[Resolvido!] virus e vários antivirus

[helder85 0]

boas, chamo-me hélder e sou de portugal, encontrei o vosso site por uma pesquisa no google derivado aos problemas que estou a ter no meu pc, e desde já os meus parabéns porque a partir de um tópico daqui acho que resolvi o meu problema, mas para ficar tranquilo, vou deixar aqui o meu testemunho e se algo tiver errado agradecia que me ajudassem...

 

na semana passada o meu antivírus (AVG) detectou 2 cavalos de troia um SHeur2 e um generic, mas então eu saquei o malaware e fiz scan e quando reiniciei o pc tava tudo ok, o AVG já não detectava nada, mas ontem apareceu-me + 2 um deles era qualquer coisa como c\restore, não me recordo, e o outro era um trojan protector, então através de uma pesquisa vi aqui no forum um exemplo parecido e segui o esquema, comecei pelo malaware, de seguida o superantispyware e então depois o kapersky que no final deste ao reiniciar o pc o AVG já não detectou nada, eu quero saber se o meu pc está limpo ou se tenho que instalar o avenger ou o combofix para saber se o pc está mesmo limpo, e já agora gostava de saber qual antivirus deixo no pc, porque actualmente tenho o AVG, malaware, o superantispyware e o kapersky, sei que está mal, mas gostava de saber qual o melhor e qual devo deixar ficar, já agora aqui fica as caraterísticas do meu pc... core 2 duo 3.0hz, gráfica asus 1gb disco 500gb 4gb ddr2 motherboard asus...

 

cumprimentos helder

[wings 22]

Boa noite helder85

 

Você paga a licença para uso do Kaspersky?

[helder85 0]

não, eu saquei a partir de um link aqui do fórum.

[wings 22]

Por acaso é o Kaspersky Virus Removal Tool?

 

*Baixe o HijackThis e salve-o em Meus Documentos

*Instale-o

*Execute-o através do ícone criado no desktop

*Clique em [Do a system scan and save a logfile].

*Cole o relatório aqui no fórum

[helder85 0]

é esse mesmo... eu vou então sacar e depois deixo aqui o log.

[helder85 0]

é esse mesmo... eu vou então sacar e depois deixo aqui o log.

 

EDIT: aqui está o relatório...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:42:15, on 03-12-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\RaMaint.exe

C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\LogMeIn.exe

C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\LMIGuardian.exe

C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programas\Realtek\Diagnostics Utility\8169Diag.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\LogMeInSystray.exe

C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\LMIGuardian.exe

C:\Programas\Nokia\Nokia Software Launcher\NSLauncher.exe

C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Ficheiros comuns\LightScribe\LightScribeControlPanel.exe

C:\Programas\Windows Live\Messenger\msnmsgr.exe

C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Programas\Logitech\SetPoint\SetPoint.exe

C:\Programas\Ficheiros comuns\Logishrd\KHAL2\KHALMNPR.EXE

C:\Programas\PC Connectivity Solution\ServiceLayer.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14672&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programas\IsoBuster\tbIso0.dll

R3 - URLSearchHook: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Programas\Eazel-PR\tbEaz1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programas\IsoBuster\tbIso0.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Programas\Eazel-PR\tbEaz1.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programas\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programas\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programas\IsoBuster\tbIso0.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Programas\Eazel-PR\tbEaz1.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programas\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [startCCC] "C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HDAudDeck] C:\Programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [8169Diag] C:\Programas\Realtek\Diagnostics Utility\8169Diag.exe /hw

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [iso data fast cast] C:\Documents and Settings\All Users\Application Data\save time iso data\remote user.exe

O4 - HKLM\..\Run: [NSLauncher] C:\Programas\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

O4 - HKLM\..\Run: [McRegWizz] C:\WINDOWS\system32\McRegWizz.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHEI~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programas\Ficheiros comuns\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Programas\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: setup_9.0.0.722_03.12.2009_09-34.lnk = C:\Documents and Settings\Helder\Ambiente de trabalho\Virus Removal Tool\setup_9.0.0.722_03.12.2009_09-34\startup.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programas\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programas\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &Search - ?p=ZNfox000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\PokerTimeMPP\MPPoker.exe (file missing) (HKCU)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233258250686

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/flashax.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Serviço Google Update (gupdate1c9b500696743d4) (gupdate1c9b500696743d4) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programas\Ficheiros comuns\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\LogMeIn.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Programas\Ficheiros comuns\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 13557 bytes

[wings 22]

1.

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe e instale o programa.

*Duplo clique no ícone criado no desktop e clique em [Oui]

*Tecle L > [ENTER]

 

2.

*Desinstale o Kaspersky Virus Removal Tool

 

Este programa, embora seja gratuito, é atualizado quase que diariamente. Logo, se você usou há dois dias atrás praticamente já estará desatualizado.

 

3.

