- "D:\Arquivos de programas\Spybot - Search & Destroy\advcheck.dll"

Mon 15 Sep 2008 1,562,960 A.SHR --- "D:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll"

Wed 22 Oct 2008 962,896 A.SHR --- "D:\Arquivos de programas\Spybot - Search & Destroy\Tools.dll"

Tue 14 Oct 2008 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Sat 28 Feb 2009 208,480 A..H. --- "D:\Documents and Settings\Gabriela\Desktop\Free Download Manager\cake-mania-2_s1_l1_gF2152T1L1_d451886931.exe"

Sun 1 Mar 2009 208,480 A..H. --- "D:\Documents and Settings\Gabriela\Desktop\Free Download Manager\cake-mania-3_s1_l1_gF2662T1L1_d453365262.exe"

Thu 18 Dec 2008 20,403,816 A..H. --- "D:\Documents and Settings\Gabriela\Desktop\Free Download Manager\FSS_PH60.exe"

Fri 30 Jan 2009 17,904,352 A..H. --- "D:\Documents and Settings\Gabriela\Desktop\Free Download Manager\InstallBellesBeautyBoutique.exe"

Tue 9 Dec 2008 15,689,006 A..H. --- "D:\Documents and Settings\Gabriela\Desktop\Free Download Manager\klcodec434f.exe"

Tue 10 Jun 2008 1,179,648 A.SH. --- "D:\Documents and Settings\Gabriela\Meus documentos\101MSDCF\SIV2EA.tmp"

Tue 10 Jun 2008 1,560,576 A.SH. --- "D:\Documents and Settings\Gabriela\Meus documentos\101MSDCF\SIV2EB.tmp"

Tue 10 Jun 2008 1,179,648 A.SH. --- "D:\Documents and Settings\Gabriela\Meus documentos\DCIM\101MSDCF\SIV2EA.tmp"

Tue 10 Jun 2008 1,560,576 A.SH. --- "D:\Documents and Settings\Gabriela\Meus documentos\DCIM\101MSDCF\SIV2EB.tmp"

 

Finished!

 

 

HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:04:11, on 10/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

D:\WINDOWS\system32\HPZipm12.exe

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\ARQUIV~1\AVG\AVG8\avgrsx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\wscntfy.exe

D:\ARQUIV~1\AVG\AVG8\avgtray.exe

D:\WINDOWS\RTHDCPL.EXE

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\Documents and Settings\Gabriela\Desktop\Programas AM\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - D:\ARQUIV~1\Neopets\Toolbar\Toolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - D:\ARQUIV~1\Neopets\Toolbar\Toolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [startCCC] "D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] D:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar com o FDM - file://D:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://D:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6491 bytes

 

ComboFix

 

ComboFix 09-07-09.08 - Gabriela 10/07/2009 19:12.3.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2047.1550 [GMT -3:00]

Executando de: d:\documents and settings\Gabriela\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\145c410.msi

