[Arquivado] analisem meu log do hijack

[rnatos 0]

Olá a todos, é a primeira vez que uso o programa hijack e gostaria que o log abaixo fosse analisado, obrigado a todos.

Problema: Pop-ups de sites adultos abrem automaticamente.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 09:29:59, on 28/05/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logicool\Qcam10\Qcam.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IELowutil.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://br.search.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://br.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://br.search.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://br.search.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://br.search.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logicool\Qcam10\Qcam.exe" /hide

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [bONE OOZE] "C:\ProgramData\DoesAdminAdmin.97pyv"

O4 - HKCU\..\Run: [Pure Team Open Exit] "C:\ProgramData\Great Chic Third.k5ok9b"

O4 - HKCU\..\Run: [NitroPC] "C:\Program Files\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [system_boot_b7ac2a7080af538bfc34bfae8dbb78b2] C:\Windows\system32\mshta http://www.galcco.com/reg2.php?cid=b7ac2a7080af538bfc34bfae8dbb78b2

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldpt-br.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logicool Co., Ltd. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

 

--

End of file - 10183 bytes

[DigRam 144]

Bom Dia! rnatos

 

<@> Baixe: < > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

 

<@> Clique em Ok.

<@> Na janela: "Contrato de garantia de software" --> Clique em Sim!

 

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[rnatos 0]

Olá digram, obrigado por responder tão rapido. Eu não expliquei direito o problema no topico, alem de um pop-up abre tambem o IE, e é claro não adianta fechar porque ele reabre em alguns segundos novamente, segue abaixo os logs solicitados.

Abraço.

 

ComboFix 10-05-28.02 - User 29/05/2010 13:32:12.1.1 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1046.18.1014.337 [GMT 9:00]

Executando de: c:\users\User\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-28 to 2010-05-29 ))))))))))))))))))))))))))))

.

 

2010-05-29 04:42 . 2010-05-29 04:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-05-27 02:21 . 2010-05-27 02:21 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-27 02:21 . 2010-05-27 02:21 -------- d-----w- c:\program files\Trend Micro

2010-05-27 01:36 . 2010-05-27 01:36 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2010-05-27 00:38 . 1997-11-19 06:49 303616 ----a-w- c:\windows\IsUninst.exe

2010-05-27 00:13 . 2010-05-27 00:13 -------- d-----w- c:\program files\Panicware

2010-05-26 02:00 . 2008-11-26 17:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-05-26 02:00 . 2008-11-26 17:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-05-26 02:00 . 2008-11-26 17:15 97480 ----a-w- c:\windows\system32\AvastSS.scr

2010-05-26 02:00 . 2008-11-26 17:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-05-26 02:00 . 2008-11-26 17:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-05-26 01:59 . 2008-11-26 17:21 1236208 ----a-w- c:\windows\system32\aswBoot.exe

2010-05-26 01:59 . 2008-11-26 17:17 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-05-25 22:17 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-24 15:03 . 2010-05-24 15:03 -------- d-----w- c:\program files\AVG

2010-05-23 05:35 . 2010-05-23 05:45 -------- d-----w- c:\users\User\2010-05-23

2010-05-14 11:25 . 2010-05-14 11:25 -------- d-----w- c:\program files\Conduit

2010-05-14 11:25 . 2010-05-14 11:25 -------- d-----w- c:\program files\Messenger_Plus_Live

2010-05-13 22:06 . 2010-05-13 22:06 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC3DC.tmp.exe

2010-05-12 08:49 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-26 02:05 . 2008-04-09 08:20 680 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat

2010-05-26 02:01 . 2006-11-06 01:32 634202 ----a-w- c:\windows\system32\prfh0416.dat

2010-05-26 02:01 . 2006-11-06 01:32 121888 ----a-w- c:\windows\system32\prfc0416.dat

2010-05-25 22:01 . 2008-02-19 15:28 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2010-05-25 07:35 . 2009-01-09 10:11 -------- d-----w- c:\programdata\platform gram

2010-05-25 07:34 . 2009-02-01 08:10 -------- d-----w- c:\programdata\Option Camp Pure Team