*Desative seu antivírus temporariamente

 

Iniciar > Programas > AVG > AVG Control Center > Proteção Residente do AVG > Desative a opção Ativar a Proteção Residente do AVG > OK

*Acesse o link abaixo e faça um scan online

http://www.eset.com/onlinescan/index.php

*Clique em [Yes] > [start]

*Instale o controle ActiveX: OnlineScanner.cab e na tela seguinte clique em [start]

*Marque as duas opções de scan (Remove found threats e Scan unwanted applications)

*Clique em [scan]

*Ao término cole os relatórios criados em C:\Arquivos de programas\EsetOnlineScanner\log e em C:\Ad-Report-CLEAN.log

[helder85 0]

como desactivo o AVG?, não tem a opção AVG control center, ao abrir programas>AVG> só me aparece AVG tray icon, AVG user interface e desinstalar o AVG... já agora fica aqui o relatório do AD-Remover..

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_D | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 03.12.2009 at 20:53

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 21:04:56, 03-12-2009 | Normal Boot | Option: CLEAN

Executed from: C:\Programas\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 VersÆo 5.1.2600

Computer Name: CASA | Current user: Helder

.

============== NEUTRALIZED ELEMENT(S) ==============

.

 

C:\DOCUME~1\Helder\APPLIC~1\DesktopIcon

C:\DOCUME~1\Helder\APPLIC~1\Mozilla\Firefox\Profiles\38lgtm0k.default\extensions\toolbar@ask.com

C:\DOCUME~1\Helder\APPLIC~1\Mozilla\Firefox\Profiles\38lgtm0k.default\searchplugins\askcom.xml

C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

C:\Programas\Ask.com

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

C:\DOCUME~1\Helder\AMBIEN~1\empire\extra\dxwebsetup.exe

C:\DOCUME~1\Helder\APPLIC~1\Microsoft\Internet Explorer\Quick Launch\Ebay.lnk

C:\DOCUME~1\Helder\MENUIN~1\Ebay.lnk

C:\DOCUME~1\Helder\Cookies\helder@ask[2].txt

 

(!) -- Temp files deleted.

 

.

HKCU\software\appdatalow\AskBarDis

HKCU\software\appdatalow\AskHomepage

HKCU\software\Ask.com

HKCU\software\AskToolbar

HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKCU\software\SweetIM

HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

HKLM\software\classes\appid\GenericAskToolbar.DLL

HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\software\classes\GenericAskToolbar.ToolbarWnd

HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1

HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

HKLM\software\SweetIM

HKLM\software\Trymedia Systems

.

============== Added scan ==============

.

.

* Mozilla FireFox Version 3.5.5 [pt-PT] *

.

ProfilePath: 38lgtm0k.default (Helder)

.

(Helder, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Helder\Os meus documentos\As minhas imagens

(Helder, prefs.js) Browser.search.defaultenginename, Ask.com

(Helder, prefs.js) Browser.search.defaulturl, hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

(Helder, prefs.js) Browser.search.selectedEngine, Ask.com

(Helder, prefs.js) Browser.startup.homepage, hxxp://www.google.pt/

.

(Helder, prefs.js) ERASED - Browser.search.defaultengine, Ask.com

(Helder, prefs.js) ERASED - Browser.search.defaultenginename, Ask.com

(Helder, prefs.js) ERASED - Browser.search.order.1, Ask.com

(Helder, prefs.js) ERASED - Browser.search.selectedEngine, Ask.com

(Helder, prefs.js) ERASED - Extensions.asktb.cbid, T8

(Helder, prefs.js) ERASED - Extensions.asktb.default-channel-url-mask, hxxp://eu.ask.com/web?qsrc={qsrc}&o={o}&l={l}&q={query}&dm=all

(Helder, prefs.js) ERASED - Extensions.asktb.fresh-install, false

(Helder, prefs.js) ERASED - Extensions.asktb.l, dis

(Helder, prefs.js) ERASED - Extensions.asktb.last-config-req, 1259823166607

(Helder, prefs.js) ERASED - Extensions.asktb.locale, pt_EU

(Helder, prefs.js) ERASED - Extensions.asktb.o, 14670

(Helder, prefs.js) ERASED - Extensions.asktb.options-lang, pt

(Helder, prefs.js) ERASED - Extensions.asktb.options-locale, UK

(Helder, prefs.js) ERASED - Extensions.asktb.overlay-reloaded-using-restart, true

(Helder, prefs.js) ERASED - Extensions.asktb.qsrc, 2871

(Helder, prefs.js) ERASED - Extensions.asktb.r, 8

(Helder, prefs.js) ERASED - Extensions.enabledItems, toolbar@ask.com:3.4.0.464,DTToolbar@toolbarnet.com:1.0.7.0088,{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1,{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}:5.2.3.7,{20a82645-c095-46ed-80e3-08825760534b}:1.1,secureLogin@blueimp.net:0.9.3,{29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009050101,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

(Helder, prefs.js) ERASED - Keyword.URL, hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=pt_EU&q=

.