c:\windows\Installer\16b82.msi

c:\windows\Installer\1ede7.msi

c:\windows\Installer\20f26e.msi

c:\windows\Installer\20f274.msi

c:\windows\Installer\20f27b.msi

c:\windows\Installer\20f281.msi

c:\windows\Installer\20f287.msi

c:\windows\Installer\20f290.msi

c:\windows\Installer\20f296.msi

c:\windows\Installer\20f2a0.msi

c:\windows\Installer\20f2a3.msi

c:\windows\Installer\20f2a9.msi

c:\windows\Installer\20f2b0.msi

c:\windows\Installer\20f2b7.msi

c:\windows\Installer\20f2be.msi

c:\windows\Installer\20f2c4.msi

c:\windows\Installer\20f2d2.msi

c:\windows\Installer\20f2d9.msi

c:\windows\Installer\20f2e0.msi

c:\windows\Installer\20f2e7.msi

c:\windows\Installer\20f2ed.msi

c:\windows\Installer\20f2f3.msi

c:\windows\Installer\20f2fd.msi

c:\windows\Installer\20f303.msi

c:\windows\Installer\20f309.msi

c:\windows\Installer\20f30f.msi

c:\windows\Installer\20f319.msi

c:\windows\Installer\20f31f.msi

c:\windows\Installer\20f329.msi

c:\windows\Installer\20f330.msi

c:\windows\Installer\238e9.msi

c:\windows\Installer\251ee3.msi

c:\windows\Installer\27f5c.msi

c:\windows\Installer\27f70a.msi

c:\windows\Installer\2809c.msi

c:\windows\Installer\3bd43d.msi

c:\windows\Installer\3bd443.msi

c:\windows\Installer\3bd449.msi

c:\windows\Installer\3bd44f.msi

c:\windows\Installer\3bd455.msi

c:\windows\Installer\3bd45b.msi

c:\windows\Installer\3bd461.msi

c:\windows\Installer\3bd467.msi

c:\windows\Installer\3bd46d.msi

c:\windows\Installer\3bd473.msi

c:\windows\Installer\3bd479.msi

c:\windows\Installer\469563.msi

c:\windows\Installer\4e9ce5.msi

c:\windows\Installer\4f0a7b.msi

c:\windows\Installer\c5b8b.msi

c:\windows\Installer\c808.msi

c:\windows\Installer\c80f.msi

c:\windows\Installer\c815.msi

c:\windows\Installer\d6b17.msi

c:\windows\Installer\e4d2f2.msi

d:\documents and settings\Gabriela\Meus documentos\101MSDCF\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\DCIM\101MSDCF\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\DCIM\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Downloads\Bigfish Games - Fashion Solitaire + Adnan_Boy 2008!!!\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Downloads\Bigfish Games - Fashion Solitaire + Adnan_Boy 2008!!!\Pics\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Downloads\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Downloads\Dinner Dash 1 & 2 Game Pack (DIRECT PLAY) [blaze69]\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Downloads\Dinner Dash 1 & 2 Game Pack (DIRECT PLAY) [blaze69]\Game Pack\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Downloads\LEGO.Batman-ViTALiTY\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Downloads\The Sims 1 + All Extensions\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\Inbox\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\Outbox\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData1\Buildings\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData1\CharacterDefs\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData1\ConstructedObjectDefs\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData1\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData1\LocationInteriorDefs\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\Buildings\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\CharacterDefs\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\ConstructedObjectDefs\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\LocationInteriorDefs\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\LocationInteriorDefs\Online\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\Online\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Custom Music\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Downloads\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Exports\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\InstalledWorlds\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Library\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Recorded Videos\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Saves\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Screenshots\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Thumbnails\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\LDW\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\LDW\Virtual Families\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\LDW\Virtual Villagers - The Lost Children\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\LDW\Virtual Villagers - The Secret City\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Meus arquivos recebidos\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Meus vídeos\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Meus vídeos\Skins\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Minhas imagens\17-6-2009\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Minhas imagens\23-6-2009\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Minhas imagens\4-6-2009\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Minhas imagens\5-6-2009\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Minhas imagens\Cristiane\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Minhas imagens\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Minhas músicas\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\My Google Gadgets\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Picture Motion Browser\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Shockwave\Desktop_.ini

d:\documents and settings\Gabriela\Meus documentos\Shockwave\Virtual Villagers - The Lost Children\Desktop_.ini

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-10 to 2009-07-10 ))))))))))))))))))))))))))))

.

