lilicatj 0 Denunciar post Postado Outubro 28, 2009 Olá Meu computador está muito lento, trava todo o tempo, as vezes a conexão não funciona, preciso ir ao gerenciador de tarefas e fechar algumas coisas pra conexão voltar... Deixo aqui o LOG do HJT Desde já, obrigada! Logfile of HijackThis v1.99.1 Scan saved at 10:31, on 2009-10-28 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe F:\programas\adaw\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Messenger\msmsgs.exe F:\programas\firefox\firefox.exe F:\programas\Adobe\Adobe Photoshop Lightroom 1.4\lightroom.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miguelmeuanjinho.blogspot.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file) O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [MutlimediaKbdDriver] C:\Arquivos de programas\Multimedia Keyboard Driver\M-KbdDrv.exe O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ? O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\programas\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Estatísticas de proteção de tráfego da web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://www.oifotos.com/custom/send3/ImageUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191260282687 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.oifotos.com/lib/ImageUploader3.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\adialhk.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\programas\adaw\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Context Manager Process Extension (cmpe) - Unknown owner - C:\WINDOWS\System32\cmpe.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: NBService - Nero AG - F:\programas\nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe Esqueci de falar... o kaspersky toda hora fecha. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 28, 2009 Boa Noite! lilicatj <@> Baixe: < avz4en.zip > ou < avz_antiviral_toolkit > <@> Salve-o em Arquivos de programas,e descompacte-o aí mesmo! <@> Abra a pasta avz4 e execute o aplicativo,com um duplo-clique. <-- Ícone escudo e espada! <@> Conecte-se à Internet,e atualize o Toolkit. --> "File" --> "Database Update". < > <@> Terminando,não faça ainda nenhuma verificação. <@> Na aba "Search range",marque todas as caixinhas. <@> Na aba "Search parameters",deixe o ajuste Heuristic analysis em "Minimum heuristics mode". <@> Em Anti-Rootkit,marque: "Detect API hooks and Rootkits" <@> Em Winsock Service Provider,marque todas as caixinhas. <@> Na aba "File types",marque o botão "All files" ou "Potentially dangerous files". <@> Marque,também,a caixa "Report clean objects". <@> No menu "Automatic actions",marque: "Enable malware removal mode" <@> Nos campos abaixo escolha "Report only",para todos os ítens. <@> Abaixo de "RiskWare",marque a caixa "Copy suspicious files to Quarantine". <-- Somente esta caixa! <@> Marque a caixa "Extended analysis". <-- Somente esta caixa! <@> Por default,não desmarque as que estão assinaladas! <@> Feche os programas que estejam abertos,e rode a ferramenta! <-- Clique em Start. <@> Terminando o scan,clique no ícone "Save log",para dispormos do relatório. ( avz_log ) <@> Clique,também,no ícone dos "óculos". <@> Clique em "Save as CSV". <@> Salve,este relatório,no desktop! <-- Formato de texto. ( *.txt ) <@> Nomeie-o como: view_log <@> Copie e poste: avz_log.txt + view_log.txt,na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
lilicatj 0 Denunciar post Postado Outubro 29, 2009 Olá DigRam, boa noite! Aqui vão os Logs: O avz_log ficou um negocio gigantesco com uma lista de todos os arquivos examinados. Não consigo colar em lugar nenhum... Só cola se eu copiar por partes. Coloquei um code pra tentar enviar... (tirei a parte do scanning disks porque realmente ficou MUITO grande... Se precisar por eu colo de novo, o completo) ------------------------- ------------------------- Attention !!! Database was last updated 2009-08-21 it is necessary to update the database (via File - Database update) AVZ Antiviral Toolkit log; AVZ version is 4.32 Scanning started at 2009-10-29 00:03:32 Database loaded: signatures - 237871, NN profile(s) - 2, malware removal microprograms - 56, signature database released 21.08.2009 14:23 Heuristic microprograms loaded: 374 PVS microprograms loaded: 9 Digital signatures of system files loaded: 135524 Heuristic analyzer mode: Minimum heuristics mode Malware removal mode: enabled Windows version is: 5.1.2600, Service Pack 2 ; AVZ is run with administrator rights System Restore: enabled 1. Searching for Rootkits and other software intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Driver loaded successfully SDT found (RVA=082700) Kernel ntoskrnl.exe found in memory at address 804D7000 SDT = 80559700 KiST = 804E26A8 (284) Function NtAdjustPrivilegesToken (0B) intercepted (8058EC01->F41C51DA), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtClose (19) intercepted (80566DB9->F41C57AE), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtConnectPort (1F) intercepted (8058A87C->F41C71EA), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtCreateFile (25) intercepted (8056FC68->F41C6B9C), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtCreateKey (29) intercepted (8056E819->F41C4950), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtCreatePagingFile (2D) intercepted (805BAFC8->F76FBA20), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted Function NtCreateSymbolicLinkObject (34) intercepted (805A0CE9->F41C8B7C), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtCreateThread (35) intercepted (8057C51B->F41C55AE), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtDeleteKey (3F) intercepted (805951B2->F41C4D92), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtDeleteValueKey (41) intercepted (80593B28->F41C4F92), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtDeviceIoControlFile (42) intercepted (8057D2D1->F41C6EAC), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtDuplicateObject (44) intercepted (80572B96->F41C9084), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtEnumerateKey (47) intercepted (8056EF20->F41C50A8), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtEnumerateValueKey (49) intercepted (8057FBF4->F41C5110), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtFsControlFile (54) intercepted (8057AD89->F41C6D5E), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtLoadDriver (61) intercepted (805A40FA->F41C8620), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtOpenFile (74) intercepted (8056FC03->F41C69F8), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtOpenKey (77) intercepted (80567D6B->F41C4AB2), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtOpenProcess (7A) intercepted (80572D76->F41C53B2), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtOpenSection (7D) intercepted (8057677B->F41C8BA6), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtOpenThread (80) intercepted (8058C882->F41C52FE), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtQueryKey (A0) intercepted (8056EC29->F41C5178), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtQueryMultipleValueKey (A1) intercepted (8064CCC4->F41C4E7C), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtQueryValueKey (B1) intercepted (8056B173->F41C4C5A), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtQueueApcThread (B4) intercepted (8058F70B->F41C8888), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtReplaceKey (C1) intercepted (8064D5FE->F41C45D2), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtRequestWaitReplyPort (C8) intercepted (80575F9A->F41C7A74), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtRestoreKey (CC) intercepted (8064C122->F41C4734), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtResumeThread (CE) intercepted (8057CB8E->F41C8F56), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtSaveKey (CF) intercepted (8064C1C9->F41C43D0), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtSecureConnectPort (D2) intercepted (8057EA6A->F41C708C), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtSetContextThread (D5) intercepted (8062C4EB->F41C56AC), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtSetSecurityObject (ED) intercepted (8059B8B1->F41C871A), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtSetSystemInformation (F0) intercepted (805A26E4->F41C8BD0), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtSetSystemPowerState (F1) intercepted (806658A7->F77070B0), hook C:\WINDOWS\system32\Drivers\d347bus.sys, driver recognized as trusted Function NtSetValueKey (F7) intercepted (80573CFD->F41C4B08), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtSuspendProcess (FD) intercepted (8062E0CD->F41C8CB4), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtSuspendThread (FE) intercepted (805DFA98->F41C8DE0), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtSystemDebugControl (FF) intercepted (80648481->F41C854C), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtTerminateProcess (101) intercepted (805847BC->F41C547E), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function NtWriteVirtualMemory (115) intercepted (8057A707->F41C54F0), hook C:\WINDOWS\system32\DRIVERS\klif.sys, driver recognized as trusted Function FsRtlCheckLockForReadAccess (80503C29) - machine code modification Method of JmpTo. jmp F41DC626 \SystemRoot\system32\DRIVERS\klif.sys, driver recognized as trusted Function IoIsOperationSynchronous (804E8752) - machine code modification Method of JmpTo. jmp F41DC9E0 \SystemRoot\system32\DRIVERS\klif.sys, driver recognized as trusted Functions checked: 284, intercepted: 41, restored: 0 1.3 Checking IDT and SYSENTER Analyzing CPU 1 Checking IDT and SYSENTER - complete 