2010-05-14 11:25 . 2008-11-22 12:30 -------- d-----w- c:\program files\Messenger Plus! Live

2010-05-12 16:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-05-12 02:21 . 2009-10-02 18:06 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-03-05 14:01 . 2010-04-14 22:10 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-15 02:10 . 2010-02-15 02:10 87040 --sha-r- c:\windows\System32\shunimplf.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-04-15 2515552]

 

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]

2010-04-15 03:33 2515552 ----a-w- c:\program files\Messenger_Plus_Live\tbMess.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-04-15 2515552]

 

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BONE OOZE"="c:\programdata\DoesAdminAdmin.97pyv" [X]

"Pure Team Open Exit"="c:\programdata\Great Chic Third.k5ok9b" [X]

"system_boot_b7ac2a7080af538bfc34bfae8dbb78b2"="c:\windows\system32\mshta http:" [X]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408]

"ares"="c:\program files\Ares\Ares.exe" [2008-11-20 880640]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]

"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-10-18 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-10-18 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-10-18 133656]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-08 488984]

"LogitechQuickCamRibbon"="c:\program files\Logicool\Qcam10\Qcam.exe" [2007-03-08 774168]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

 

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-02 179712]

S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 14:58]

 

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 14:58]

 

2010-05-29 c:\windows\Tasks\User_Feed_Synchronization-{75DC633E-659D-42EA-ABC3-1306847E98B4}.job

- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://br.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://br.search.yahoo.com

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: yahoo.co.jp\page19.auctions

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-NitroPC - c:\program files\NitroPC\NitroPC.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-29 13:42

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2010-05-29 13:47:38

ComboFix-quarantined-files.txt 2010-05-29 04:47

 

Pré-execução: 24.300.593.152 bytes disponíveis

Pós execução: 25.218.195.456 bytes disponíveis

 

- - End Of File - - 6ABE7747D0AFB17EFC1962E7FB5EF25B

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:57:48, on 29/05/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logicool\Qcam10\Qcam.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://br.search.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logicool\Qcam10\Qcam.exe" /hide

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [bONE OOZE] "C:\ProgramData\DoesAdminAdmin.97pyv"

O4 - HKCU\..\Run: [Pure Team Open Exit] "C:\ProgramData\Great Chic Third.k5ok9b"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [system_boot_b7ac2a7080af538bfc34bfae8dbb78b2] C:\Windows\system32\mshta http://www.galcco.com/reg2.php?cid=b7ac2a7080af538bfc34bfae8dbb78b2

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldpt-br.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logicool Co., Ltd. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

 

--

End of file - 9160 bytes

[DigRam 144]

Bom Dia! rnatos

 

<!> Desinstale:

 

<1> c:\program files\Messenger_Plus_Live

<2> c:\program files\Conduit

 

<!> Ps: Após as remoções,limpe o registro com o CCleaner.

0000000000000000000

ooooooooooooooooooo

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Desabilite seu anti-vírus ou Firewall.

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção: 2 - Fix + Hosts --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[rnatos 0]

Olá digram, seguem os logs.

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Celeron® M CPU 520 @ 1.60GHz )

BIOS : Default System BIOS

USER : User ( Administrator )

BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:48 Go (Free:24 Go)

D:\ (Local Disk) - NTFS - Total:61 Go (Free:60 Go)

E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

F:\ (USB) - FAT32 - Total:3810 Mo (Free:0 Go)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 29/05/2010|20:19 )

 

[ UAC => 1 ]

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em Local

 

[25/10/2008|09:49] C:\Users\User\AppData\Local\Adobe

[17/02/2008|23:22] C:\Users\User\AppData\Local\Apple

[02/03/2008|19:24] C:\Users\User\AppData\Local\Apple Computer

[01/06/2008|11:06] C:\Users\User\AppData\Local\Apps

[22/11/2008|21:40] C:\Users\User\AppData\Local\Ares

[26/05/2010|11:05] C:\Users\User\AppData\Local\d3d9caps.dat

[15/02/2008|17:40] C:\Users\User\AppData\Local\Dados de aplicativos

[29/05/2010|10:16] C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[01/06/2008|11:06] C:\Users\User\AppData\Local\Deployment