 

2009-07-10 21:47 . 2009-07-10 22:01 -------- d-----w- D:\SDFix

2009-06-27 17:07 . 2009-06-27 17:07 107888 ----a-w- d:\windows\system32\CmdLineExt.dll

2009-06-27 17:04 . 2009-06-27 17:04 -------- d-----w- d:\windows\Logs

2009-06-23 00:01 . 2009-06-23 00:06 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Electronic Arts

2009-06-23 00:01 . 2009-06-23 00:01 -------- d-----w- D:\ProgramData

2009-06-22 23:54 . 2009-06-22 23:54 10134 ----a-r- d:\documents and settings\Gabriela\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2009-06-22 23:54 . 2009-06-22 23:54 -------- d-----w- d:\arquivos de programas\Microsoft WSE

2009-06-22 23:46 . 2009-06-27 17:00 -------- d-----w- d:\arquivos de programas\Electronic Arts

2009-06-21 22:53 . 2009-06-24 19:55 -------- d-----w- d:\arquivos de programas\SpywareBlaster

2009-06-21 22:50 . 2009-06-21 22:52 -------- d-----w- d:\arquivos de programas\Marcos Velasco Security

2009-06-16 23:22 . 2009-06-16 23:22 -------- d-----w- d:\windows\ERUNT

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-10 15:45 . 2008-11-27 22:08 -------- d-----w- d:\documents and settings\Gabriela\Dados de aplicativos\Free Download Manager

2009-07-06 20:16 . 2008-10-13 19:34 -------- d---a-w- d:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-07-06 20:00 . 2008-10-06 19:20 -------- d-----w- d:\documents and settings\Gabriela\Dados de aplicativos\PlayFirst

2009-07-06 20:00 . 2008-10-06 19:20 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\PlayFirst

2009-07-06 19:54 . 2008-10-22 23:43 -------- d-----w- d:\arquivos de programas\Shockwave.com

2009-06-29 16:39 . 2009-06-03 17:57 11952 ----a-w- d:\windows\system32\avgrsstx.dll

2009-06-29 16:39 . 2009-06-03 17:02 327688 ----a-w- d:\windows\system32\drivers\avgldx86.sys

2009-06-29 16:39 . 2009-06-03 17:02 27784 ----a-w- d:\windows\system32\drivers\avgmfx86.sys

2009-06-27 17:00 . 2008-09-25 22:51 -------- d--h--w- d:\arquivos de programas\InstallShield Installation Information

2009-06-16 22:48 . 2001-10-28 18:07 68408 ----a-w- d:\windows\system32\perfc016.dat

2009-06-16 22:48 . 2001-10-28 18:07 428340 ----a-w- d:\windows\system32\perfh016.dat

2009-06-11 20:29 . 2008-10-06 19:20 -------- d-----w- d:\arquivos de programas\Zylom Games

2009-06-11 16:25 . 2008-11-02 19:13 -------- d-----w- d:\arquivos de programas\Alawar

2009-06-07 22:27 . 2008-10-26 17:49 -------- d-----w- d:\arquivos de programas\Realtek

2009-06-04 22:28 . 2009-06-06 22:35 205326 ----a-w- d:\windows\pchealth\helpctr\Config\Cache\Professional_32_1046.dat

2009-06-04 00:46 . 2009-06-04 00:46 -------- d-----w- d:\documents and settings\Gabriela\Dados de aplicativos\Malwarebytes

2009-06-04 00:46 . 2009-06-04 00:46 -------- d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware

2009-05-19 23:12 . 2008-10-14 21:54 -------- d-----w- d:\arquivos de programas\Windows Media Connect 2

2009-05-12 19:26 . 2009-05-12 19:23 -------- d-----w- d:\arquivos de programas\Microsoft

2009-05-12 19:26 . 2009-05-12 19:26 -------- d-----w- d:\arquivos de programas\Microsoft Office Outlook Connector

2009-05-12 19:26 . 2008-10-02 22:31 -------- d-----w- d:\arquivos de programas\Windows Live

2009-05-12 19:26 . 2009-05-12 19:26 -------- d-----w- d:\arquivos de programas\Microsoft Sync Framework

2009-05-12 19:25 . 2009-05-12 19:25 -------- d-----w- d:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-05-12 19:23 . 2009-05-12 19:23 -------- d-----w- d:\arquivos de programas\Windows Live SkyDrive