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed Driver loaded successfully 1.5 Checking IRP handlers Checking - complete 2. Scanning RAM Number of processes found: 24 C:\WINDOWS\system32\smss.exe - clean c:\windows\system32\csrss.exe - clean c:\windows\system32\winlogon.exe - clean c:\windows\system32\services.exe - clean c:\windows\system32\lsass.exe - clean c:\windows\system32\svchost.exe - clean c:\windows\system32\svchost.exe - clean c:\windows\system32\svchost.exe - clean c:\windows\system32\svchost.exe - clean c:\windows\system32\svchost.exe - clean f:\programas\adaw\aawservice.exe - clean c:\windows\system32\spoolsv.exe - clean c:\windows\system32\svchost.exe - clean c:\windows\system32\nvsvc32.exe - clean c:\arquivos de programas\microsoft\search enhancement pack\seaport\seaport.exe - clean c:\windows\system32\svchost.exe - clean c:\windows\system32\alg.exe - clean c:\windows\explorer.exe - clean c:\windows\system32\ctfmon.exe - clean c:\arquivos de programas\windows live\messenger\msnmsgr.exe - clean c:\windows\system32\wscntfy.exe - clean c:\arquivos de programas\arquivos comuns\apple\mobile device support\bin\applemobiledeviceservice.exe - clean c:\windows\explorer.exe - clean c:\arquivos de programas\avz4\avz.exe - clean Number of modules loaded: 345 c:\windows\system32\ntdll.dll - clean c:\windows\system32\csrsrv.dll - clean c:\windows\system32\basesrv.dll - clean c:\windows\system32\winsrv.dll - clean c:\windows\system32\gdi32.dll - clean c:\windows\system32\kernel32.dll - clean c:\windows\system32\user32.dll - clean c:\windows\system32\sxs.dll - clean c:\windows\system32\advapi32.dll - clean c:\windows\system32\rpcrt4.dll - clean c:\windows\system32\secur32.dll - clean c:\windows\system32\authz.dll - clean c:\windows\system32\msvcrt.dll - clean c:\windows\system32\crypt32.dll - clean c:\windows\system32\msasn1.dll - clean c:\windows\system32\nddeapi.dll - clean c:\windows\system32\profmap.dll - clean c:\windows\system32\netapi32.dll - clean c:\windows\system32\userenv.dll - clean c:\windows\system32\psapi.dll - clean c:\windows\system32\regapi.dll - clean c:\windows\system32\setupapi.dll - clean c:\windows\system32\version.dll - clean c:\windows\system32\winsta.dll - clean c:\windows\system32\wintrust.dll - clean c:\windows\system32\imagehlp.dll - clean c:\windows\system32\ws2_32.dll - clean c:\windows\system32\ws2help.dll - clean c:\windows\system32\imm32.dll - clean c:\arquiv~1\kasper~1\kasper~1\adialhk.dll - clean c:\windows\system32\shlwapi.dll - clean c:\arquiv~1\kasper~1\kasper~1\kloehk.dll - clean c:\windows\system32\msgina.dll - clean c:\windows\system32\shell32.dll - clean c:\windows\system32\comctl32.dll - clean c:\windows\system32\odbc32.dll - clean c:\windows\system32\comdlg32.dll - clean c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll - clean c:\windows\system32\odbcint.dll - clean c:\windows\system32\shsvcs.dll - clean c:\windows\system32\sfc.dll - clean c:\windows\system32\sfc_os.dll - clean c:\windows\system32\ole32.dll - clean c:\windows\system32\apphelp.dll - clean c:\windows\system32\msctfime.ime - clean c:\windows\system32\winscard.dll - clean c:\windows\system32\wtsapi32.dll - clean c:\windows\system32\uxtheme.dll - clean c:\windows\system32\winmm.dll - clean c:\windows\system32\cscdll.dll - clean c:\windows\system32\klogon.dll - clean c:\windows\system32\wlnotify.dll - clean c:\windows\system32\winspool.drv - clean c:\windows\system32\mpr.dll - clean c:\windows\system32\wgalogon.dll - clean c:\windows\system32\oleaut32.dll - clean c:\windows\system32\rsaenh.dll - clean c:\windows\system32\ntmarta.dll - clean c:\windows\system32\wldap32.dll - clean c:\windows\system32\samlib.dll - clean c:\windows\system32\clbcatq.dll - clean c:\windows\system32\comres.dll - clean c:\windows\system32\msv1_0.dll - clean c:\windows\system32\cryptdll.dll - clean c:\windows\system32\iphlpapi.dll - clean c:\windows\system32\rasapi32.dll - clean c:\windows\system32\rasman.dll - clean c:\windows\system32\tapi32.dll - clean c:\windows\system32\rtutils.dll - clean c:\windows\system32\cscui.dll - clean c:\windows\system32\xpsp2res.dll - clean c:\windows\system32\wdmaud.drv - clean c:\windows\system32\msacm32.drv - clean c:\windows\system32\msacm32.dll - clean c:\windows\system32\midimap.dll - clean c:\windows\system32\wbem\wbemprox.dll - clean c:\windows\system32\wbem\wbemcomn.dll - clean c:\windows\system32\wbem\wbemsvc.dll - clean c:\windows\system32\wbem\fastprox.dll - clean c:\windows\system32\msvcp60.dll - clean c:\windows\system32\ntdsapi.dll - clean c:\windows\system32\dnsapi.dll - clean c:\windows\system32\ncobjapi.dll - clean c:\windows\system32\scesrv.dll - clean c:\windows\system32\umpnpmgr.dll - clean c:\windows\system32\shimeng.dll - clean c:\windows\apppatch\acgenral.dll - clean c:\windows\system32\eventlog.dll - clean c:\windows\system32\lsasrv.dll - clean c:\windows\system32\samsrv.dll - clean c:\windows\system32\msprivs.dll - clean c:\windows\system32\kerberos.dll - clean c:\windows\system32\netlogon.dll - clean c:\windows\system32\w32time.dll - clean c:\windows\system32\schannel.dll - clean c:\windows\system32\wdigest.dll - clean c:\windows\system32\scecli.dll - clean c:\windows\system32\pstorsvc.dll - clean c:\windows\system32\mswsock.dll - clean c:\windows\system32\hnetcfg.dll - clean c:\windows\system32\wshtcpip.dll - clean c:\windows\system32\psbase.dll - clean c:\windows\system32\msapsspc.dll - clean c:\windows\system32\msvcrt40.dll - clean c:\windows\system32\digest.dll - clean c:\windows\system32\msnsspc.dll - clean c:\windows\system32\dssenh.dll - clean c:\windows\system32\rpcss.dll - clean c:\windows\system32\termsrv.dll - clean c:\windows\system32\icaapi.dll - clean c:\windows\system32\mstlsapi.dll - clean c:\windows\system32\activeds.dll - clean c:\windows\system32\adsldpc.dll - clean c:\windows\system32\atl.dll - clean c:\arquivos de programas\bonjour\mdnsnsp.dll - clean c:\windows\system32\winrnr.dll - clean c:\windows\system32\rasadhlp.dll - clean c:\windows\system32\dhcpcsvc.dll - clean c:\windows\system32\wzcsvc.dll - clean c:\windows\system32\wmi.dll - clean c:\windows\system32\esent.dll - clean c:\windows\system32\rastls.dll - clean c:\windows\system32\cryptui.dll - clean c:\windows\system32\wininet.dll - clean c:\windows\system32\normaliz.dll - clean c:\windows\system32\urlmon.dll - clean c:\windows\system32\iertutil.dll - clean c:\windows\system32\mprapi.dll - clean c:\windows\system32\raschap.dll - clean c:\windows\system32\wzcsapi.dll - clean c:\windows\system32\schedsvc.dll - clean c:\windows\system32\msidle.dll - clean c:\windows\system32\audiosrv.dll - clean c:\windows\system32\qmgr.dll - clean c:\windows\system32\shfolder.dll - clean c:\windows\system32\winhttp.dll - clean c:\windows\system32\cryptsvc.dll - clean c:\windows\system32\certcli.dll - clean c:\windows\system32\dmserver.dll - clean c:\windows\system32\ersvc.dll - clean c:\windows\system32\es.dll - clean c:\windows\pchealth\helpctr\binaries\pchsvc.dll - clean c:\windows\system32\hidserv.dll - clean c:\windows\system32\hid.dll - clean c:\windows\system32\srvsvc.dll - clean c:\windows\system32\netman.dll - clean c:\windows\system32\netshell.dll - clean c:\windows\system32\credui.dll - clean c:\windows\system32\seclogon.dll - clean c:\windows\system32\sens.dll - clean c:\windows\system32\srsvc.dll - clean c:\windows\system32\powrprof.dll - clean c:\windows\system32\trkwks.dll - clean c:\windows\system32\wbem\wmisvc.dll - clean c:\windows\system32\vssapi.dll - clean c:\windows\system32\wuauserv.dll - clean c:\windows\system32\wuaueng.dll - clean c:\windows\system32\cabinet.dll - clean c:\windows\system32\mspatcha.dll - clean c:\windows\system32\ipnathlp.dll - clean c:\windows\system32\wscsvc.dll - clean c:\windows\system32\msi.dll - clean c:\windows\system32\wbem\wbemcore.dll - clean c:\windows\system32\wbem\esscli.dll - clean c:\windows\system32\comsvcs.dll - clean c:\windows\system32\colbact.dll - clean c:\windows\system32\mtxclu.dll - clean c:\windows\system32\wsock32.dll - clean c:\windows\system32\clusapi.dll - clean c:\windows\system32\resutils.dll - clean c:\windows\system32\wbem\wmiutils.dll - clean c:\windows\system32\wbem\repdrvfs.dll - clean c:\windows\system32\wbem\wmiprvsd.dll - clean c:\windows\system32\wbem\wbemess.dll - clean c:\windows\system32\wbem\ncprov.dll - clean c:\windows\system32\tapisrv.dll - clean c:\windows\system32\rasmans.dll - clean c:\windows\system32\winipsec.dll - clean c:\windows\system32\netcfgx.dll - clean c:\windows\system32\rastapi.dll - clean c:\windows\system32\unimdm.tsp - clean c:\windows\system32\uniplat.dll - clean c:\windows\system32\kmddsp.tsp - clean c:\windows\system32\ndptsp.tsp - clean c:\windows\system32\ipconf.tsp - clean c:\windows\system32\h323.tsp - clean c:\windows\system32\hidphone.tsp - clean c:\windows\system32\rasppp.dll - clean c:\windows\system32\ntlsapi.dll - clean c:\windows\system32\msxml3.dll - clean c:\windows\system32\upnp.dll - clean c:\windows\system32\ssdpapi.dll - clean c:\windows\system32\rasdlg.dll - clean c:\windows\system32\mlang.dll - clean c:\windows\system32\xmlprovi.dll - clean c:\windows\system32\wups2.dll - clean c:\windows\system32\advpack.dll - clean c:\windows\system32\wuapi.dll - clean c:\windows\system32\wudfsvc.dll - clean c:\windows\system32\wudfplatform.dll - clean c:\windows\system32\lmhsvc.dll - clean c:\windows\system32\regsvc.dll - clean c:\windows\system32\ssdpsrv.dll - clean f:\programas\adaw\ceapi.dll - clean f:\programas\adaw\pkarchive84cb.dll - clean f:\programas\adaw\update.dll - clean c:\windows\system32\spoolss.dll - clean c:\windows\system32\localspl.dll - clean c:\windows\system32\lxcylmpm.dll - clean