[25/02/2010|03:20] C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT

[26/05/2010|10:55] C:\Users\User\AppData\Local\Google

[15/02/2008|17:40] C:\Users\User\AppData\Local\Hist¢rico

[29/05/2010|20:01] C:\Users\User\AppData\Local\IconCache.db

[26/05/2010|10:52] C:\Users\User\AppData\Local\Microsoft

[06/07/2009|02:11] C:\Users\User\AppData\Local\Microsoft Games

[02/07/2009|18:57] C:\Users\User\AppData\Local\MigWiz

[12/04/2008|11:15] C:\Users\User\AppData\Local\Mozilla

[04/01/2010|00:03] C:\Users\User\AppData\Local\NitroPC

[15/02/2008|19:40] C:\Users\User\AppData\Local\Real

[29/05/2010|20:19] C:\Users\User\AppData\Local\Temp

[15/02/2008|17:40] C:\Users\User\AppData\Local\Temporary Internet Files

[22/03/2008|17:22] C:\Users\User\AppData\Local\VirtualStore

[27/04/2008|21:48] C:\Users\User\AppData\Local\Yahoo

 

--------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

 

[29/05/2010 20:15][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[29/05/2010 20:03][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[29/05/2010 14:57][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{75DC633E-659D-42EA-ABC3-1306847E98B4}.job

[29/05/2010 20:02][--ah-----] C:\Windows\tasks\SA.DAT

[29/05/2010 20:01][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Lista de pastas em C:\ProgramData

 

[23/08/2009|06:35] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[25/10/2008|01:28] C:\ProgramData\Adobe

[17/02/2008|23:22] C:\ProgramData\Apple

[23/08/2009|06:34] C:\ProgramData\Apple Computer

[02/11/2006|22:02] C:\ProgramData\Application Data

[15/02/2008|19:06] C:\ProgramData\Atheros

[05/10/2009|20:57] C:\ProgramData\CanonBJ

[15/02/2008|17:35] C:\ProgramData\Dados de aplicativos

[02/11/2006|22:02] C:\ProgramData\Desktop

[15/02/2008|17:35] C:\ProgramData\Documentos

[02/11/2006|22:02] C:\ProgramData\Documents

[05/05/2008|14:19] C:\ProgramData\eMule

[02/11/2006|22:02] C:\ProgramData\Favorites

[15/02/2008|17:35] C:\ProgramData\Favoritos

[20/01/2009|22:14] C:\ProgramData\Google

[19/02/2008|18:21] C:\ProgramData\Logicool

[19/02/2008|18:21] C:\ProgramData\Logishrd

[15/02/2008|17:35] C:\ProgramData\Menu Iniciar

[06/11/2009|15:48] C:\ProgramData\Microsoft

[15/02/2008|17:35] C:\ProgramData\Modelos

[25/05/2010|16:35] C:\ProgramData\platform gram

[15/02/2008|19:40] C:\ProgramData\Real

[15/02/2008|22:44] C:\ProgramData\Roxio

[15/02/2008|20:04] C:\ProgramData\Sonic

[15/02/2008|19:33] C:\ProgramData\Spybot - Search & Destroy

[02/11/2006|22:02] C:\ProgramData\Start Menu

[24/05/2010|23:54] C:\ProgramData\TEMP

[02/11/2006|22:02] C:\ProgramData\Templates

[09/01/2009|18:50] C:\ProgramData\WLInstaller

[27/04/2008|21:47] C:\ProgramData\Yahoo!