2009-05-12 18:48 . 2009-05-12 18:48 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Windows Live

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="d:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"AVG8_TRAY"="d:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]

"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-07-21 16261632]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-29 16:39 11952 ----a-w- d:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WM System Decode Application]

@="Service"

 

[HKLM\~\startupfolder\D:^Documents and Settings^Gabriela^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk]

backup=d:\windows\pss\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnkStartup

 

[HKLM\~\startupfolder\DreaMule.lnk]

path=DreaMule.lnk

backup=d:\windows\pss\DreaMule.lnkCommon Startup

 

[HKLM\~\startupfolder\Fashion Solitaire.lnk]

path=Fashion Solitaire.lnk

backup=d:\windows\pss\Fashion Solitaire.lnkCommon Startup

 

[HKLM\~\startupfolder\Free Download Manager.lnk]

path=Free Download Manager.lnk

backup=d:\windows\pss\Free Download Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\Incoming.lnk]

path=Incoming.lnk

backup=d:\windows\pss\Incoming.lnkCommon Startup

 

[HKLM\~\startupfolder\Internet Explorer.lnk]

path=Internet Explorer.lnk

backup=d:\windows\pss\Internet Explorer.lnkCommon Startup

 

[HKLM\~\startupfolder\Meus documentos.lnk]

path=Meus documentos.lnk

backup=d:\windows\pss\Meus documentos.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"d:\\Arquivos de programas\\DreMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"d:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"d:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"d:\\Arquivos de programas\\Electronic Arts\\MySims\\bin\\MySims.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [3/6/2009 14:02 327688]

R2 avg8wd;AVG Free8 WatchDog;d:\arquiv~1\AVG\AVG8\avgwdsvc.exe [3/6/2009 14:02 298776]

S2 gfktlge;Image Config;d:\windows\system32\svchost.exe -k netsvcs [3/8/2004 23:45 14336]

S3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [3/6/2009 21:46 40160]

S4 WM System Decode Application;WM System Decode Application; [x]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

gfktlge

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: Baixar com o FDM - file://d:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://d:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selecionado pelo FDM - file://d:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://d:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - d:\documents and settings\Gabriela\Dados de aplicativos\Mozilla\Firefox\Profiles\46l4r82v.default\

FF - component: d:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: d:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - plugin: d:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: d:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: d:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: d:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

 

---- FIREFOX POLICIES ----

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

.

------- Associação de arquivos/ficheiros -------

.

inffile=Notepad.exe "%1"

inifile=Notepad.exe "%1"

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-10 19:15

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gfktlge]

"ServiceDll"="d:\windows\system32\zaajaomz.dll"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(632)

d:\windows\system32\Ati2evxx.dll

.

Tempo para conclusão: 2009-07-10 19:16

ComboFix-quarantined-files.txt 2009-07-10 22:16

 

Pré-execução: 10 pasta(s) 160.465.203.200 bytes disponíveis

Pós execução: 10 pasta(s) 160.401.756.160 bytes disponíveis

 

285 --- E O F --- 2008-10-06 22:33

 

 

------------------------

 

Bom, o ComboFix teve de passar por uma atualização crítica, segundo foi dito, e assim, pra que de fato, serve o console de recuperação [dã, pra recuperar]. Mas,que vantagens futuras posso vir a ter, se não tiver nenhum efeito significativo, gostaria de desinstala-lo.

 

Grata :*

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado
Bom, o ComboFix teve de passar por uma atualização crítica, segundo foi dito, e assim, pra que de fato, serve o console de recuperação [dã, pra recuperar]. Mas,que vantagens futuras posso vir a ter, se não tiver nenhum efeito significativo, gostaria de desinstala-lo.