c:\windows\system32\cnbjmon.dll - clean c:\windows\system32\hptcpmon.dll - clean c:\windows\system32\hpzjrd01.dll - clean c:\windows\system32\hptcpmui.dll - clean c:\windows\system32\hptcpmib.dll - clean c:\windows\system32\mgmtapi.dll - clean c:\windows\system32\snmpapi.dll - clean c:\windows\system32\wsnmp32.dll - clean c:\windows\system32\pjlmon.dll - clean c:\windows\system32\msonpmon.dll - clean c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll - clean c:\windows\system32\tcpmon.dll - clean c:\windows\system32\usbmon.dll - clean c:\windows\system32\spool\prtprocs\w32x86\lxcypp5c.dll - clean c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - clean c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll - clean c:\windows\system32\inetpp.dll - clean c:\windows\system32\webclnt.dll - clean c:\windows\system32\nvapi.dll - clean c:\windows\system32\sensapi.dll - clean c:\windows\system32\cryptnet.dll - clean c:\windows\system32\wiaservc.dll - clean c:\windows\system32\cfgmgr32.dll - clean c:\windows\system32\mscms.dll - clean c:\windows\system32\actxprxy.dll - clean c:\windows\system32\sti.dll - clean c:\windows\system32\browseui.dll - clean c:\windows\system32\shdocvw.dll - clean c:\arquivos de programas\microsoft office\office12\grooveshellextensions.dll - clean c:\arquivos de programas\microsoft office\office12\grooveutil.dll - clean c:\arquivos de programas\microsoft office\office12\groovenew.dll - clean c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll - clean c:\windows\system32\msimg32.dll - clean c:\windows\system32\themeui.dll - clean c:\windows\system32\msutb.dll - clean c:\windows\system32\msctf.dll - clean c:\windows\system32\ieframe.dll - clean c:\windows\system32\mshtml.dll - clean c:\windows\system32\msls31.dll - clean c:\windows\system32\linkinfo.dll - clean c:\windows\system32\ntshrui.dll - clean c:\windows\system32\msimtf.dll - clean c:\windows\system32\webcheck.dll - clean c:\windows\system32\stobject.dll - clean c:\windows\system32\batmeter.dll - clean c:\windows\system32\wpdshserviceobj.dll - clean c:\windows\system32\mydocs.dll - clean f:\programas\nokia\nokia pc suite 7\phonebrowser.dll - clean f:\programas\nokia\nokia pc suite 7\ngscm.dll - clean c:\windows\system32\olepro32.dll - clean c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll - clean c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll - clean f:\programas\nokia\nokia pc suite 7\lang\phonebrowser_por-br.nlr - clean f:\programas\nokia\nokia pc suite 7\resource\phonebrowser_nokia.ngr - clean c:\windows\system32\portabledevicetypes.dll - clean c:\windows\system32\portabledeviceapi.dll - clean c:\windows\system32\wzcdlg.dll - clean c:\windows\system32\drprov.dll - clean c:\windows\system32\davclnt.dll - clean c:\arquivos de programas\arquivos comuns\ahead\lib\nerodigitalext.dll - clean c:\arquivos de programas\arquivos comuns\ahead\lib\mfc71.dll - clean c:\arquivos de programas\arquivos comuns\ahead\lib\msvcr71.dll - clean c:\arquivos de programas\arquivos comuns\ahead\lib\msvcp71.dll - clean c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\pdfshell.dll - clean c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\pdfshell.ptb - clean c:\arquivos de programas\microsoft office\office12\groovesystemservices.dll - clean c:\arquivos de programas\microsoft office\office12\groovemisc.dll - clean f:\programas\nero\nero 7\nero backitup\nbshell.dll - clean f:\programas\nero\nero 7\nero backitup\mfc71u.dll - clean f:\programas\rarext.dll - clean c:\arquiv~1\acdsys~1\picaview\picaview.dll - clean c:\arquivos de programas\arquivos comuns\acd systems\plugins\ide_acdstd.apl - clean c:\arquivos de programas\pando networks\pando\pandoshellext.dll - clean f:\programas\magiciso\misosh.dll - clean c:\arquivos de programas\kaspersky lab\kaspersky internet security 2009\shellex.dll - clean c:\arquivos de programas\windows live\messenger\uxcore.dll - clean c:\arquivos de programas\windows live\messenger\msimg32.dll - clean c:\arquivos de programas\windows live\messenger\wldcore.dll - clean c:\windows\system32\usp10.dll - clean c:\arquivos de programas\windows live\messenger\msidcrl40.dll - clean c:\windows\system32\oleacc.dll - clean c:\arquivos de programas\windows live\messenger\wldlog.dll - clean c:\arquivos de programas\windows live\messenger\uxcontacts.dll - clean c:\arquivos de programas\windows live\messenger\uxcalendar.dll - clean c:\arquivos de programas\windows live\messenger\livenattrav.dll - clean c:\arquivos de programas\windows live\messenger\livetransport.dll - clean c:\arquivos de programas\windows live\messenger\presenceim.dll - clean c:\arquivos de programas\messenger plus! live\msgpluslive.dll - clean c:\arquivos de programas\messenger plus! live\detoured.dll - clean c:\arquivos de programas\windows live\messenger\msgslang.14.0.8089.0726.dll - clean c:\arquivos de programas\windows live\messenger\msgsres.dll - clean c:\windows\system32\riched20.dll - clean c:\arquivos de programas\messenger plus! live\msgplusliveres.dll - clean c:\windows\system32\inetcomm.dll - clean c:\windows\system32\msoert2.dll - clean c:\windows\system32\inetres.dll - clean c:\arquivos de programas\windows live\messenger\sqmapi.dll - clean c:\arquiv~1\wi1f86~1\messen~1\vvpltfrm.dll - clean c:\windows\system32\dsound.dll - clean c:\arquivos de programas\windows live\messenger\uccapi.dll - clean c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll - clean c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll - clean c:\arquivos de programas\windows live\messenger\rtmpltfm.dll - clean c:\windows\system32\devenum.dll - clean c:\windows\system32\msdmo.dll - clean c:\windows\system32\quartz.dll - clean c:\windows\system32\ddraw.dll - clean c:\windows\system32\dciman32.dll - clean c:\windows\system32\d3dim700.dll - clean c:\arquivos de programas\windows live\contacts\contact.dll - clean c:\arquivos de programas\windows live\contacts\lmcdata.dll - clean c:\arquivos de programas\windows live\contacts\conproxy.dll - clean c:\windows\system32\msxml6.dll - clean c:\windows\system32\dpnhupnp.dll - clean c:\arquivos de programas\kaspersky lab\kaspersky internet security 2009\scrchpg.dll - clean c:\windows\system32\jscript.dll - clean c:\arquivos de programas\kaspersky lab\kaspersky internet security 2009\klscav.dll - clean c:\arquivos de programas\kaspersky lab\kaspersky internet security 2009\prremote.dll - clean c:\arquivos de programas\kaspersky lab\kaspersky internet security 2009\prloader.dll - clean c:\arquivos de programas\kaspersky lab\kaspersky internet security 2009\prkernel.ppl - clean c:\arquivos de programas\kaspersky lab\kaspersky internet security 2009\params.ppl - clean c:\arquivos de programas\kaspersky lab\kaspersky internet security 2009\pxstub.ppl - clean c:\arquivos de programas\kaspersky lab\kaspersky internet security 2009\tempfile.ppl - clean c:\windows\system32\dxtrans.dll - clean c:\windows\system32\ddrawex.dll - clean c:\windows\system32\dxtmsft.dll - clean c:\windows\system32\imgutil.dll - clean c:\windows\system32\vbscript.dll - clean c:\arquivos de programas\messenger plus! live\libsndfile.dll - clean c:\arquivos de programas\messenger plus! live\lame_enc.dll - clean c:\windows\system32\browselc.dll - clean c:\arquivos de programas\microsoft office\office12\1033\grooveintlresource.dll - clean c:\windows\system32\msftedit.dll - clean c:\windows\system32\duser.dll - clean c:\windows\system32\icm32.dll - clean c:\windows\system32\riched32.dll - clean Scanning RAM - complete 3. Scanning disks 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) 6. Searching for opened TCP/UDP ports used by malicious software Checking - disabled by user 7. Heuristic system check Latent DLL loading through AppInit_DLLs suspected: "C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\adialhk.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll" Checking - complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed: RemoteRegistry (Registro remoto) >> Services: potentially dangerous service allowed: TermService (Serviços de terminal) >> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP) >> Services: potentially dangerous service allowed: TlntSvr (Telnet) >> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas) >> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da área de trabalho do NetMeeting ) >> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >> Security: sending Remote Assistant queries is enabled Checking - complete 9. Troubleshooting wizard >> HDD autorun is allowed >> Network drives autorun is allowed >> Removable media autorun is allowed Checking - complete Files scanned: 432350, extracted from archives: 251425, malicious software found 1, suspicions - 0 Scanning finished at 2009-10-29 02:10:14 Time of scanning: 02:06:54 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address http://virusinfo.info conference View_log C:\WINDOWS\system32\DRIVERS\klif.sys;4;Kernel-mode hook C:\WINDOWS\system32\Drivers\d347bus.sys;4;Kernel-mode hook C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0002.dat.kgj;1; Trojan.DiskEraser.20 Abraço!! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 29, 2009 Bom Dia! lilicatj (tirei a parte do scanning disks porque realmente ficou MUITO grande... Se precisar por eu colo de novo, o completo) <!> Não há necessidade,onde todo o relatório poderia ter sido compactado e 'upado' ao MediaFire ou Badongo. <><><><><><><><><><> <!> Ps: Se o seu antivírus ( Kaspersky ),for pirata...pode remove-lo e instalar o Avira. <!> Desinstale: C:\Arquivos de programas\Bonjour <-- <><><><><><><><><><> <@> Vá a esta página e baixe: < Avira Antivir RegistryCleaner > <@> Execute o utilitário,mas...não esqueça de tirá-lo do zip. <@> Baixe: < Avira > <@> Instale o programa --> Atualize-o! --> Configure-o --> Execute-o! <@> Poste,à seguir,seu relatório + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