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Start Page: hxxp://fr.msn.com/

Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

Search Bar: hxxp://search.msn.com/spbasic.htm

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Helder\Os meus documentos\Downloads\AGE OF EMPIRES 3\Crack\age3.exe

C:\Documents and Settings\SimÆo\Ambiente de trabalho\Os meus documentos\Jogos\Need For Speed Most Wanted (MULTI 9-LANGUAGE SELECTOR) (PC) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]\Need For Speed Most Wanted.rar

C:\Documents and Settings\SimÆo\Ambiente de trabalho\Os meus documentos\Jogos\Need For Speed Most Wanted (MULTI 9-LANGUAGE SELECTOR) (PC) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]\Need For Speed Most Wanted\eauninstall.exe

C:\Documents and Settings\SimÆo\Ambiente de trabalho\Os meus documentos\Jogos\Need For Speed Most Wanted (MULTI 9-LANGUAGE SELECTOR) (PC) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]\Need For Speed Most Wanted\makeDesktopIcon.exe

C:\Documents and Settings\SimÆo\Ambiente de trabalho\Os meus documentos\Jogos\Need For Speed Most Wanted (MULTI 9-LANGUAGE SELECTOR) (PC) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]\Need For Speed Most Wanted\Need For Speed Most Wanted.exe

C:\Documents and Settings\SimÆo\Ambiente de trabalho\Os meus documentos\Jogos\Need For Speed Most Wanted (MULTI 9-LANGUAGE SELECTOR) (PC) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]\Need For Speed Most Wanted\safemode_inst.exe

C:\Documents and Settings\SimÆo\Ambiente de trabalho\Os meus documentos\Jogos\Need For Speed Most Wanted (MULTI 9-LANGUAGE SELECTOR) (PC) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]\Need For Speed Most Wanted\shell_inst.exe

C:\Documents and Settings\SimÆo\Ambiente de trabalho\Os meus documentos\Jogos\Need For Speed Most Wanted (MULTI 9-LANGUAGE SELECTOR) (PC) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]\Need For Speed Most Wanted\Support\EasyInfo.exe

C:\Documents and Settings\SimÆo\Ambiente de trabalho\Os meus documentos\Jogos\Need For Speed Most Wanted (MULTI 9-LANGUAGE SELECTOR) (PC) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]\Need For Speed Most Wanted\Support\EReg.exe

C:\Documents and Settings\SimÆo\Ambiente de trabalho\Os meus documentos\Jogos\Need For Speed Most Wanted (MULTI 9-LANGUAGE SELECTOR) (PC) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]\Need For Speed Most Wanted\Support\Need for Speed Most Wanted_code.exe

C:\Documents and Settings\SimÆo\Ambiente de trabalho\Os meus documentos\Jogos\Need For Speed Most Wanted (MULTI 9-LANGUAGE SELECTOR) (PC) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]\Need For Speed Most Wanted\Support\Need for Speed Most Wanted_uninst.exe

C:\Documents and Settings\SimÆo\Application Data\uTorrent\Adobe Photoshop CS4 +Keygen v3.0.152a.rar.torrent

C:\Documents and Settings\SimÆo\Application Data\uTorrent\Need For Speed Carbon [FULL] + Crack.1.torrent

C:\Documents and Settings\SimÆo\Application Data\uTorrent\Need For Speed Carbon [FULL] + Crack.torrent

C:\Documents and Settings\SimÆo\Application Data\uTorrent\Need For Speed Carbon ISO PCDVD + Patch By Carisma999.torrent

C:\Documents and Settings\SimÆo\Application Data\uTorrent\Need For Speed Most Wanted (MULTI 9-LANGUAGE SELECTOR) (PC) (ALREADY CRACKED) (DIRECT PLAY) [blaze69].torrent

C:\Documents and Settings\SimÆo\Application Data\uTorrent\Need.For.Speed.Most.Wanted.[ENG]PC.DVD[.ISO].[.NFO].Keygen & Crack.torrent

C:\Documents and Settings\SimÆo\Application Data\uTorrent\NFS CARBONO + CRACK.torrent

C:\Documents and Settings\SimÆo\Application Data\uTorrent\Worms 3D (complete with cracks and service patch).1.torrent

C:\Documents and Settings\SimÆo\Application Data\uTorrent\Worms 3D (complete with cracks and service patch).torrent

C:\Documents and Settings\SimÆo\Os meus documentos\Downloads\programas\VSO\Crack\ConvertXtoDvd.exe

C:\Documents and Settings\SimÆo\Os meus documentos\Downloads\programas\VSO\Crack\Keygen.02.exe

.

===================================

.

10113 Byte(s) - C:\Ad-Report-CLEAN[1].log

.

0 File(s) - C:\DOCUME~1\Helder\DEFINI~1\Temp

0 File(s) - C:\WINDOWS\Temp

.

18 File(s) - C:\Programas\Ad-Remover\BACKUP

84 File(s) - C:\Programas\Ad-Remover\QUARANTINE

.

End at: 21:18:36 | 03-12-2009 - CLEAN[1]

.

============== E.O.F ==============

.

[wings 22]

Bom dia helder85

 

 

1.

*Execute novamente o AD-Remover

*Tecle D > [ENTER]

 

Para desativar a proteção residente faça:

 

Iniciar > Programas > AVG

Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

[helder85 0]

aqui está o log do ESET...

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=48311f423aab234ba5e5f3904208c394

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-12-04 08:02:48

# local_time=2009-12-04 08:02:48 (+0000, Hora padrão de GMT)

# country="Portugal"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 85475 85475 0 0

# compatibility_mode=1024 16777191 100 0 26699861 26699861 0 0

# compatibility_mode=8192 67108863 100 0 3719 3719 0 0

# scanned=10811

# found=1

# cleaned=1

# scan_time=2232

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoShoppingReport9.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=48311f423aab234ba5e5f3904208c394

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-12-04 09:54:10

# local_time=2009-12-04 09:54:10 (+0000, Hora padrão de GMT)

# country="Portugal"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 87775 87775 0 0

# compatibility_mode=1024 16777191 100 0 26702161 26702161 0 0

# compatibility_mode=8192 67108863 100 0 6019 6019 0 0

# scanned=104155

# found=7

# cleaned=7

# scan_time=6615

C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\FFSetup190.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Simão\Definições locais\Temp\78ad2fb3-bdd0-4695-b2e2-a97e345f2956.tmp a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Simão\Definições locais\Temp\aTube_Catcher_Installer.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Simão\Os meus documentos\Transferências\aTube_Catcher_Installer.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Poker\William Hill POKER CLUB\_SetupPoker(2).exe a variant of Win32/PTCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\autorun.inf INF/Autorun.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\dllcache\atapi.sys a variant of Win32/Kryptik.ABX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

[wings 22]

Bom dia helder85

 

 

1.

*Delete a pasta C:\Arquivos de programas\EsetOnlineScanner

 

2.

*Desative temporariamente seu antivírus

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix irá continuar o processo automaticamente. Caso não esteja uma janela, conforme abaixo, será aberta. Aceite a instalação do mesmo.

 

*Após a instalação, clique em [sim] para continuar.

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

[helder85 0]

boas, aqui está o relatório do combofix...

 

ComboFix 09-12-04.04 - Helder 05-12-2009 13:18.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.2070.18.3583.3087 [GMT 0:00]

Executando de: c:\documents and settings\Helder\Os meus documentos\Transferências\ComboFix.exe

AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\CabLogs\Logs.CAB

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-07-16_20-31_1390-kwjqf8z5.log

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-07-16_20-36_1174-wpab8zz1.log

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-07-16_20-36_ba4-en80sbsl.log

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-07-16_20-37_1278-td2i4hq6.log

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-07-17_17-06_f08-m49i6aw3.log

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-07-17_17-08_298-zx7lb9fm.log

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-07-17_17-12_978-som7dka0.log

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-09-05_17-08_1104-8rpseo45.log

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-09-05_17-23_9e0-m0q6w2p8.log

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-09-27_00-35_8e0-uxu8cu3f.log

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-09-27_00-40_cbc-adv551rw.log

c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\wlt4.tmp

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

C:\install.exe

c:\programas\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll

c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-05 to 2009-12-05 ))))))))))))))))))))))))))))

.

 

2009-12-04 07:42 . 2009-12-04 07:42 -------- d-----w- c:\programas\CCleaner

2009-12-03 21:04 . 2009-12-05 04:33 -------- d-----w- c:\programas\Ad-Remover

2009-12-03 20:41 . 2009-12-03 20:41 -------- d-----w- c:\programas\Trend Micro

2009-12-03 07:13 . 2009-12-03 07:13 117760 ----a-w- c:\documents and settings\Helder\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-12-03 07:12 . 2009-12-03 07:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-03 07:11 . 2009-12-03 07:11 -------- d-----w- c:\programas\SUPERAntiSpyware

2009-12-03 07:11 . 2009-12-03 07:11 -------- d-----w- c:\documents and settings\Helder\Application Data\SUPERAntiSpyware.com

2009-12-03 07:11 . 2009-12-03 07:11 -------- d-----w- c:\programas\Ficheiros comuns\Wise Installation Wizard

2009-12-02 18:32 . 2009-12-02 18:32 -------- d-----w- c:\programas\Veetle

2009-11-30 01:23 . 2009-11-30 01:23 -------- d-----w- c:\documents and settings\Helder\Application Data\Malwarebytes

2009-11-30 01:23 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-30 01:23 . 2009-11-30 01:23 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware

2009-11-30 01:23 . 2009-11-30 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-30 01:23 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-29 18:19 . 2009-11-29 18:18 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-11-29 18:16 . 2009-11-30 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-11-28 20:23 . 2009-11-29 19:55 -------- d-----w- c:\programas\Spybot - Search & Destroy

2009-11-28 20:23 . 2009-11-29 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-27 20:00 . 2009-11-27 20:00 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\uTorrent

2009-11-21 14:28 . 2009-11-21 14:28 -------- d-----w- c:\documents and settings\Helder\Application Data\Nokia Multimedia Player

2009-11-12 18:02 . 2009-11-12 18:05 -------- d-----w- c:\programas\Festo Fluidsim

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-04 06:44 . 2009-03-22 16:17 -------- d-----w- c:\programas\Steam

2009-12-03 19:42 . 2006-03-02 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2009-11-28 01:08 . 2009-11-27 19:57 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\cbqozg.dat

2009-11-27 03:59 . 2009-02-12 22:49 -------- d-----w- c:\documents and settings\Helder\Application Data\uTorrent

2009-11-27 03:50 . 2009-08-23 16:16 -------- d-----w- c:\documents and settings\Helder\Application Data\vlc

2009-11-24 23:51 . 2009-04-04 08:36 -------- d-----w- c:\programas\Google

2009-11-21 14:37 . 2009-02-19 20:38 -------- d-----w- c:\documents and settings\Helder\Application Data\dvdcss

2009-11-21 14:00 . 2006-03-02 12:00 83360 ----a-w- c:\windows\system32\perfc016.dat

2009-11-21 14:00 . 2006-03-02 12:00 486842 ----a-w- c:\windows\system32\perfh016.dat

2009-11-21 05:09 . 2009-04-22 17:39 -------- d-----w- c:\programas\PKR

2009-11-10 23:41 . 2009-01-29 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-10-02 12:40 . 2009-03-06 18:48 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2009-10-02 12:40 . 2009-03-06 18:48 28984 ----a-w- c:\windows\system32\LMIport.dll

2009-10-02 12:40 . 2009-03-06 18:47 87352 ----a-w- c:\windows\system32\LMIinit.dll

2009-09-28 19:24 . 2009-06-13 15:43 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-09-26 15:16 . 2009-09-26 15:16 0 ----a-w- C:\ygvwgekw.exe

2009-09-26 15:16 . 2009-09-26 15:16 0 ----a-w- C:\fhwyaqmn.exe

2009-09-11 14:18 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-08 11:32 . 2008-10-16 20:35 11552 ----a-w- c:\windows\system32\lmimirr2.dll

2009-09-08 11:31 . 2008-10-16 20:35 25248 ----a-w- c:\windows\system32\lmimirr.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\programas\IsoBuster\tbIso0.dll" [2009-09-25 2215960]

"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"= "c:\programas\Eazel-PR\tbEaz1.dll" [2009-09-25 2215960]

 

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

 

[HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

2009-09-25 18:56 2215960 ----a-w- c:\programas\IsoBuster\tbIso0.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

2009-09-25 18:56 2215960 ----a-w- c:\programas\Eazel-PR\tbEaz1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\programas\IsoBuster\tbIso0.dll" [2009-09-25 2215960]

"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"= "c:\programas\Eazel-PR\tbEaz1.dll" [2009-09-25 2215960]

 

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

 

[HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\programas\IsoBuster\tbIso0.dll" [2009-09-25 2215960]

"{8FB2FD83-A0A3-4269-A50D-7E40E3D45F7B}"= "c:\programas\Eazel-PR\tbEaz1.dll" [2009-09-25 2215960]

 

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

 

[HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]

"HDAudDeck"="c:\programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]

"Malwarebytes Anti-Malware (reboot)"="c:\programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\SimÆo\Menu Iniciar\Programas\Arranque\

Inicia‡Æo R pida do Microsoft Office OneNote 2007.lnk - c:\programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 14:21 548352 ----a-w- c:\programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2007-11-15 10:10 72208 ----a-w- c:\programas\Ficheiros comuns\Logishrd\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-30 15:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-10-02 12:40 87352 ----a-w- c:\windows\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Logitech SetPoint.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\AVG\\AVG8\\avgam.exe"=

"c:\\Programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programas\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Programas\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Simão\\Ambiente de trabalho\\uTorrent.exe"=

"c:\\Programas\\VirtualDJ\\virtualdj.exe"=

"c:\\Programas\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Programas\\Ficheiros comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Documents and Settings\\Simão\\Ambiente de trabalho\\Os meus documentos\\Jogos\\Need For Speed Most Wanted (MULTI 9-LANGUAGE SELECTOR) (PC) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]\\Need For Speed Most Wanted\\Need For Speed Most Wanted.exe"=

"c:\\Programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [29-01-2009 19:48 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29-01-2009 19:48 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29-01-2009 19:48 108552]

R1 SASDIFSV;SASDIFSV;c:\programas\SUPERAntiSpyware\sasdifsv.sys [23-11-2009 8:43 9968]

R1 SASKUTIL;SASKUTIL;c:\programas\SUPERAntiSpyware\SASKUTIL.SYS [23-11-2009 8:43 74480]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [29-01-2009 19:54 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29-01-2009 19:54 297752]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [05-09-2009 16:30 54752]

R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [29-01-2009 20:00 8960]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\documents and settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\rainfo.sys [24-07-2008 18:46 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [06-03-2009 18:48 47640]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [29-01-2009 19:36 238080]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06-04-2009 1:51 717296]

S2 bbpmzzlyv;Network Update;c:\windows\system32\svchost.exe -k netsvcs [02-03-2006 12:00 14336]