 

Grata :*

Suponhamos que por algum motivo, ocorra algum problema que impossibilite seu computador de inicializar. Se o Console de Recuperação estiver instalado, você poderá verificar qual é o problema que está acontecendo e solucioná-lo. É mais recomendado para usuários avançados, no entanto, a opção de mantê-lo ou não instalado é sua. Mais informações sobre o Console abaixo:

 

http://support.microsoft.com/kb/307654/pt-br

 

Na página acima há também instruções de como desinstalá-lo, caso opte por isso. Porém, peço que, caso queira desinstalar, faça-o após terminarmos todos os procedimentos com o ComboFix.

Após usarmos o ComboFix, se precisar de ajuda para desinstalar o Console é só dizer!

 

 

Selecione e copie o texto abaixo (começando de Folder). Cole o texto copiado no Bloco de Notas e salve no desktop como CFScript.txt

 

Folder::

D:\SDFix

 

File::

d:\windows\system32\zaajaomz.dll

 

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WM System Decode Application]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gfktlge]

 

Driver::

gfktlge

WM System Decode Application

 

NetSvc::

gfktlge

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

 

CFScript.gif

 

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;

Não use o mouse nem o teclado quando o ComboFix estiver rodando;

● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;

● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

 

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

 

P.S.: Qualquer dúvida quanto ao procedimento, pode perguntar.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Yukko~    0

Yukko~
Postado

ComboFix:

 

ComboFix 09-07-09.08 - Gabriela 11/07/2009 16:24.4.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2047.1510 [GMT -3:00]

Executando de: d:\documents and settings\Gabriela\Desktop\ComboFix.exe

Comandos utilizados :: d:\documents and settings\Gabriela\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

FILE ::

"d:\windows\system32\zaajaomz.dll"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