 

--------------------\\ Lista de pastas em C:\Program Files

 

[25/10/2008|01:26] C:\Program Files\Adobe

[04/08/2009|03:28] C:\Program Files\Alwil Software

[23/08/2009|06:39] C:\Program Files\Apple Software Update

[22/11/2008|21:40] C:\Program Files\Ares

[15/02/2008|17:35] C:\Program Files\Arquivos Comuns [C:\Program Files\Common Files]

[22/08/2009|06:32] C:\Program Files\Ask Search Assistant

[15/02/2008|19:06] C:\Program Files\Atheros

[25/05/2010|00:03] C:\Program Files\AVG

[23/08/2009|06:19] C:\Program Files\Bonjour

[29/05/2010|19:29] C:\Program Files\CCleaner

[29/05/2010|13:38] C:\Program Files\Common Files

[15/02/2008|19:34] C:\Program Files\DivX

[01/02/2010|23:59] C:\Program Files\Google

[15/02/2008|19:29] C:\Program Files\Grisoft

[09/04/2008|20:38] C:\Program Files\InstallShield Installation Information

[26/05/2010|07:42] C:\Program Files\Internet Explorer

[15/02/2008|19:49] C:\Program Files\InterVideo

[23/08/2009|06:34] C:\Program Files\iPod

[23/08/2009|06:35] C:\Program Files\iTunes

[15/02/2008|19:40] C:\Program Files\K-Lite Codec Pack

[19/02/2008|18:21] C:\Program Files\Logicool

[09/04/2008|20:38] C:\Program Files\Megaupload

[09/04/2008|20:39] C:\Program Files\MegauploadToolbar

[14/05/2010|20:25] C:\Program Files\Messenger_Plus_Live

[06/11/2009|15:43] C:\Program Files\Microsoft

[20/02/2008|00:28] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[02/11/2006|21:37] C:\Program Files\Microsoft Games

[21/01/2010|07:06] C:\Program Files\Microsoft Silverlight

[09/01/2009|19:02] C:\Program Files\Microsoft SQL Server Compact Edition

[06/11/2009|15:48] C:\Program Files\Microsoft Sync Framework

[16/03/2010|06:13] C:\Program Files\Movie Maker

[22/11/2008|20:53] C:\Program Files\Mozilla Firefox

[02/11/2006|21:37] C:\Program Files\MSBuild

[15/02/2008|20:04] C:\Program Files\MSXML 4.0

[09/07/2009|03:17] C:\Program Files\NTTW

[27/05/2010|09:13] C:\Program Files\Panicware

[23/08/2009|06:32] C:\Program Files\QuickTime

[15/02/2008|21:01] C:\Program Files\RadLight Company

[15/02/2008|19:08] C:\Program Files\Realtek

[02/11/2006|21:37] C:\Program Files\Reference Assemblies

[15/02/2008|20:03] C:\Program Files\Roxio

[23/08/2009|06:39] C:\Program Files\Safari

[18/09/2008|21:31] C:\Program Files\SopCast

[15/02/2008|19:30] C:\Program Files\Spybot - Search & Destroy

[15/02/2008|20:07] C:\Program Files\Synaptics

[27/05/2010|11:21] C:\Program Files\Trend Micro

[02/11/2006|22:01] C:\Program Files\Uninstall Information

[26/06/2008|23:52] C:\Program Files\Windows Calendar

[26/06/2008|23:52] C:\Program Files\Windows Collaboration

[26/06/2008|23:52] C:\Program Files\Windows Defender

[26/06/2008|23:52] C:\Program Files\Windows Journal

[06/11/2009|15:50] C:\Program Files\Windows Live

[09/01/2009|19:01] C:\Program Files\Windows Live Favorites

[06/11/2009|15:42] C:\Program Files\Windows Live SkyDrive

[06/11/2009|15:49] C:\Program Files\Windows Live Toolbar

[13/05/2010|01:26] C:\Program Files\Windows Mail

[29/10/2009|03:04] C:\Program Files\Windows Media Player

[15/02/2008|17:35] C:\Program Files\Windows NT

[26/06/2008|23:52] C:\Program Files\Windows Photo Gallery

[26/06/2008|23:52] C:\Program Files\Windows Sidebar

[05/05/2008|14:42] C:\Program Files\Yahoo!

[09/03/2008|10:49] C:\Program Files\Yahoo!J

 

--------------------\\ Lista de pastas em C:\Program Files\Common Files

 

[25/10/2008|01:27] C:\Program Files\Common Files\Adobe

[23/08/2009|06:34] C:\Program Files\Common Files\Apple

[15/02/2008|20:01] C:\Program Files\Common Files\InstallShield

[15/02/2008|19:51] C:\Program Files\Common Files\InterVideo

[09/04/2008|23:12] C:\Program Files\Common Files\LogiShrd

[25/05/2010|00:02] C:\Program Files\Common Files\microsoft shared

[15/02/2008|19:34] C:\Program Files\Common Files\PX Storage Engine

[15/02/2008|20:04] C:\Program Files\Common Files\Roxio Shared

[02/11/2006|20:18] C:\Program Files\Common Files\Services

[15/02/2008|17:35] C:\Program Files\Common Files\Sistema [C:\Program Files\Common Files\System]

[15/02/2008|20:04] C:\Program Files\Common Files\Sonic Shared

[02/11/2006|20:18] C:\Program Files\Common Files\SpeechEngines

[26/06/2008|23:52] C:\Program Files\Common Files\System

[22/11/2008|20:56] C:\Program Files\Common Files\Windows Live

[15/02/2008|19:44] C:\Program Files\Common Files\WindowsLiveInstaller

 

--------------------\\ Process

 

( 60 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-29 20:19:40

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:13][D:3]-> C:\Users\User\AppData\Local\Temp

[F:3][D:1]-> C:\Users\User\AppData\Roaming\MICROS~1\Windows\Cookies

[F:6][D:4]-> C:\Users\User\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:1][D:1]-> C:\$Recycle.Bin

 

1 - "C:\Lop SD\LopR_1.txt" - 29/05/2010|19:21 - Option : [2]

2 - "C:\Lop SD\LopR_2.txt" - 29/05/2010|20:21 - Option : [2]

 

--------------------\\ Verificação completa em 20:21:49

[ UAC => 1 ]

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:23:26, on 29/05/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logicool\Qcam10\Qcam.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://br.search.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logicool\Qcam10\Qcam.exe" /hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [system_boot_b7ac2a7080af538bfc34bfae8dbb78b2] C:\Windows\system32\mshta http://www.galcco.com/reg2.php?cid=b7ac2a7080af538bfc34bfae8dbb78b2

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldpt-br.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logicool Co., Ltd. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

 

--

End of file - 8278 bytes

[DigRam 144]

Boa Tarde! rnatos

 

<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

Registry::

[-HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BONE OOZE"=-

"Pure Team Open Exit"=-

"system_boot_b7ac2a7080af538bfc34bfae8dbb78b2"=-

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[rnatos 0]

Olá digram, infelizmente não tenho mais tempo para continuar a tentar resolver esse problema e irei formatar o pc, muito obrigado pela ajuda e continue com esse bom trabalho.

PS: seguem os logs solicitados.

 

ComboFix 10-05-28.02 - User 30/05/2010 11:52:15.2.1 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1046.18.1014.346 [GMT 9:00]

Executando de: c:\users\User\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\User\Desktop\CFScript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-28 to 2010-05-30 ))))))))))))))))))))))))))))

.

 

2010-05-30 03:02 . 2010-05-30 03:02 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-05-30 03:02 . 2010-05-30 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-05-29 10:29 . 2010-05-29 10:29 -------- d-----w- c:\program files\CCleaner

2010-05-29 10:13 . 2010-05-29 11:21 -------- d-----w- C:\Lop SD

2010-05-29 10:10 . 2010-05-29 10:08 501736 ----a-w- C:\LopSD.exe

2010-05-29 09:31 . 2007-10-17 23:55 180224 ----a-w- c:\windows\system32\igfxres.dll

2010-05-27 02:21 . 2010-05-27 02:21 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-27 02:21 . 2010-05-27 02:21 -------- d-----w- c:\program files\Trend Micro

2010-05-27 01:36 . 2010-05-27 01:36 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2010-05-27 00:38 . 1997-11-19 06:49 303616 ----a-w- c:\windows\IsUninst.exe

2010-05-27 00:13 . 2010-05-27 00:13 -------- d-----w- c:\program files\Panicware

2010-05-26 02:00 . 2008-11-26 17:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-05-26 02:00 . 2008-11-26 17:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-05-26 02:00 . 2008-11-26 17:15 97480 ----a-w- c:\windows\system32\AvastSS.scr