S2 gupdate1c9b500696743d4;Serviço Google Update (gupdate1c9b500696743d4);c:\programas\Google\Update\GoogleUpdate.exe [04-04-2009 8:36 133104]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [29-01-2009 20:00 11264]

S3 fsssvc;Serviço Segurança Familiar do Windows Live;c:\programas\Windows Live\Family Safety\fsssvc.exe [05-08-2009 21:48 704864]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [29-01-2009 20:00 16640]

S3 SASENUM;SASENUM;c:\programas\SUPERAntiSpyware\SASENUM.SYS [23-11-2009 8:43 7408]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

bbpmzzlyv

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\programas\Ficheiros comuns\LightScribe\LSRunOnce.exe"

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programas\Google\Update\GoogleUpdate.exe [2009-04-04 08:36]

 

2009-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programas\Google\Update\GoogleUpdate.exe [2009-04-04 08:36]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://eu.ask.com?o=14672&l=dis

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Helder\Application Data\Mozilla\Firefox\Profiles\38lgtm0k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/

FF - component: c:\documents and settings\Helder\Application Data\Mozilla\Firefox\Profiles\38lgtm0k.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll

FF - component: c:\programas\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

FF - plugin: c:\programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\programas\Veetle\Player\npvlc.dll

FF - plugin: c:\programas\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

AddRemove-ESET Online Scanner - c:\programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

AddRemove-whpokerclub - c:\poker\William Hill POKER CLUB\_SetupPoker(2).exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-05 13:23

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bbpmzzlyv]

"ServiceDll"="c:\windows\system32\dhqhil.dll"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(640)

c:\programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

c:\programas\ficheiros comuns\logishrd\bluetooth\LBTWlgn.dll

c:\windows\system32\LMIinit.dll

c:\programas\ficheiros comuns\logishrd\bluetooth\LBTServ.dll

.

Tempo para conclusão: 2009-12-05 13:26

ComboFix-quarantined-files.txt 2009-12-05 13:26

 

Pré-execução: 228.720.029.696 bytes livres

Pós execução: 239.260.921.856 bytes livres

 

WindowsXP-KB310994-SP2-Home-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

- - End Of File - - 4F31B96569F9CA3BFC7A0CD5BA9ADB28

[wings 22]

Boa tarde helder85

 

 

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

C:\ygvwgekw.exe

C:\fhwyaqmn.exe

c:\windows\system32\dhqhil.dll

DDS::

uStart Page = hxxp://eu.ask.com?o=14672&l=dis

NetSvcs::

bbpmzzlyv

Driver::

bbpmzzlyv

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt e novo log do hijack

[helder85 0]

log do combofix

 

ComboFix 09-12-04.04 - Helder 05-12-2009 14:49.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.351.2070.18.3583.2951 [GMT 0:00]

Executando de: c:\documents and settings\Helder\Ambiente de trabalho\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Helder\Ambiente de trabalho\CFScript.txt

AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

FILE ::

"C:\fhwyaqmn.exe"

"c:\windows\system32\dhqhil.dll"

"C:\ygvwgekw.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\fhwyaqmn.exe

C:\ygvwgekw.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_BBPMZZLYV

-------\Service_bbpmzzlyv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-05 to 2009-12-05 ))))))))))))))))))))))))))))

.

 

2009-12-04 07:42 . 2009-12-04 07:42 -------- d-----w- c:\programas\CCleaner

2009-12-03 21:04 . 2009-12-05 04:33 -------- d-----w- c:\programas\Ad-Remover

2009-12-03 20:41 . 2009-12-03 20:41 -------- d-----w- c:\programas\Trend Micro

2009-12-03 07:13 . 2009-12-03 07:13 117760 ----a-w- c:\documents and settings\Helder\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-12-03 07:12 . 2009-12-03 07:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-12-03 07:11 . 2009-12-03 07:11 -------- d-----w- c:\programas\SUPERAntiSpyware

2009-12-03 07:11 . 2009-12-03 07:11 -------- d-----w- c:\documents and settings\Helder\Application Data\SUPERAntiSpyware.com

2009-12-03 07:11 . 2009-12-03 07:11 -------- d-----w- c:\programas\Ficheiros comuns\Wise Installation Wizard

2009-12-02 18:32 . 2009-12-02 18:32 -------- d-----w- c:\programas\Veetle

2009-11-30 01:23 . 2009-11-30 01:23 -------- d-----w- c:\documents and settings\Helder\Application Data\Malwarebytes

2009-11-30 01:23 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-30 01:23 . 2009-11-30 01:23 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware

2009-11-30 01:23 . 2009-11-30 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-30 01:23 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-29 18:19 . 2009-11-29 18:18 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-11-29 18:16 . 2009-11-30 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-11-28 20:23 . 2009-11-29 19:55 -------- d-----w- c:\programas\Spybot - Search & Destroy

2009-11-28 20:23 . 2009-11-29 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-27 20:00 . 2009-11-27 20:00 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\uTorrent

2009-11-21 14:28 . 2009-11-21 14:28 -------- d-----w- c:\documents and settings\Helder\Application Data\Nokia Multimedia Player

2009-11-12 18:02 . 2009-11-12 18:05 -------- d-----w- c:\programas\Festo Fluidsim

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-04 06:44 . 2009-03-22 16:17 -------- d-----w- c:\programas\Steam

2009-12-03 19:42 . 2006-03-02 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys

2009-11-28 01:08 . 2009-11-27 19:57 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\cbqozg.dat

2009-11-27 03:59 . 2009-02-12 22:49 -------- d-----w- c:\documents and settings\Helder\Application Data\uTorrent

2009-11-27 03:50 . 2009-08-23 16:16 -------- d-----w- c:\documents and settings\Helder\Application Data\vlc

2009-11-24 23:51 . 2009-04-04 08:36 -------- d-----w- c:\programas\Google

2009-11-21 14:37 . 2009-02-19 20:38 -------- d-----w- c:\documents and settings\Helder\Application Data\dvdcss

2009-11-21 14:00 . 2006-03-02 12:00 83360 ----a-w- c:\windows\system32\perfc016.dat

2009-11-21 14:00 . 2006-03-02 12:00 486842 ----a-w- c:\windows\system32\perfh016.dat

2009-11-21 05:09 . 2009-04-22 17:39 -------- d-----w- c:\programas\PKR

2009-11-10 23:41 . 2009-01-29 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-10-02 12:40 . 2009-03-06 18:48 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2009-10-02 12:40 . 2009-03-06 18:48 28984 ----a-w- c:\windows\system32\LMIport.dll

2009-10-02 12:40 . 2009-03-06 18:47 87352 ----a-w- c:\windows\system32\LMIinit.dll

2009-09-28 19:24 . 2009-06-13 15:43 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-09-11 14:18 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-08 11:32 . 2008-10-16 20:35 11552 ----a-w- c:\windows\system32\lmimirr2.dll

2009-09-08 11:31 . 2008-10-16 20:35 25248 ----a-w- c:\windows\system32\lmimirr.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\programas\IsoBuster\tbIso0.dll" [2009-09-25 2215960]

"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"= "c:\programas\Eazel-PR\tbEaz1.dll" [2009-09-25 2215960]

 

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

 

[HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

2009-09-25 18:56 2215960 ----a-w- c:\programas\IsoBuster\tbIso0.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

2009-09-25 18:56 2215960 ----a-w- c:\programas\Eazel-PR\tbEaz1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\programas\IsoBuster\tbIso0.dll" [2009-09-25 2215960]

"{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}"= "c:\programas\Eazel-PR\tbEaz1.dll" [2009-09-25 2215960]

 

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

 

[HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\programas\IsoBuster\tbIso0.dll" [2009-09-25 2215960]

"{8FB2FD83-A0A3-4269-A50D-7E40E3D45F7B}"= "c:\programas\Eazel-PR\tbEaz1.dll" [2009-09-25 2215960]

 

[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

 

[HKEY_CLASSES_ROOT\clsid\{8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]

"HDAudDeck"="c:\programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]

"Malwarebytes Anti-Malware (reboot)"="c:\programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-09-21 55824]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\SimÆo\Menu Iniciar\Programas\Arranque\

Inicia‡Æo R pida do Microsoft Office OneNote 2007.lnk - c:\programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 14:21 548352 ----a-w- c:\programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2007-11-15 10:10 72208 ----a-w- c:\programas\Ficheiros comuns\Logishrd\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-30 15:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2009-10-02 12:40 87352 ----a-w- c:\windows\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Arranque^Logitech SetPoint.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\AVG\\AVG8\\avgam.exe"=

"c:\\Programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programas\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Programas\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Simão\\Ambiente de trabalho\\uTorrent.exe"=

"c:\\Programas\\VirtualDJ\\virtualdj.exe"=

"c:\\Programas\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Programas\\Ficheiros comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Documents and Settings\\Simão\\Ambiente de trabalho\\Os meus documentos\\Jogos\\Need For Speed Most Wanted (MULTI 9-LANGUAGE SELECTOR) (PC) (ALREADY CRACKED) (DIRECT PLAY) [blaze69]\\Need For Speed Most Wanted\\Need For Speed Most Wanted.exe"=

"c:\\Programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [29-01-2009 19:48 12552]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06-04-2009 1:51 717296]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29-01-2009 19:48 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29-01-2009 19:48 108552]

R1 SASDIFSV;SASDIFSV;c:\programas\SUPERAntiSpyware\sasdifsv.sys [23-11-2009 8:43 9968]

R1 SASKUTIL;SASKUTIL;c:\programas\SUPERAntiSpyware\SASKUTIL.SYS [23-11-2009 8:43 74480]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [29-01-2009 19:54 908056]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29-01-2009 19:54 297752]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [05-09-2009 16:30 54752]

R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [29-01-2009 20:00 8960]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\documents and settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\rainfo.sys [24-07-2008 18:46 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [06-03-2009 18:48 47640]

R3 SASENUM;SASENUM;c:\programas\SUPERAntiSpyware\SASENUM.SYS [23-11-2009 8:43 7408]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [29-01-2009 19:36 238080]

S2 gupdate1c9b500696743d4;Serviço Google Update (gupdate1c9b500696743d4);c:\programas\Google\Update\GoogleUpdate.exe [04-04-2009 8:36 133104]

S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [29-01-2009 20:00 11264]

S3 fsssvc;Serviço Segurança Familiar do Windows Live;c:\programas\Windows Live\Family Safety\fsssvc.exe [05-08-2009 21:48 704864]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [29-01-2009 20:00 16640]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\programas\Ficheiros comuns\LightScribe\LSRunOnce.exe"

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programas\Google\Update\GoogleUpdate.exe [2009-04-04 08:36]

 

2009-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programas\Google\Update\GoogleUpdate.exe [2009-04-04 08:36]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Helder\Application Data\Mozilla\Firefox\Profiles\38lgtm0k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/

FF - component: c:\documents and settings\Helder\Application Data\Mozilla\Firefox\Profiles\38lgtm0k.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll

FF - component: c:\programas\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

FF - plugin: c:\programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\programas\Veetle\Player\npvlc.dll

FF - plugin: c:\programas\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

 

**************************************************************************

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos:

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(656)

c:\programas\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

c:\programas\ficheiros comuns\logishrd\bluetooth\LBTWlgn.dll

c:\windows\system32\LMIinit.dll

c:\programas\ficheiros comuns\logishrd\bluetooth\LBTServ.dll

 

- - - - - - - > 'explorer.exe'(3244)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\programas\Ficheiros comuns\LightScribe\LSSrvc.exe

c:\documents and settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\RaMaint.exe

c:\documents and settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\LogMeIn.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\documents and settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\LMIGuardian.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\programas\Nero\Nero8\Nero BackItUp\NBService.exe

c:\programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\programas\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-05 14:58 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-05 14:57

ComboFix2.txt 2009-12-05 13:26

 

Pré-execução: 239.322.464.256 bytes livres

Pós execução: 239.169.609.728 bytes livres

 

- - End Of File - - 33D80172449F06DB8D8C5CC72112A32C

 

 

log do hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:35:17, on 05-12-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\RaMaint.exe

C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\LogMeIn.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\LMIGuardian.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Programas\AVG\AVG8\avgcsrvx.exe

C:\Programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programas\IsoBuster\tbIso0.dll

R3 - URLSearchHook: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Programas\Eazel-PR\tbEaz1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programas\IsoBuster\tbIso0.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Programas\Eazel-PR\tbEaz1.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programas\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programas\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programas\IsoBuster\tbIso0.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Eazel-PR Toolbar - {8fb2fd83-a0a3-4269-a50d-7e40e3d45f7b} - C:\Programas\Eazel-PR\tbEaz1.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [startCCC] "C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HDAudDeck] C:\Programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\PokerTimeMPP\MPPoker.exe (file missing) (HKCU)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233258250686

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/flashax.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programas\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Serviço Google Update (gupdate1c9b500696743d4) (gupdate1c9b500696743d4) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programas\Ficheiros comuns\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Documents and Settings\Simão\Ambiente de trabalho\Os meus documentos\Programas\x86\LogMeIn.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Programas\Ficheiros comuns\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 10309 bytes

[wings 22]

1.

*Execute o hijack, clique em [Do a system scan only], selecione a entrada abaixo e clique em [Fix checked]

 

O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\PokerTimeMPP\MPPoker.exe (file missing) (HKCU)

*Feche o hijack

 

2.

*Clique em [iniciar] > [Executar] > digite: combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Surgirá a mensagem: "ComboFix está desinstalado"

*Clique [OK]

*Delete a pasta C:\Combofix e o arquivo C:\combofix.txt, se ainda existirem.

 

Seus logs estão limpos..

 

3.

*Faça o download e instale o CCleaner

*Na coluna da direita, desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

*Abra o programa e clique em [Executar Limpeza]

*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

 

Um abraço.

 

Lembranças aos portugueses...:natal_smile:

[helder85 0]

no ccleaner não me aparece "Dados Prefetch antigos", aparece "data antiga pré-guardada", é isto? e o meu pc está limpo?

 

qual dos softwares deixo ficar? superantispyware, malaware e AVG?

 

cumprimentos e muito obrigado por tudo, salvas-te a minha máquina... ;)

[wings 22]

no ccleaner não me aparece "Dados Prefetch antigos", aparece "data antiga pré-guardada", é isto? e o meu pc está limpo?

 

Se esta opção não existe, não tem problema. Desconsidere.

 

qual dos softwares deixo ficar? superantispyware, malaware e AVG?

 

Pode manter no PC eles...todos são freewares.

 

Informe se está tudo ok.

[helder85 0]

pelo menos parece estar tudo ok, o AVG já não detecta nada e o pc corre normalmente...

 

então meu pc está limpo??

 

um muito obrigado e um grande abraço deste tuga, e força no fórum que está excelente...

 

cumprimentos...

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.