D:\SDFix

d:\sdfix\Add_DBFix_RunOnce_key.inf

d:\sdfix\apps\assosfix.reg

d:\sdfix\apps\Cghtme.exe

d:\sdfix\apps\cliptext.exe

d:\sdfix\apps\DBFix.inf

d:\sdfix\apps\download.exe

d:\sdfix\apps\dummy.sys

d:\sdfix\apps\Enable_Command_Prompt.inf

d:\sdfix\apps\Enable_Command_Prompt.reg

d:\sdfix\apps\ERDNT.E_E

d:\sdfix\apps\ERDNTDOS.LOC

d:\sdfix\apps\ERDNTWIN.LOC

d:\sdfix\apps\ERUNT.EXE

d:\sdfix\apps\ERUNT.LOC

d:\sdfix\apps\fix.reg

d:\sdfix\apps\FixBeep.reg

d:\sdfix\apps\FixBH.reg

d:\sdfix\apps\FixComponents.reg

d:\sdfix\apps\FIXCU.reg

d:\sdfix\apps\FIXLM.reg

d:\sdfix\apps\FixPath.exe

d:\sdfix\apps\FixRedir.reg

d:\sdfix\apps\FixSchedule.reg

d:\sdfix\apps\FixWebCheck.reg

d:\sdfix\apps\fixXP.reg

d:\sdfix\apps\FixXPsp2.reg

d:\sdfix\apps\grep.exe

d:\sdfix\apps\HaxdFix.reg

d:\sdfix\apps\HPFix.reg

d:\sdfix\apps\HPFix2.reg

d:\sdfix\apps\HPFix3.reg

d:\sdfix\apps\HPFix4.reg

d:\sdfix\apps\HPFix5.reg

d:\sdfix\apps\HPFix6.reg

d:\sdfix\apps\HPFix7.reg

d:\sdfix\apps\HPFix8.reg

d:\sdfix\apps\HPFix9.reg

d:\sdfix\apps\Installed.txt

d:\sdfix\apps\isadmin.exe

d:\sdfix\apps\leg2.txt

d:\sdfix\apps\legacy.txt

d:\sdfix\apps\legacybk.txt

d:\sdfix\apps\locate.com

d:\sdfix\apps\LS.exe

d:\sdfix\apps\MD5File.exe

d:\sdfix\apps\moveex.exe

d:\sdfix\apps\MyGcpvFix.reg

d:\sdfix\apps\MyGkFix2.reg

d:\sdfix\apps\Process.exe

d:\sdfix\apps\procs.exe

d:\sdfix\apps\psservice.exe

d:\sdfix\apps\Rem.txt

d:\sdfix\apps\Rem2.txt

d:\sdfix\apps\Replace\regedit.exe

d:\sdfix\apps\Replace\w2k\AUTOEXEC.NT

d:\sdfix\apps\Replace\w2k\beep.sys

d:\sdfix\apps\Replace\w2k\command.com

d:\sdfix\apps\Replace\w2k\command.PIF

d:\sdfix\apps\Replace\w2k\CONFIG.NT

d:\sdfix\apps\Replace\w2k\null.sys

d:\sdfix\apps\Replace\xp\AUTOEXEC.NT

d:\sdfix\apps\Replace\xp\beep.sys

d:\sdfix\apps\Replace\xp\command.com

d:\sdfix\apps\Replace\xp\command.PIF

d:\sdfix\apps\Replace\xp\CONFIG.NT

d:\sdfix\apps\Replace\xp\null.sys

d:\sdfix\apps\Reset_AppInit_DLLs.reg

d:\sdfix\apps\RestartIt!.exe

d:\sdfix\apps\Restore_SafeBoot_Windows2000.reg

d:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg

d:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg

d:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg

d:\sdfix\apps\Restore_SecurityCenter.reg

d:\sdfix\apps\Restore_SharedAccess.reg

d:\sdfix\apps\sc.exe

d:\sdfix\apps\sed.exe

d:\sdfix\apps\SF.exe

d:\sdfix\apps\shutdown.exe

d:\sdfix\apps\srv2.txt

d:\sdfix\apps\srv2bk.txt

d:\sdfix\apps\svc.txt

d:\sdfix\apps\svcbk.txt

d:\sdfix\apps\Swreg.exe

d:\sdfix\apps\swsc.exe

d:\sdfix\apps\UnRAR.exe

d:\sdfix\apps\unzip.exe

d:\sdfix\apps\vfind.exe

d:\sdfix\apps\WINMSG.EXE

d:\sdfix\apps\winsec.reg

d:\sdfix\apps\zip.exe

d:\sdfix\backups\backupreg.zip

d:\sdfix\backups\backups.zip

d:\sdfix\backups\catchme.log

d:\sdfix\backups\HOSTS

d:\sdfix\catchme.exe

d:\sdfix\DBFix.bat

d:\sdfix\dummy.sys

d:\sdfix\Report.txt

d:\sdfix\RunThis.bat

d:\sdfix\SDFIX_ReadMe_Online.url

d:\sdfix\W2K_VirusAlert_Repair.inf

d:\sdfix\XP_VirusAlert_Repair.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GFKTLGE

-------\Legacy_WM_SYSTEM_DECODE_APPLICATION

-------\Service_gfktlge

-------\Service_WM System Decode Application

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-11 to 2009-07-11 ))))))))))))))))))))))))))))

.

 

2009-06-27 17:07 . 2009-06-27 17:07 107888 ----a-w- d:\windows\system32\CmdLineExt.dll

2009-06-27 17:04 . 2009-06-27 17:04 -------- d-----w- d:\windows\Logs

2009-06-23 00:01 . 2009-06-23 00:06 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Electronic Arts

2009-06-23 00:01 . 2009-06-23 00:01 -------- d-----w- D:\ProgramData

2009-06-22 23:54 . 2009-06-22 23:54 10134 ----a-r- d:\documents and settings\Gabriela\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2009-06-22 23:54 . 2009-06-22 23:54 -------- d-----w- d:\arquivos de programas\Microsoft WSE

2009-06-22 23:46 . 2009-06-27 17:00 -------- d-----w- d:\arquivos de programas\Electronic Arts

2009-06-21 22:53 . 2009-06-24 19:55 -------- d-----w- d:\arquivos de programas\SpywareBlaster