2010-05-26 02:00 . 2008-11-26 17:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-05-26 02:00 . 2008-11-26 17:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-05-26 01:59 . 2008-11-26 17:21 1236208 ----a-w- c:\windows\system32\aswBoot.exe

2010-05-26 01:59 . 2008-11-26 17:17 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-05-25 22:17 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-24 15:03 . 2010-05-24 15:03 -------- d-----w- c:\program files\AVG

2010-05-23 05:35 . 2010-05-23 05:45 -------- d-----w- c:\users\User\2010-05-23

2010-05-14 11:25 . 2010-05-29 12:40 -------- d-----w- c:\program files\Messenger_Plus_Live

2010-05-13 22:06 . 2010-05-13 22:06 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC3DC.tmp.exe

2010-05-12 08:49 . 2010-01-29 16:21 738304 ----a-w- c:\windows\system32\inetcomm.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-26 02:05 . 2008-04-09 08:20 680 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat

2010-05-26 02:01 . 2006-11-06 01:32 634202 ----a-w- c:\windows\system32\prfh0416.dat

2010-05-26 02:01 . 2006-11-06 01:32 121888 ----a-w- c:\windows\system32\prfc0416.dat

2010-05-25 22:01 . 2008-02-19 15:28 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2010-05-25 07:35 . 2009-01-09 10:11 -------- d-----w- c:\programdata\platform gram

2010-05-12 16:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-05-12 02:21 . 2009-10-02 18:06 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-03-05 14:01 . 2010-04-14 22:10 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-15 02:10 . 2010-02-15 02:10 87040 --sha-r- c:\windows\System32\shunimplf.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 827392]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-10-18 166424]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-08 488984]

"LogitechQuickCamRibbon"="c:\program files\Logicool\Qcam10\Qcam.exe" [2007-03-08 774168]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-10-18 133656]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-11 17:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

2008-11-20 13:29 880640 ----a-w- c:\program files\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-10-18 00:19 141848 ----a-w- c:\windows\System32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-07-13 05:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 08:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-06-20 07:56 4493312 ----a-w- c:\windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-01-20 22:06 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-18 14:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

 

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-02 179712]

S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 14:58]

 

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 14:58]

 

2010-05-30 c:\windows\Tasks\User_Feed_Synchronization-{75DC633E-659D-42EA-ABC3-1306847E98B4}.job

- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://br.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://br.search.yahoo.com

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: yahoo.co.jp\page19.auctions

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Toolbar-{9b339f6e-ddcd-401b-8764-230adbd01761} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-30 12:02

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2010-05-30 12:07:24

ComboFix-quarantined-files.txt 2010-05-30 03:07

ComboFix2.txt 2010-05-29 04:47

 

Pré-execução: 26.183.806.976 bytes disponíveis

Pós execução: 26.050.666.496 bytes disponíveis

 

- - End Of File - - DB485103C9718EC4D1C05D3C2987A3CC

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:10:31, on 30/05/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logicool\Qcam10\Qcam.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://br.search.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logicool\Qcam10\Qcam.exe" /hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldpt-br.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logicool Co., Ltd. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

 

--

End of file - 7369 bytes

 

 

Abraços.

[DigRam 144]

Bom Dia! rnatos

 

Olá digram, infelizmente não tenho mais tempo para continuar a tentar resolver esse problema e irei formatar o pc, muito obrigado pela ajuda e continue com esse bom trabalho.

<!> Ok! Mas...não esqueça de informar aqui também. < Link >

000000000000000000

<@> Ps: Acredito que a remoção desses ficheiros ou pastas,irão resolver seus problemas:

 

c:\programdata\DoesAdminAdmin.97pyv <--

 

c:\programdata\Great Chic Third.k5ok9b <--

 

<@> Verifique,também,a legitimidade desses arquivos!

 

c:\windows\system32\shunimplf.dll <--

 

c:\windows\system32\mshta.exe <--

 

<!> Ps: Informe-nos se resolveu!

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.