lilicatj 0 Denunciar post Postado Outubro 29, 2009 Bom dia, DigRam Desculpe, nem pensei em subir o arquivo. Coloquei no'>http://www.badongo.com/pt/file/18104388"]no badongo o arquivo completo. Quanto ao anti-virus, ele não é pirata. Desinstalo assim mesmo? Abraços Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 29, 2009 Bom dia, DigRam Desculpe, nem pensei em subir o arquivo. Coloquei no'>http://www.badongo.com/pt/file/18104388"]no badongoo arquivo completo. Quanto ao anti-virus, ele não é pirata. Desinstalo assim mesmo? Abraços <><><><><><><><><><> Opa! lilicatj <!> Sim! Pode desinstalar o KIS,e baixar o Avira. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
lilicatj 0 Denunciar post Postado Outubro 30, 2009 Olá DigRam, boa tarde! <!> Desinstale: C:\Arquivos de programas\Bonjour <-- Como eu desinstalo isso? Posso só deletar a pasta? Porque não encontrei opção pra desinstalar. Estou reinstalando o avira porque deu erro e não consigo fazer o update. Ele trava o tempo todo. Desinstalei e to instalando de novo. Aqui, relatorio do regcleaner ###################################### Avira Registry Cleaner 29.10.2009 17:13:39 ###################################### The registry was scanned for the following words: avira,h+bedv,x-avcsd,antivir,avgio,avgnt,avgntflt,ssmdrv,avipbb,aveservice,shell extension for malware Access denied: Driver Signing Access denied: S-1-5-21-117609710-616249376-725345543-1002 Access denied: SAM Access denied: SECURITY Access denied: RegBackup Access denied: *Local Machine* Access denied: Pending Help Session Access denied: Credentials Access denied: LastScan Access denied: MicroDefs Access denied: MicroDefs Access denied: MicroDefs Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: EncryptedDirectories Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: EncryptedDirectories Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: EncryptedDirectories Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: Properties Access denied: EncryptedDirectories HKEY_CURRENT_USER\software\symantec\norton antivirus HKEY_LOCAL_MACHINE\software\classes\*\shellex\contextmenuhandlers\symantec.norton.antivirus.iecontextmenu HKEY_LOCAL_MACHINE\software\classes\drive\shellex\contextmenuhandlers\symantec.norton.antivirus.iecontextmenu HKEY_LOCAL_MACHINE\software\classes\file\shellex\contextmenuhandlers\symantec.norton.antivirus.iecontextmenu HKEY_LOCAL_MACHINE\software\classes\folder\shellex\contextmenuhandlers\symantec.norton.antivirus.iecontextmenu HKEY_LOCAL_MACHINE\software\classes\nortonantivirus.officeantivirus HKEY_LOCAL_MACHINE\software\classes\nortonantivirus.officeantivirus.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.applauncher HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.applauncher.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.iecontextmenu HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.iecontextmenu.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.ietoolband HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.ietoolband.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.navoptiongroup HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.navoptiongroup.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.navoptions HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.navoptions.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.navpwd HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.navpwd.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.scantask HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.scantask.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.scantasks HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.scantasks.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.snoozealert HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.snoozealert.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.tasksdlgs HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.tasksdlgs.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.threatsbyvid HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.threatsbyvid.1 HKEY_LOCAL_MACHINE\software\symantec\norton antivirus HKEY_LOCAL_MACHINE\software\symantec\symsetup\norton antivirus HKEY_LOCAL_MACHINE\system\controlset001\services\avgio HKEY_LOCAL_MACHINE\system\controlset001\services\avgntflt HKEY_LOCAL_MACHINE\system\controlset001\services\eventlog\application\h+bedv antivir HKEY_LOCAL_MACHINE\system\controlset001\services\eventlog\system\avgntflt HKEY_LOCAL_MACHINE\system\controlset001\services\ssmdrv HKEY_LOCAL_MACHINE\system\controlset002\services\antivirscheduler HKEY_LOCAL_MACHINE\system\controlset002\services\antivirservice HKEY_LOCAL_MACHINE\system\controlset002\services\avgio HKEY_LOCAL_MACHINE\system\controlset002\services\avgntflt HKEY_LOCAL_MACHINE\system\controlset002\services\avipbb HKEY_LOCAL_MACHINE\system\controlset002\services\eventlog\application\h+bedv antivir HKEY_LOCAL_MACHINE\system\controlset002\services\eventlog\system\avgntflt HKEY_LOCAL_MACHINE\system\controlset002\services\ssmdrv HKEY_LOCAL_MACHINE\system\controlset004\services\avgio HKEY_LOCAL_MACHINE\system\controlset004\services\avgntflt HKEY_LOCAL_MACHINE\system\controlset004\services\eventlog\application\h+bedv antivir HKEY_LOCAL_MACHINE\system\controlset004\services\eventlog\system\avgntflt HKEY_LOCAL_MACHINE\system\controlset004\services\ssmdrv HKEY_LOCAL_MACHINE\system\currentcontrolset\services\avgio HKEY_LOCAL_MACHINE\system\currentcontrolset\services\avgntflt HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\h+bedv antivir HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\system\avgntflt HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ssmdrv Number of found keys: 54 DELETED KEYS: HKEY_CURRENT_USER\software\symantec\norton antivirus HKEY_LOCAL_MACHINE\software\classes\*\shellex\contextmenuhandlers\symantec.norton.antivirus.iecontextmenu HKEY_LOCAL_MACHINE\software\classes\drive\shellex\contextmenuhandlers\symantec.norton.antivirus.iecontextmenu HKEY_LOCAL_MACHINE\software\classes\file\shellex\contextmenuhandlers\symantec.norton.antivirus.iecontextmenu HKEY_LOCAL_MACHINE\software\classes\folder\shellex\contextmenuhandlers\symantec.norton.antivirus.iecontextmenu HKEY_LOCAL_MACHINE\software\classes\nortonantivirus.officeantivirus HKEY_LOCAL_MACHINE\software\classes\nortonantivirus.officeantivirus.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.applauncher HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.applauncher.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.iecontextmenu HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.iecontextmenu.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.ietoolband HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.ietoolband.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.navoptiongroup HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.navoptiongroup.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.navoptions HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.navoptions.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.navpwd HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.navpwd.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.scantask HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.scantask.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.scantasks HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.scantasks.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.snoozealert HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.snoozealert.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.tasksdlgs HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.tasksdlgs.1 HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.threatsbyvid HKEY_LOCAL_MACHINE\software\classes\symantec.norton.antivirus.threatsbyvid.1 HKEY_LOCAL_MACHINE\software\symantec\norton antivirus Could not be deleted! HKEY_LOCAL_MACHINE\software\symantec\symsetup\norton antivirus HKEY_LOCAL_MACHINE\system\controlset001\services\avgio HKEY_LOCAL_MACHINE\system\controlset001\services\avgntflt HKEY_LOCAL_MACHINE\system\controlset001\services\eventlog\application\h+bedv antivir HKEY_LOCAL_MACHINE\system\controlset001\services\eventlog\system\avgntflt HKEY_LOCAL_MACHINE\system\controlset001\services\ssmdrv HKEY_LOCAL_MACHINE\system\controlset002\services\antivirscheduler HKEY_LOCAL_MACHINE\system\controlset002\services\antivirservice HKEY_LOCAL_MACHINE\system\controlset002\services\avgio HKEY_LOCAL_MACHINE\system\controlset002\services\avgntflt HKEY_LOCAL_MACHINE\system\controlset002\services\avipbb HKEY_LOCAL_MACHINE\system\controlset002\services\eventlog\application\h+bedv antivir HKEY_LOCAL_MACHINE\system\controlset002\services\eventlog\system\avgntflt HKEY_LOCAL_MACHINE\system\controlset002\services\ssmdrv HKEY_LOCAL_MACHINE\system\controlset004\services\avgio HKEY_LOCAL_MACHINE\system\controlset004\services\avgntflt HKEY_LOCAL_MACHINE\system\controlset004\services\eventlog\application\h+bedv antivir HKEY_LOCAL_MACHINE\system\controlset004\services\eventlog\system\avgntflt HKEY_LOCAL_MACHINE\system\controlset004\services\ssmdrv HKEY_LOCAL_MACHINE\system\currentcontrolset\services\avgio HKEY_LOCAL_MACHINE\system\currentcontrolset\services\avgntflt HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\h+bedv antivir HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\system\avgntflt HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ssmdrv HKEY_LOCAL_MACHINE\software\symantec\norton antivirus Could not be deleted! ---------------------- ---------------------- E relatorio do HJT (ainda sem o avira reinstalado) Logfile of HijackThis v1.99.1 Scan saved at 19:02, on 2009-10-30 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe F:\programas\adaw\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Multimedia Keyboard Driver\M-KbdDrv.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe C:\Arquivos de programas\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe F:\programas\firefox\firefox.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miguelmeuanjinho.blogspot.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file) O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [MutlimediaKbdDriver] C:\Arquivos de programas\Multimedia Keyboard Driver\M-KbdDrv.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ? O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\programas\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://www.oifotos.com/custom/send3/ImageUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191260282687 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.oifotos.com/lib/ImageUploader3.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\programas\adaw\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Context Manager Process Extension (cmpe) - Unknown owner - C:\WINDOWS\System32\cmpe.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: NBService - Nero AG - F:\programas\nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 31, 2009 Bom Dia! lilicatj <!> O relatório do RegistryCleaner,indicou também resquícios do Norton. <><><><><><><><><><><> <@> Baixe: < NortonRemovalTool > <@> Este produto irá remover arquivos ou entradas do Norton. ( Resquícios ) <><><><><><><><><><><> <!> Ps: Caso,ainda,tenha dificuldades na atualização do Avira,faça-o manualmente. <><><><><><><><><><><> <@> Baixe: < > ( IVDF Version: 7.01.06.118 ) <@> Salve-o no desktop ou Arquivos de programas. <2> External Mirror 2 - NT/2K/XP <3> External Mirror 3 - NT/2K/XP <@> Caso possua algum Firewall,pode desabilitá-lo. <@> Abra o Avira. <@> Clique na aba "Update" :seta: "Manual update...". <@> Busque para "Nome do arquivo": ivdf_fusebundle_nt_en <@> Deixe para "Arquivos do tipo": VDF Update File (ivdfbundle_nt_en_zip) <@> Clique em "Abrir" --> Aguarde! <@> Concluindo,clique OK. <@> Ps: Acompanhe sempre,o lançamento de novas versões: < Link > <@> Ps: A grande vantagem no update manual está na atualização do Avira fora da Internet,onde podemos gravar seu banco,em uma pendrive ou CDRom,passando-o para o computador em outro momento. <><><><><><><><><><><> <!> Poste um novo log do HijackThis e informe a situação da máquina. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
lilicatj 0 Denunciar post Postado Outubro 31, 2009 Olá DigRam Obrigada, consegui atualizar. Aqui, o relatório do avira: Avira AntiVir Personal Report file date: 2009-10-31 13:07 Scanning for 1851309 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 2) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : BRCC01 Version information: BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/aaaa 10:34:00 AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/aaaa 16:36:14 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/aaaa 13:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/aaaa 14:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/aaaa 13:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/aaaa 16:50:58 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/aaaa 16:50:58 ANTIVIR2.VDF : 7.1.6.160 5413376 Bytes 10/28/aaaa 16:41:44 ANTIVIR3.VDF : 7.1.6.173 71680 Bytes 10/30/aaaa 21:49:32 Engineversion : 8.2.1.53 AEVDF.DLL : 8.1.1.2 106867 Bytes 9/15/aaaa 18:58:02 AESCRIPT.DLL : 8.1.2.43 528764 Bytes 10/30/aaaa 16:38:32 AESCN.DLL : 8.1.2.5 127346 Bytes 9/3/aaaa 18:24:42 AERDL.DLL : 8.1.3.2 479604 Bytes 10/3/aaaa 01:15:48 AEPACK.DLL : 8.2.0.2 422263 Bytes 10/22/aaaa 18:50:06 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/17/aaaa 17:32:46 AEHEUR.DLL : 8.1.0.173 2064760 Bytes 10/28/aaaa 17:11:42 AEHELP.DLL : 8.1.7.0 237940 Bytes 9/3/aaaa 18:24:42 AEGEN.DLL : 8.1.1.70 364917 Bytes 10/28/aaaa 17:11:40 AEEMU.DLL : 8.1.1.0 393587 Bytes 10/3/aaaa 01:15:48 AECORE.DLL : 8.1.8.1 184693 Bytes 9/15/aaaa 18:57:58 AEBB.DLL : 8.1.0.3 53618 Bytes 10/15/aaaa 13:49:34 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/aaaa 11:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/aaaa 13:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/aaaa 17:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/aaaa 13:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/aaaa 18:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/aaaa 13:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/aaaa 18:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/aaaa 11:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/aaaa 13:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/aaaa 18:39:58 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/aaaa 13:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Arquivos de programas\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, E:, F:, G:, H:, I:, J:, N:, O:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: 2009-10-31 13:07 Starting search for hidden objects. '47951' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'wlcomm.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'RtWLan.exe' - '1' Module(s) have been scanned Scan process 'voipraider.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SeaPort.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 38 processes with 38 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] No virus was found! Boot sector 'G:\' [iNFO] No virus was found! Boot sector 'H:\' [iNFO] No virus was found! Boot sector 'I:\' [iNFO] No virus was found! Boot sector 'J:\' [iNFO] No virus was found! Boot sector 'N:\' [iNFO] No virus was found! Boot sector 'O:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '52' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Arquivos de programas\Internet Explorer\dll.exe [DETECTION] Is the TR/Drop.Agent.UQM Trojan Begin scan in 'D:\' <BRCC1> Begin scan in 'E:\' Begin scan in 'F:\' <PROGRAMAS> F:\programasBKP\BitComet_1\Downloads\Nero v7.2.3b + Keygen\Nero v7.2.3b + Keygen\nero7203keygen.exe [DETECTION] Is the TR/Spy.208101 Trojan F:\programas\hp\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\hpzglu12.exe [DETECTION] Contains recognition pattern of the ADWARE/Adware.Gen virus Begin scan in 'G:\' Begin scan in 'H:\' <LÍVIA-1> H:\VP\Tomar_Agua.txt [DETECTION] Is the TR/Agent.171008.I Trojan H:\programas\memories 4.1 e acessorios\memories 4.10\Crack & Keygen\keygen.exe [DETECTION] Is the TR/Spy.128512.B Trojan Begin scan in 'I:\' <BRCC3> Begin scan in 'J:\' <LÍVIA> Begin scan in 'N:\' Begin scan in 'O:\' Beginning disinfection: C:\Arquivos de programas\Internet Explorer\dll.exe [DETECTION] Is the TR/Drop.Agent.UQM Trojan [NOTE] The file was moved to '4b586925.qua'! F:\programasBKP\BitComet_1\Downloads\Nero v7.2.3b + Keygen\Nero v7.2.3b + Keygen\nero7203keygen.exe [DETECTION] Is the TR/Spy.208101 Trojan [NOTE] The file was moved to '4b5e691e.qua'! F:\programas\hp\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\hpzglu12.exe [DETECTION] Contains recognition pattern of the ADWARE/Adware.Gen virus [NOTE] The file was moved to '4b666929.qua'! H:\VP\Tomar_Agua.txt [DETECTION] Is the TR/Agent.171008.I Trojan [NOTE] The file was moved to '4b596929.qua'! H:\programas\memories 4.1 e acessorios\memories 4.10\Crack & Keygen\keygen.exe [DETECTION] Is the TR/Spy.128512.B Trojan [NOTE] The file was moved to '4b65691f.qua'! End of the scan: 2009-10-31 14:41 Used time: 1:32:26 Hour(s) The scan has been done completely. 13386 Scanned directories 382211 Files were scanned 5 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 5 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 382205 Files not concerned 3303 Archives were scanned 1 Warnings 6 Notes 47951 Objects were scanned with rootkit scan 0 Hidden objects were found --------------------------------------------- E o relatório do HJT: Logfile of HijackThis v1.99.1 Scan saved at 14:55, on 2009-10-31 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe F:\programas\adaw\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe C:\Arquivos de programas\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe F:\programas\firefox\firefox.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Documents and Settings\Lívia\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avcenter.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avscan.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\Explorer.EXE C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miguelmeuanjinho.blogspot.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file) O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [MutlimediaKbdDriver] C:\Arquivos de programas\Multimedia Keyboard Driver\M-KbdDrv.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lívia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ? O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\programas\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://www.oifotos.com/custom/send3/ImageUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191260282687 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.oifotos.com/lib/ImageUploader3.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\programas\adaw\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Context Manager Process Extension (cmpe) - Unknown owner - C:\WINDOWS\System32\cmpe.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: NBService - Nero AG - F:\programas\nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe Abraços Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 1, 2009 Boa Noite! lilicatj <@> Baixe: < TurnOffBonjour > <!> Mirror: < Link - 2 > ( Retire-o do zip! ) <@> Salve-o em Arquivos de programas. <@> Execute TurnOffBonjour.exe e reinicie,à seguir,o computador. <><><><><><><><><><> <!> Poste: HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
lilicatj 0 Denunciar post Postado Novembro 2, 2009 Boa noite, DigRam O relatório do HJT Logfile of HijackThis v1.99.1 Scan saved at 22:48, on 2009-11-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe F:\programas\adaw\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Multimedia Keyboard Driver\M-KbdDrv.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe C:\Documents and Settings\Lívia\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\Arquivos de programas\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe C:\WINDOWS\system32\wuauclt.exe F:\programas\firefox\firefox.exe C:\WINDOWS\Explorer.EXE C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miguelmeuanjinho.blogspot.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file) O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [MutlimediaKbdDriver] C:\Arquivos de programas\Multimedia Keyboard Driver\M-KbdDrv.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lívia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ? O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\programas\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://www.oifotos.com/custom/send3/ImageUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191260282687 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.oifotos.com/lib/ImageUploader3.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\programas\adaw\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Context Manager Process Extension (cmpe) - Unknown owner - C:\WINDOWS\System32\cmpe.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: NBService - Nero AG - F:\programas\nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe Abraços Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 2, 2009 Bom Dia! lilicatj <@> Abra o HijackThis,e dê Fix nestas entradas: R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file) O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) <@> Baixe: < > ( ...by OldTimer Tools ) <@> Salve-o no desktop e,execute-o aí mesmo! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX :Processes explorer.exe :Services :Files c:\arquivos de programas\bonjour\mdnsnsp.dll c:\arquivos de programas\bonjour :Reg :Commands [purity] [emptytemp] [start explorer] [Reboot] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta. <@> Ps: Área abaixo de "Paste Instructions for Items to be Moved". <@> Clique em MoveIt. <@> Na solicitação de reboot,confirme! --> Aguarde! <@> Terminando,verifique o conteúdo texto da pasta: C:\_OTM\MovedFiles <@> Copie e poste: C:\_OTM\MovedFiles\xxxx2009_xxxxxx.log <-- <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
lilicatj 0 Denunciar post Postado Novembro 2, 2009 Olá DigRam, bom dia! Aqui vão os LOGs OTM: All processes killed ========== PROCESSES ========== Process explorer.exe killed successfully! ========== SERVICES/DRIVERS ========== ========== FILES ========== c:\arquivos de programas\bonjour\mdnsNSP.dll unregistered successfully. c:\arquivos de programas\bonjour\mdnsNSP.dll moved successfully. c:\arquivos de programas\Bonjour moved successfully. ========== REGISTRY ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Bruno ->Temp folder emptied: 1354 bytes ->Temporary Internet Files folder emptied: 112094 bytes ->FireFox cache emptied: 37679003 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 49554 bytes User: Lívia ->Temp folder emptied: 198570558 bytes ->Temporary Internet Files folder emptied: 29617202 bytes ->Java cache emptied: 3953845 bytes ->FireFox cache emptied: 107081080 bytes ->Google Chrome cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 114667667 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1119633 bytes %systemroot%\System32 .tmp files removed: 7550873 bytes Windows Temp folder emptied: 266383 bytes RecycleBin emptied: 41224320 bytes Total Files Cleaned = 516.82 mb OTM by OldTimer - Version 3.0.0.6 log created on 11022009_095013 ------------------------------------------------------------------- Do HJT: Logfile of HijackThis v1.99.1 Scan saved at 10:13, on 2009-11-02 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe F:\programas\adaw\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe C:\Documents and Settings\Lívia\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\Arquivos de programas\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe F:\programas\firefox\firefox.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miguelmeuanjinho.blogspot.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [MutlimediaKbdDriver] C:\Arquivos de programas\Multimedia Keyboard Driver\M-KbdDrv.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lívia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ? O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\programas\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://www.oifotos.com/custom/send3/ImageUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191260282687 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.oifotos.com/lib/ImageUploader3.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\programas\adaw\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Context Manager Process Extension (cmpe) - Unknown owner - C:\WINDOWS\System32\cmpe.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: NBService - Nero AG - F:\programas\nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 3, 2009 Bom Dia! lilicatj <!> Como está a máquina? Ainda temos travamentos? <!> Porque seu Firefox não está na unidade C:\? <><><><><><><><><> <@> O arquivo,firefox.exe,está localizado em um diretório suspeito: F:\programas\firefox\firefox.exe <@> Usualmente,temos: C:\Arquivos de programas\Mozilla Firefox\firefox.exe <@> Façamos uma verificação em VirSCAN.org,para comprovação de alguma maliguinidade. <><><><><><><><><> <@> Submeta este ficheiro,abaixo,à uma análise em: < VirSCAN.org > <!> F:\programas\firefox\firefox.exe <@> Clique em "Enviar arquivo...". <@> Localizado o ficheiro,em seu PC,clique em "Upload" --> Aguarde! <@> Na mensagem,clique em: "Verificar novamente" <@> Concluindo,copie e envie-nos o link ao relatório. <@> Exemplo: Foi verificado o arquivo NodeRefresh.dll,cujo link ao relatório segue abaixo: <@> Link: --> < > <><><><><><><><> <@> Baixe: < JavaRa > <@> Dê um duplo-clique no JavaRa.exe --> Clique em Search For Updates. <@> Selecione a opção Update Using jucheck.exe --> Clique no botão Search. <@> Se estiver atualizado,receberá um aviso confirmando a última versão. <@> Caso contrário,aguarde a nova versão do Java ser baixada e instalada. <@> Clique no botão "Remove Older Versions" --> Aguarde! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
lilicatj 0 Denunciar post Postado Novembro 5, 2009 Olá DigRam Ainda tem travamentos sim... o pc trava e só reiniciando pra voltar. A unidade F foi criada pelo outro usuario do computador pra instalar programas. Por isso tem uma pasta do firefox por lá. Essa pasta F será eliminada. Eu quero diminuir o numero de partições no computador mas não sei como fazer. Aqui a análise do virscan: http://virscan.org/report/2557a8d96909d707618dd051f4663845.html Passei o JavaRa e eliminei as versões antigas. Envio o Log tb? Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 5, 2009 Boa Tarde! lilicatj Passei o JavaRa e eliminei as versões antigas.Envio o Log tb? <!> Não há necessidade! <><><><><><><><><><> <@> Baixe: < > ( ...by sUBs ) <!> Link-2 --> < ForoSpyware > <!> Link-3 --> < GeeksToGo > <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Ps: A execução,por comando,também é possível: <@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall <@> Clique em Ok. <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <@> Terminando,clique Sim ou Yes. --> Aguarde! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download. <!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link! <!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: <!> Ps: Anote essas detecções,e dê o OK. <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta! <!> Ps: Para evitar problemas,siga todas as recomendações propostas. <!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Para finalizar remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! <><><><><><><><><><> <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
lilicatj 0 Denunciar post Postado Novembro 10, 2009 Olá DigRam, boa noite. Desculpe a demora em voltar, tive problemas pra ligar o pc em casa. Seguem os relatórios: Combo Fix: ComboFix 09-11-08.03 - Lívia 2009-11-09 23:06.5.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1023.624 [GMT -2:00] Executando de: c:\documents and settings\Lívia\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\javaplugs.cpl c:\windows\system32\msnmss.dll c:\windows\system32\Zumb c:\windows\system32\Zumb\'asnovinhassemfrescura'@hotmail.com c:\windows\system32\Zumb\'kbuloso@sexy.com c:\windows\system32\Zumb\'scarlet'carolina@bol.com.br c:\windows\system32\Zumb\aninhacst100@gmail.com c:\windows\system32\Zumb\annaliepolastri@hotmail.com c:\windows\system32\Zumb\carlinha.amancio@hotmail.com c:\windows\system32\Zumb\cinthiakaren_duarte@hotmail.com c:\windows\system32\Zumb\claude.nissa@yahoo.com.br c:\windows\system32\Zumb\cristinasandra'@'gmail.com c:\windows\system32\Zumb\danialbcamargo c:\windows\system32\Zumb\deisegrohs@tca.com.br c:\windows\system32\Zumb\diane_17_day@hotmail.com c:\windows\system32\Zumb\dougie_vc@hotmail.com c:\windows\system32\Zumb\elcanibal.62 c:\windows\system32\Zumb\evertonborgesrs@hotmail.com c:\windows\system32\Zumb\evinha.adri@hotmail.com c:\windows\system32\Zumb\evinha_h'tinhapaulistinha@hotmail.com c:\windows\system32\Zumb\fernandogaucho2000@yahoo.com.br c:\windows\system32\Zumb\franciellylpz0@gmail.com c:\windows\system32\Zumb\guilherme.zahner@hotmail.br c:\windows\system32\Zumb\jennifer_firminok3@yahoo.com.br c:\windows\system32\Zumb\jjc.oliveira@ig.com.br c:\windows\system32\Zumb\jjjoseph21@yahoo.com.br c:\windows\system32\Zumb\jovemsu_carinhosa@hotmail.com c:\windows\system32\Zumb\katia_'colen'@hotmail.com c:\windows\system32\Zumb\laynara'fernandes@hotmail.com c:\windows\system32\Zumb\leandro199504@bol.com.br c:\windows\system32\Zumb\lili_annesantos@hotmail.com c:\windows\system32\Zumb\lilikreusch@hotmail.com c:\windows\system32\Zumb\litlecent@gmail.com c:\windows\system32\Zumb\mafiaazulfamilia@hotmail.com c:\windows\system32\Zumb\marcelo_7desetembro@hotmail.com c:\windows\system32\Zumb\mariana_monique13@yahoo.com.br c:\windows\system32\Zumb\marisson_p'kado@hotmail.com c:\windows\system32\Zumb\marlon_mexicanos@hotmail.com c:\windows\system32\Zumb\matheus13_m10@hotmail.com c:\windows\system32\Zumb\mauriciocamargoguarizzi@yahoo.com.br c:\windows\system32\Zumb\mcricardoliveira@hotmail.com c:\windows\system32\Zumb\nathlizier c:\windows\system32\Zumb\nilda_agape@hotmail.com c:\windows\system32\Zumb\nubinha417@hotmail.com c:\windows\system32\Zumb\os'desmantelado's_p.j.v.a@hotmail.com c:\windows\system32\Zumb\paty'xrp'@zipmail.com.br c:\windows\system32\Zumb\pv_bala@hotmail.com c:\windows\system32\Zumb\rogeradona@yahoo.com.br c:\windows\system32\Zumb\sandroclaber66@gmail.com c:\windows\system32\Zumb\sgtcmtpm@uol.com.br c:\windows\system32\Zumb\silvia.falco@terra.com.br c:\windows\system32\Zumb\thiagoweller@yahoo.com.br c:\windows\system32\Zumb\tiagohercules2009@hotmail.com c:\windows\system32\Zumb\williamseco1 c:\windows\winmem.ini . (((((((((((((((( Arquivos/Ficheiros criados de 2009-10-10 to 2009-11-10 )))))))))))))))))))))))))))) . 2009-11-08 02:28 . 2009-11-08 02:28 -------- d-----w- c:\arquivos de programas\CCleaner 2009-11-05 17:47 . 2009-11-05 17:50 -------- d-----w- C:\Downloads 2009-11-05 17:46 . 2009-11-05 17:46 -------- d-----w- c:\arquivos de programas\vSoft 2009-11-05 14:50 . 2009-11-05 14:50 -------- d-----w- C:\javaRa 2009-11-05 01:38 . 2009-11-09 23:46 -------- d-s---w- c:\documents and settings\L\My Pando Packages 2009-11-05 01:38 . 2009-11-05 01:38 -------- d-----w- c:\documents and settings\L 2009-11-02 21:20 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2009-11-02 21:20 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2009-11-02 21:20 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2009-11-02 21:20 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2009-11-02 21:20 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2009-11-02 19:49 . 2009-11-02 19:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SlySoft 2009-11-02 19:49 . 2009-11-02 19:49 -------- d-----w- c:\arquivos de programas\SlySoft 2009-11-02 17:27 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-11-02 17:22 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-11-02 17:22 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-11-02 17:22 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe 2009-11-02 17:22 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-11-02 17:22 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-11-02 17:22 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-11-02 17:22 . 2009-06-25 08:27 732672 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-11-02 17:22 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-11-02 17:22 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-11-02 17:17 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-11-02 17:16 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-11-02 17:15 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-11-02 17:14 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-11-02 17:12 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-11-02 17:11 . 2009-08-04 17:27 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-11-02 17:11 . 2009-08-04 17:27 2070272 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-11-02 17:11 . 2009-08-04 17:27 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-11-02 17:07 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-11-02 16:44 . 2009-11-02 16:44 -------- d-----w- c:\windows\l2schemas 2009-11-02 11:50 . 2009-11-02 11:50 -------- d-----w- C:\_OTM 2009-11-02 11:47 . 2009-11-02 11:47 -------- d-----w- C:\backups 2009-11-02 02:28 . 2009-11-02 02:30 -------- d-----w- c:\arquivos de programas\royaltheme 2009-11-02 01:12 . 2008-04-14 02:20 69120 ------w- c:\windows\system32\wlanapi.dll 2009-11-02 01:12 . 2008-04-14 02:20 53248 ------w- c:\windows\system32\tsgqec.dll 2009-11-02 01:12 . 2008-04-14 02:20 50688 ------w- c:\windows\system32\tspkg.dll 2009-11-02 01:11 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys 2009-11-02 01:11 . 2008-04-14 02:21 32768 ------w- c:\windows\system32\setupn.exe 2009-11-02 01:11 . 2008-04-14 02:20 290304 ------w- c:\windows\system32\rhttpaa.dll 2009-11-02 01:11 . 2008-04-14 02:20 61952 ------w- c:\windows\system32\rasqec.dll 2009-11-02 01:11 . 2008-04-14 02:20 76800 ------w- c:\windows\system32\qutil.dll 2009-11-02 01:11 . 2008-04-14 02:20 62464 ------w- c:\windows\system32\qcliprov.dll 2009-11-02 01:11 . 2008-04-14 02:20 292864 ------w- c:\windows\system32\qagentrt.dll 2009-11-02 01:11 . 2008-04-14 02:20 150528 ------w- c:\windows\system32\qagent.dll 2009-11-02 01:11 . 2008-04-14 02:20 144896 ------w- c:\windows\system32\onex.dll 2009-11-02 01:10 . 2008-04-14 02:21 176640 ------w- c:\windows\system32\napstat.exe 2009-11-02 01:10 . 2008-04-14 02:20 30208 ------w- c:\windows\system32\napipsec.dll 2009-11-02 01:10 . 2008-04-14 02:20 198656 ------w- c:\windows\system32\napmontr.dll 2009-11-02 01:10 . 2008-09-10 01:15 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll 2009-11-02 01:10 . 2008-04-14 01:58 86016 -c----w- c:\windows\system32\dllcache\msxml6r.dll 2009-11-02 01:10 . 2008-04-14 02:20 155136 ------w- c:\windows\system32\mssha.dll 2009-11-02 01:10 . 2008-04-14 01:57 80896 ------w- c:\windows\system32\msshavmsg.dll 2009-11-02 01:08 . 2008-04-14 02:20 94720 ------w- c:\windows\system32\eappgnui.dll 2009-11-02 00:41 . 2009-11-01 12:54 35416 ----a-w- c:\arquivos de programas\TurnOffBonjour.exe 2009-10-31 14:26 . 2009-10-31 14:26 -------- d-----w- c:\arquivos de programas\ivdf 2009-10-31 13:21 . 2009-03-30 12:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-10-31 13:21 . 2009-02-13 14:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-10-31 13:21 . 2009-02-13 14:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-10-31 13:21 . 2009-10-31 13:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2009-10-31 13:21 . 2009-10-31 13:21 -------- d-----w- c:\arquivos de programas\Avira 2009-10-29 19:35 . 2009-07-28 18:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-29 19:13 . 2009-10-29 19:13 -------- d-----w- c:\arquivos de programas\regcleaner 2009-10-29 02:01 . 2009-10-29 17:10 -------- d-----w- c:\arquivos de programas\avz4 2009-10-23 16:58 . 2009-10-23 16:57 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-21 22:41 . 2009-10-21 22:41 -------- d-----w- c:\arquivos de programas\Seesmic Desktop 2009-10-17 04:27 . 2009-10-17 04:27 -------- d-----w- c:\arquivos de programas\Braunweb Solutions 2009-10-17 00:29 . 2009-10-17 00:29 -------- d-----w- c:\arquivos de programas\Microsoft Office Outlook Connector 2009-10-17 00:28 . 2009-10-17 00:28 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework 2009-10-17 00:28 . 2009-10-17 00:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-10-17 00:24 . 2009-10-17 00:29 -------- d-----w- c:\arquivos de programas\Microsoft . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-05 19:02 . 2008-10-02 15:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2009-11-05 19:02 . 2008-10-02 16:06 -------- d-----w- c:\arquivos de programas\Microsoft Works 2009-11-05 14:51 . 2007-10-23 04:56 -------- d-----w- c:\arquivos de programas\Java 2009-11-04 08:19 . 2002-09-11 12:00 80418 ----a-w- c:\windows\system32\perfc016.dat 2009-11-04 08:19 . 2002-09-11 12:00 472064 ----a-w- c:\windows\system32\perfh016.dat 2009-11-03 12:15 . 2007-12-20 00:07 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2009-10-31 13:01 . 2007-10-01 01:14 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared 2009-10-29 18:40 . 2009-07-15 13:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab 2009-10-29 18:40 . 2009-07-15 13:34 -------- d-----w- c:\arquivos de programas\Kaspersky Lab 2009-10-27 10:07 . 2008-01-07 00:05 -------- d-----w- c:\arquivos de programas\lx_cats 2009-10-22 14:49 . 2009-02-07 01:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR 2009-10-22 14:48 . 2009-08-05 13:25 38208 ----a-w- c:\documents and settings\Default User\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-10-17 00:29 . 2007-12-20 00:07 -------- d-----w- c:\arquivos de programas\Windows Live 2009-10-14 19:21 . 2009-08-25 23:36 -------- d-----w- c:\arquivos de programas\BancoCalorias 2009-10-08 02:16 . 2009-10-08 02:14 -------- d-----w- c:\arquivos de programas\REALTEK USB Wireless LAN Driver and Utility 2009-10-08 02:15 . 2009-10-08 02:15 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-10-08 02:15 . 2007-10-07 23:06 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2009-09-11 14:19 . 2002-09-11 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:04 . 2002-09-11 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:57 . 2006-06-23 16:27 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:15 . 2002-09-11 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-18 02:33 . 2009-08-18 02:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2007-10-04 22:34 . 2007-10-04 22:24 88 --sh--r- c:\windows\system32\42325A4885.sys 2008-03-10 02:05 . 2007-10-04 22:24 3818 -csha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2006-10-19 00:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [7] 2004-08-04 07:45 . 2E693831AF9D63784F96018CE4E41897 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [7] 2004-08-04 07:45 . 2E693831AF9D63784F96018CE4E41897 . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Lívia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-08-08 133104] "Pando"="c:\arquivos de programas\Pando Networks\Pando\Pando.exe" [2009-11-05 4055224] "VoipRaider"="c:\arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" [2009-08-23 9065264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-23 149280] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ REALTEK USB Wireless LAN Utility.lnk - c:\arquivos de programas\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe [2009-10-8 790528] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Arquivos de programas\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"= "c:\\Arquivos de programas\\VoipRaider.com\\VoipRaider\\VoipRaider.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= "f:\\programas\\FrostWire\\FrostWire.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Documents and Settings\\Lívia\\Configurações locais\\temp\\7zS30.tmp\\SymNRT.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Pando Networks\\Pando\\Pando.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17188:TCP"= 17188:TCP:BitComet 17188 TCP "17188:UDP"= 17188:UDP:BitComet 17188 UDP "58391:TCP"= 58391:TCP:Pando P2P TCP Listening Port "58391:UDP"= 58391:UDP:Pando P2P UDP Listening Port "58863:TCP"= 58863:TCP:Pando P2P TCP Listening Port "58863:UDP"= 58863:UDP:Pando P2P UDP Listening Port "57569:TCP"= 57569:TCP:Pando P2P TCP Listening Port "57569:UDP"= 57569:UDP:Pando P2P UDP Listening Port "58289:TCP"= 58289:TCP:Pando "58289:UDP"= 58289:UDP:Pando R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-10-31 108289] R2 BT878;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT878.SYS [2007-10-07 99334] R2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\BTTUNER.SYS [2007-10-07 21824] R2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\BTXBAR.SYS [2007-10-07 12796] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-10-08 38144] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-06-10 31232] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2009-10-02 223616] S2 cmpe;Context Manager Process Extension;c:\windows\System32\cmpe.exe --> c:\windows\System32\cmpe.exe [?] S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?] S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys --> c:\windows\system32\DRIVERS\snp325.sys [?] S4 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático; [x] --- =Outros Serviços/Drivers Na Memória --- *NewlyCreated* - MBR *NewlyCreated* - PROCEXP113 *Deregistered* - mbr *Deregistered* - PROCEXP113 . Conteúdo da pasta 'Tarefas Agendadas' 2009-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34] 2009-11-10 c:\windows\Tasks\User_Feed_Synchronization-{85B8E9AE-A5B1-4B97-866E-8481165590FD}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://miguelmeuanjinho.blogspot.com/ uInternet Settings,ProxyOverride = *.local IE: Baixar link usando &BitComet - f:\programas\BitComet\BitComet.exe/AddLink.htm IE: Baixar todos os links usando BitComet - f:\programas\BitComet\BitComet.exe/AddAllLink.htm IE: Baixar todos os vídeos usando BitComet - f:\programas\BitComet\BitComet.exe/AddVideo.htm IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Lívia\Dados de aplicativos\Mozilla\Firefox\Profiles\zu89hb85.default\ FF - prefs.js: browser.startup.homepage - hxxp://miguelmeuanjinho.blogspot.com FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\Lívia\Dados de aplicativos\Mozilla\Firefox\Profiles\zu89hb85.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: f:\programas\firefox\plugins\np-mswmp.dll FF - plugin: f:\programas\firefox\plugins\npPandoWebInst.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin2.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin3.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin4.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin5.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin6.dll FF - plugin: f:\programas\QuickTime\Plugins\npqtplugin7.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-09 23:15 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x868188A0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x868188a0 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2] @DACL=(02 0000) @SACL= [HKEY_LOCAL_MACHINE\software\Symantec\Norton AntiVirus\LastScan] @DACL=(02 0000) "SystemTime"=hex:d7,07,0a,00,00,00,12,00,02,00,0c,00,31,00,00,00 [HKEY_LOCAL_MACHINE\software\Symantec\SharedDefs\MicroDefs] @DACL=(02 0000) "LastBinUpdate"=hex:01,00,00,00 "LastTextUpdate"=hex:01,00,00,00 [HKEY_LOCAL_MACHINE\software\Symantec\SharedDefs\SymcData-ids-diskless\MicroDefs] @DACL=(02 0000) "LastBinUpdate"=hex:01,00,00,00 [HKEY_LOCAL_MACHINE\software\Symantec\SharedDefs\SymcData-idsdefs\MicroDefs] @DACL=(02 0000) "LastBinUpdate"=hex:01,00,00,00 . Tempo para conclusão: 2009-11-10 23:19 ComboFix-quarantined-files.txt 2009-11-10 01:19 Pré-execução: 1,349,566,464 bytes disponíveis Pós execução: 1,522,372,608 bytes disponíveis - - End Of File - - C9627161EB2B016DCFDAD53E5D892A90 E do HJT: Logfile of HijackThis v1.99.1 Scan saved at 23:32, on 2009-11-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe F:\programas\adaw\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Pando Networks\Pando\Pando.exe C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe C:\Documents and Settings\Lívia\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\Arquivos de programas\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe F:\programas\firefox\firefox.exe C:\WINDOWS\explorer.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://miguelmeuanjinho.blogspot.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Lexmark Barra de ferramentas - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Arquivos de programas\Lexmark Toolbar\toolband.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Lívia\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Pando] C:\Arquivos de programas\Pando Networks\Pando\Pando.exe /Minimized O4 - HKCU\..\Run: [VoipRaider] "C:\Arquivos de programas\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ? O8 - Extra context menu item: Baixar link usando &BitComet - res://F:\programas\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Baixar todos os links usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://F:\programas\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://www.oifotos.com/custom/send3/ImageUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191260282687 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://www.oifotos.com/lib/ImageUploader3.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\programas\adaw\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Context Manager Process Extension (cmpe) - Unknown owner - C:\WINDOWS\System32\cmpe.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: NBService - Nero AG - F:\programas\nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 10, 2009 Bom Dia! lilicatj <!> Desinstale: F:\programas\BitComet <><><><><><><><><><><> <@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas. <@> Salve-o,no Desktop,com o nome: CFScript.txt RegLock::[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup] [HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2] RegLockDel:: [HKEY_LOCAL_MACHINE\software\Symantec\Norton AntiVirus\LastScan] [HKEY_LOCAL_MACHINE\software\Symantec\SharedDefs\MicroDefs] [HKEY_LOCAL_MACHINE\software\Symantec\SharedDefs\SymcData-ids-diskless\MicroDefs] [HKEY_LOCAL_MACHINE\software\Symantec\SharedDefs\SymcData-idsdefs\MicroDefs] Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] [-HKEY_LOCAL_MACHINE\software\Symantec] File:: F:\programas\BitComet\tools\BitCometBHO_1.1.8.30.dll F:\programas\BitComet\BitComet.exe c:\windows\system32\42325A4885.sys Folder:: F:\programas\BitComet\tools F:\programas\BitComet Driver:: "Agendador do LiveUpdate automático" "42325A4885" <@> Ps: É recomendável que esteja desconectado,ao rodar o script. <@> Ps: Desabilite,temporariamente,seu antivírus. <@> Ps: Não utilizem este script em outra máquina! <@> Arraste,o CFScript.txt para o ícone/interior do ComboFix. <@> Veja a demonstração! <@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix. <@> Ps: Faça o arraste,até surgir essa solicitação! ( janela ) <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
lilicatj 0 Denunciar post Postado Novembro 10, 2009 Bom dia, DigRam!! O bitcomet não está instalado, pelo menos não aparece na lista de programas. Posso deletar a pasta manualmente? Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Novembro 10, 2009 Bom dia, DigRam!! O bitcomet não está instalado, pelo menos não aparece na lista de programas. Posso deletar a pasta manualmente? Abraços! <><><><><><><><> Opa! lilicatj <!> O ideal é buscar a desinstalação,pelo seu arquivo desinstalador,denominado uninstall.exe. <!> Abra a pasta do BitComet e,localizando esse arquivo,execute-o com um duplo-clique. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