2009-06-21 22:50 . 2009-06-21 22:52 -------- d-----w- d:\arquivos de programas\Marcos Velasco Security

2009-06-16 23:22 . 2009-06-16 23:22 -------- d-----w- d:\windows\ERUNT

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-29 16:34 . 2009-07-11 19:16 1085208 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.exe

2009-06-29 16:34 . 2009-07-11 19:16 1454360 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.dll

2009-06-27 17:00 . 2008-09-25 22:51 -------- d--h--w- d:\arquivos de programas\InstallShield Installation Information

2009-06-16 22:48 . 2001-10-28 18:07 68408 ----a-w- d:\windows\system32\perfc016.dat

2009-06-16 22:48 . 2001-10-28 18:07 428340 ----a-w- d:\windows\system32\perfh016.dat

2009-06-11 20:29 . 2008-10-06 19:20 -------- d-----w- d:\arquivos de programas\Zylom Games

2009-06-11 16:25 . 2008-11-02 19:13 -------- d-----w- d:\arquivos de programas\Alawar

2009-06-07 22:27 . 2008-10-26 17:49 -------- d-----w- d:\arquivos de programas\Realtek

2009-06-04 22:28 . 2009-06-06 22:35 205326 ----a-w- d:\windows\pchealth\helpctr\Config\Cache\Professional_32_1046.dat

2009-06-04 00:46 . 2009-06-04 00:46 -------- d-----w- d:\documents and settings\Gabriela\Dados de aplicativos\Malwarebytes

2009-06-04 00:46 . 2009-06-04 00:46 -------- d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware

2009-05-19 23:12 . 2008-10-14 21:54 -------- d-----w- d:\arquivos de programas\Windows Media Connect 2

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="d:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"AVG8_TRAY"="d:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]

"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-07-21 16261632]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-29 16:39 11952 ----a-w- d:\windows\system32\avgrsstx.dll

 

[HKLM\~\startupfolder\D:^Documents and Settings^Gabriela^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk]

backup=d:\windows\pss\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnkStartup

 

[HKLM\~\startupfolder\DreaMule.lnk]

path=DreaMule.lnk

backup=d:\windows\pss\DreaMule.lnkCommon Startup

 

[HKLM\~\startupfolder\Fashion Solitaire.lnk]

path=Fashion Solitaire.lnk

backup=d:\windows\pss\Fashion Solitaire.lnkCommon Startup

 

[HKLM\~\startupfolder\Free Download Manager.lnk]

path=Free Download Manager.lnk

backup=d:\windows\pss\Free Download Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\Incoming.lnk]

path=Incoming.lnk

backup=d:\windows\pss\Incoming.lnkCommon Startup

 

[HKLM\~\startupfolder\Internet Explorer.lnk]

path=Internet Explorer.lnk

backup=d:\windows\pss\Internet Explorer.lnkCommon Startup

 

[HKLM\~\startupfolder\Meus documentos.lnk]

path=Meus documentos.lnk

backup=d:\windows\pss\Meus documentos.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"d:\\Arquivos de programas\\DreMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"d:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"d:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"d:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"d:\\Arquivos de programas\\Electronic Arts\\MySims\\bin\\MySims.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [3/6/2009 14:02 335752]

R2 avg8wd;AVG Free8 WatchDog;d:\arquiv~1\AVG\AVG8\avgwdsvc.exe [3/6/2009 14:02 298776]

S3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [3/6/2009 21:46 40160]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: Baixar com o FDM - file://d:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o FDM - file://d:\arquivos de programas\Free Download Manager\dlall.htm

IE: Download selecionado pelo FDM - file://d:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://d:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - d:\documents and settings\Gabriela\Dados de aplicativos\Mozilla\Firefox\Profiles\46l4r82v.default\

FF - component: d:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: d:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - plugin: d:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: d:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: d:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: d:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

 

---- FIREFOX POLICIES ----

d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-11 16:28

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(636)

d:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(2732)

d:\windows\system32\msi.dll

d:\windows\system32\WPDShServiceObj.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

d:\windows\system32\ati2evxx.exe

d:\windows\system32\ati2evxx.exe

d:\windows\system32\HPZipm12.exe

d:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

d:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

d:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

d:\arquivos de programas\AVG\AVG8\avgrsx.exe

d:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-07-11 16:30 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-07-11 19:29

ComboFix2.txt 2009-07-10 22:16

 

Pré-execução: 10 pasta(s) 160.490.061.824 bytes disponíveis

Pós execução: 9 pasta(s) 160.460.754.944 bytes disponíveis

 

278 --- E O F --- 2008-10-06 22:33

 

 

HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:31:19, on 11/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\spoolsv.exe

D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

D:\WINDOWS\system32\HPZipm12.exe

D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

D:\ARQUIV~1\AVG\AVG8\avgtray.exe

D:\WINDOWS\RTHDCPL.EXE

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\WINDOWS\system32\svchost.exe

D:\ARQUIV~1\AVG\AVG8\avgrsx.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\explorer.exe

D:\WINDOWS\system32\notepad.exe

D:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Documents and Settings\Gabriela\Desktop\Programas AM\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - D:\ARQUIV~1\Neopets\Toolbar\Toolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - D:\ARQUIV~1\Neopets\Toolbar\Toolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [startCCC] "D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] D:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Baixar com o FDM - file://D:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://D:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6611 bytes

 

 

 

-------------------------

 

Hm.. Posso dizer que meu computador está ficando bom, não que ele fosse bom antes,mas enfim..

 

O ComboFix gera um pasta de nome Qoobox, e se bem me lembro o Antônio Vieira me aconselhou da última vez a apagá-la, posso fazer o mesmo agora? o_õ

 

Ah! E outra coisa, tenho sempre dúvidas a respeito dos anti-vírus, afinal, AVG,Avira ou Avast? Essa é uma das minhas grandes dúvidas existenciais (??)

 

 

Agradecida :*

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

Vá em Iniciar > Executar, digite ComboFix /u e dê um OK para remover o ComboFix - isso provavelmente removerá a pasta Qoobox.

 

O log está limpo.

 

Seu sistema está completamente desatualizado. Recomendo que atualize-o, pois sistemas desatualizados ficam mais vulneráveis à infecções.

 

Baixe e instale o Service Pack 3 e o Internet Explorer 8.

 

- Faça o download do CCleaner e instale-o (sem instalar a toolbar do Yahoo ao término da instalação)

 

- Abra o programa e clique em Analisar > Executar Limpeza;

- Após clique em Registro > Procurar erros > Corrigir erros selecionados.

 

 

O ComboFix gera um pasta de nome Qoobox, e se bem me lembro o Antônio Vieira me aconselhou da última vez a apagá-la, posso fazer o mesmo agora? o_õ

Se a pasta não for removida pelo comando ComboFix /u que lhe passei anteriormente, pode removê-la sim manualmente.

 

Ah! E outra coisa, tenho sempre dúvidas a respeito dos anti-vírus, afinal, AVG,Avira ou Avast? Essa é uma das minhas grandes dúvidas existenciais (??)

Avira.

 

O AVG e o Avast! são bem fracos em comparação com o Avira. Além do Avira ser o melhor antivirus gratuito, possui um banco de dados excelente, não consome muita memória, enfim...

 

Instale o Avira. :thumbsup:

 

Algum problema ou dúvida ainda?

Compartilhar este post

Link para o post
Compartilhar em outros sites

Yukko~    0

Yukko~
Postado

Uau.. nunca foi tão rápido resolver um problema meu ._."

 

 

Estou instalando o Avira, acho que de fato vale a pena.

 

 

Hm.. Acho que acabaram-se as perguntas

 

 

Very thank's MGuitar \o/

 

 

Beijos Beijos :*

Compartilhar este post

Link para o post
Compartilhar em outros sites

MGuitar    11

MGuitar
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito