Remoção de vírus

Baygon · 24/01/2009

Mr. Wolf, estão aqui os Logs:

ComboFix

ComboFix 09-01-21.04 - Vitor 2009-01-24 1:46:57.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1046.18.2047.1098 [GMT -2:00]
Executando de: c:\users\Vitor\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Vitor\Desktop\CFScript.txt
* Criado um novo ponto de restauro

FILE ::
c:\program files\desktop.ini
H:\setup.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\desktop.ini

.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))
.

2009-01-23 23:14 . 2009-01-23 23:33 96,976 --a------ c:\windows\System32\drivers\klin.dat
2009-01-23 23:14 . 2009-01-23 23:33 87,855 --a------ c:\windows\System32\drivers\klick.dat
2009-01-23 23:13 . 2009-01-23 23:13 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-23 23:13 . 2009-01-24 01:49 12,947,232 --ahs---- c:\windows\System32\drivers\fidbox.dat
2009-01-23 23:13 . 2009-01-23 23:34 55,592 --ahs---- c:\windows\System32\drivers\fidbox.idx
2009-01-23 23:05 . 2009-01-23 23:05 <DIR> d-------- c:\program files\Trend Micro
2009-01-23 22:58 . 2009-01-23 22:58 <DIR> d-------- c:\users\Vitor\AppData\Roaming\Malwarebytes
2009-01-23 22:58 . 2009-01-23 22:58 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-23 22:58 . 2009-01-23 22:58 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-23 22:58 . 2009-01-23 22:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-23 22:58 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-23 22:58 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-23 21:17 . 2008-08-17 08:33 678,408 --a------ c:\windows\System32\gpprefcl.dll
2009-01-23 21:17 . 2008-10-21 23:22 2,048 --a------ c:\windows\System32\tzres.dll
2009-01-23 21:15 . 2008-10-31 23:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-23 21:15 . 2008-08-28 01:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2009-01-23 21:15 . 2008-08-28 01:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2009-01-23 21:15 . 2008-08-28 01:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-01-23 21:15 . 2008-11-01 01:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2009-01-23 21:14 . 2008-10-21 03:25 1,645,568 --a------ c:\windows\System32\connect.dll
2009-01-23 21:14 . 2008-10-22 01:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2009-01-23 21:04 . 2008-04-17 02:36 171,136 -rahs---- C:\grldr
2009-01-13 17:37 . 2008-12-16 00:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-12-29 12:59 . 2008-12-29 12:59 <DIR> dr-h----- c:\users\Vitor\AppData\Roaming\SecuROM
2008-12-26 20:21 . 2008-12-26 20:21 <DIR> d-------- c:\program files\NYKO

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 01:36 --------- d-----w c:\programdata\Kaspersky Lab
2009-01-24 01:19 --------- d-----w c:\program files\DVD Shrink
2009-01-24 01:06 --------- d-----w c:\users\Vitor\AppData\Roaming\uTorrent
2009-01-24 01:06 --------- d-----w c:\program files\Windows Mail
2009-01-23 20:16 --------- d-----w c:\programdata\DVD Shrink
2009-01-15 02:19 --------- d-----w c:\programdata\Microsoft Help
2008-12-28 15:26 --------- d-----w c:\users\Vitor\AppData\Roaming\Vso
2008-12-14 14:38 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 14:38 --------- d-----w c:\program files\CyberLink
2008-12-14 14:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-13 20:10 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-12-13 19:53 --------- d-----w c:\programdata\NVIDIA
2008-12-13 19:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-13 19:49 --------- d-----w c:\program files\AGEIA Technologies
2008-12-06 12:04 --------- d-----w c:\program files\CCleaner
2008-12-02 12:13 453,152 ----a-w c:\windows\System32\nvuninst.exe
2008-12-02 01:36 2,568 --sha-w c:\windows\System32\KGyGaAvL.sys
2008-11-26 14:59 --------- d-----w c:\programdata\TrackMania
2008-11-12 22:32 12,288 ----a-w c:\windows\impborl.dll
2008-11-10 22:15 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 19:41 14,303,392 ----a-w c:\windows\System32\xlive.dll
2008-10-28 19:41 13,643,936 ----a-w c:\windows\System32\xlivefnt.dll
2008-10-02 23:46 47,360 ----a-w c:\users\Vitor\AppData\Roaming\pcouffin.sys
2008-07-18 00:41 9,759 ----a-w c:\program files\megacubo_log.log
.

((((((((((((((((((((((((((((( snapshot@2009-01-24_ 1.16.46,07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-24 01:37:08 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-24 03:16:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-24 03:16:02 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-24 01:37:13 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-24 03:16:08 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-01-24 03:08:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-24 03:37:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-24 03:08:29 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-24 03:37:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-24 03:08:29 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-24 03:37:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"RGSC"="f:\gtaiv\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 774168]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 1132056]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G G

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-06-11 22:43 640376 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
--a------ 2008-06-12 02:25 37232 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2005-07-12 19:23 454144 c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 21:12 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-29 22:44 133104 c:\users\Vitor\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 17:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-09 00:02 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 16:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-02-07 17:24 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{45F2B7C3-F498-49C9-8C76-951404CD8921}"= c:\program files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{CD8D5489-06E0-4193-94C6-3B40118F06FF}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{DA012B90-AA8B-4001-ACC0-2CF8F3FD01FA}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{8A825AAB-34F7-4A53-A82D-3CE63D7AEEAD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{14CAD06E-F22A-4B7C-81BF-EB4340DB07BA}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{486B3613-3F78-47B9-BC78-975C9D895A87}e:\\softwares\\utorrent extreme le (multi).exe"= UDP:e:\softwares\utorrent extreme le (multi).exe:uTorrent Extreme LE (Multi)
"UDP Query User{E2204E45-12E0-4FAB-9B35-A67C6A737FCF}e:\\softwares\\utorrent extreme le (multi).exe"= TCP:e:\softwares\utorrent extreme le (multi).exe:uTorrent Extreme LE (Multi)
"{7A8A1A38-954F-4A26-801F-4751EDA10128}"= UDP:c:\program files\Megacubo\megacubo.exe:MegaCubo
"{DBB87510-9481-44C2-BA1C-ABE95CF1428E}"= TCP:c:\program files\Megacubo\megacubo.exe:MegaCubo
"{BF68E5C6-DE0F-4B4C-88D8-94D7236311BF}"= UDP:c:\program files\Megacubo\megasrv.exe:MiniFly
"{C194E323-C4CC-43C4-BD97-5C7E6C8F7231}"= TCP:c:\program files\Megacubo\megasrv.exe:MiniFly
"TCP Query User{D3132ACB-4593-47ED-8937-42C5A871F197}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{D80DFC09-A530-44B0-9098-4F8CF7B03FB2}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{5468A518-5C96-4DE0-ABAF-F6F6A9E8D7A2}"= UDP:f:\combat arms\NMService.exe:Nexon Messenger Core
"{CBAED970-70B7-49A7-A331-BC3C528D8F88}"= TCP:f:\combat arms\NMService.exe:Nexon Messenger Core
"{3D7D9D76-F389-477B-BE06-B68A6E4E6EEC}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AAB89148-AB81-497B-A288-5FC92BF50E1C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{67BEF49E-9B5D-40DA-8DEA-0FC682D56FF7}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:itunes.exe
"UDP Query User{BFDC5FFA-896D-4741-83E8-AB521548D8D6}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:itunes.exe
"TCP Query User{F4036CBE-1FFC-4E13-AE18-30EB8BF83C5A}f:\\tmnationsforever\\tmforever.exe"= UDP:f:\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{741B090A-34BB-43E2-9657-3A8ABC7F2BF8}f:\\tmnationsforever\\tmforever.exe"= TCP:f:\tmnationsforever\tmforever.exe:TmForever
"{F8765CD6-DA9C-453D-810E-521A8556BFAF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BAEBF20A-6377-4BEC-A943-E59E6AEA0923}f:\\dirt\\dirt.exe"= UDP:f:\dirt\dirt.exe

iRT Executable
"UDP Query User{E9DC9D41-D2FE-4706-961A-A0181649A2A7}f:\\dirt\\dirt.exe"= TCP:f:\dirt\dirt.exe

iRT Executable
"{BDF98E38-781F-4D41-A683-7597F484BB7D}"= UDP:f:\combat arms\CombatArms.exe:Combat Arms
"{1FA124EC-B577-4765-AF66-6A649FE92EDA}"= TCP:f:\combat arms\CombatArms.exe:Combat Arms
"{D07C47F1-8EA0-4465-8EF4-91A7A70E7579}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{6CC1F483-1726-4EF7-8751-003568B2E68A}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"TCP Query User{5EE6B33A-A412-40F4-908E-6C3F6152E946}f:\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:f:\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{DC63C3C7-3358-479D-B0FE-0BA41658A40E}f:\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:f:\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"{D1923F52-F103-40BC-B845-9F9B48BD1057}"= UDP:5353:Adobe CSI CS4
"{ECA5D712-DC69-461C-8DD6-16026CED59F4}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{0591F257-0BA9-436E-94B1-C2A130F5280C}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{A30CCC35-DD29-48ED-83D2-104503F5A869}c:\\users\\vitor\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\vitor\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{FF717EE5-8451-440D-961F-32786CFE0839}c:\\users\\vitor\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\vitor\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{6882C393-0B64-45B5-A05C-B2F627741E1A}f:\\tmnationsforever\\tmforever.exe"= UDP:f:\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{2D5C746E-94B2-498E-9366-D02EB9FA2E2C}f:\\tmnationsforever\\tmforever.exe"= TCP:f:\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{AE92A91F-08AF-4566-8189-6FB39CA597BC}f:\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:f:\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"UDP Query User{48E9445E-C1C6-4DAA-B30E-735633523494}f:\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:f:\brothers in arms - hell's highway\binaries\biahh.exe:biahh
"{7C2129A2-DE67-4969-A76C-D2B8BBC16CDE}"= UDP:f:\gtaiv\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{E1C70464-D453-423A-80D1-2815E0F1EF42}"= TCP:f:\gtaiv\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{CA779F86-068F-4A56-8A0E-D3F2D6D5D261}"= UDP:f:\gtaiv\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{05BDB9DC-8474-4F86-85FE-16689B4F3449}"= TCP:f:\gtaiv\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"TCP Query User{8D9D24A5-3D31-496B-BA06-5DDDFFB1EB03}f:\\gtaiv\\grand theft auto iv\\gtaiv.exe"= UDP:f:\gtaiv\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"UDP Query User{D6554E2D-9AC8-4684-8797-B1B135DFA6BA}f:\\gtaiv\\grand theft auto iv\\gtaiv.exe"= TCP:f:\gtaiv\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV
"TCP Query User{D82DAF75-491D-4525-BBA7-5A191988786E}f:\\guitar hero iii\\gh3.exe"= UDP:f:\guitar hero iii\gh3.exe:Guitar Hero III
"UDP Query User{C4691B3E-0080-45BD-95A5-CB6F73A0E3FE}f:\\guitar hero iii\\gh3.exe"= TCP:f:\guitar hero iii\gh3.exe:Guitar Hero III
"TCP Query User{397AE185-889C-4EE4-B3E0-7F1E21A0E08A}f:\\guitar hero aerosmith\\guitar hero aerosmith.exe"= UDP:f:\guitar hero aerosmith\guitar hero aerosmith.exe:Guitar Hero: Aerosmith
"UDP Query User{8D4C03A2-B90A-4FFE-8D74-3EA7FCE4D922}f:\\guitar hero aerosmith\\guitar hero aerosmith.exe"= TCP:f:\guitar hero aerosmith\guitar hero aerosmith.exe:Guitar Hero: Aerosmith

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2007-10-24 32272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2007-10-16 20496]
R4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51:58 13560]
R4 TimerStop;TimerStop;c:\windows\System32\TimerStop.sys [2008-10-27 4096]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2008-11-13 240128]
S4 gupdate1c8f57561018344;Google Update Service (gupdate1c8f57561018344);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-03 133104]

--- ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-01-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 22:44]

2009-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-166006492-1750611433-2166632835-1000.job
- c:\users\Vitor\AppData\Local\Google\Update\GoogleUpdate.exe [2008-08-29 22:44]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.terra.com.br/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {6C518058-25C2-4B12-9639-BFB7058B3151} = 200.204.0.10 200.204.0.138
FF - ProfilePath - c:\users\Vitor\AppData\Roaming\Mozilla\Firefox\Profiles\panj3qq1.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\users\Vitor\AppData\Roaming\Mozilla\Firefox\Profiles\panj3qq1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Vitor\AppData\Roaming\Mozilla\Firefox\Profiles\panj3qq1.default\extensions\piclens@cooliris.com\components\piclensstub.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 01:49:39
Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll

- - - - - - - > 'lsass.exe'(728)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
.
Tempo para conclusão: 2009-01-24 1:52:55
ComboFix-quarantined-files.txt 2009-01-24 03:52:53
ComboFix2.txt 2009-01-24 03:19:13

Pré-execução: 17.316.319.232 bytes disponíveis
Pós execução: 16,127,422,464 bytes disponíveis

254 --- E O F --- 2009-01-23 23:18:13

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:00:49, on 24/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RGSC] F:\GTAIV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C518058-25C2-4B12-9639-BFB7058B3151}: NameServer = 200.204.0.10 200.204.0.138
O20 - AppInit_DLLs: G G
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8f57561018344) (gupdate1c8f57561018344) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 7102 bytes

Mr.Wolf · 24/01/2009

Opa Baygon

1ª Etapa

Execute o HijackThis e clique em Open the Misc Tools Section. Clique no botão Generate StartupList log e clique em Sim na mensagem. Abrirá, automaticamente, um log no Bloco de Notas para você. O mesmo também estará na pasta do HijackThis com o nome startuplis.txt.

Copie o conteúdo deste log em sua próxima resposta.

2ª Etapa

- Faça o download do DDS e salve no desktop.

- Duplo clique em dds.scr.
- Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
- Quando terminar, o DDS.txt irá abrir.
- Surgirá também uma nova caixa "D.D.S - Optional_Scan", clique em Sim.
- Uma nova janela do Bloco de Notas irá abrir com o log "Attach.txt".
- Uma caixa final irá surgir, clique em OK.

Salve os resultados (DDS.txt e Attach.txt) e cole-os na sua próxima resposta junto com o StartupList.txt por gentileza.

ATIprogamer · 24/01/2009

Nossa Mr wolf aparentemente esta resolvido o meu problema,so deu agora algumas minimas veses,mais vlw mesmo cara,qual qui era o problema??

Baygon · 24/01/2009

Mr. Wolf, aí vai os últimos logs que vc pediu:

Startuplist.txt

StartupList report, 24/01/2009, 11:04:05
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows Vista SP1 (WinNT 6.00.1905)
Detected: Internet Explorer v7.00 (7.00.6001.18000)
* Using default options
==================================================

Running processes:

C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

amd_dc_opt = C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
LanguageShortcut = "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Launch LCDMon = "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
Launch LGDCore = "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
RtHDVCpl = RtHDVCpl.exe
NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
AVP = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
ehTray.exe = C:\Windows\ehome\ehTray.exe
RGSC = F:\GTAIV\Rockstar Games Social Club\RGSCLauncher.exe /silent
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
=

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=G G

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
SmartSelect - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll - {F4971EE7-DAA0-4053-9964-665D8EE6A077}

--------------------------------------------------

Enumerating Task Scheduler jobs:

GoogleUpdateTaskMachine.job
GoogleUpdateTaskUserS-1-5-21-166006492-1750611433-2166632835-1000.job

--------------------------------------------------

Enumerating Download Program Files:

[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\Windows\system32\OGACheckControl.DLL
CODEBASE = http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

[Shockwave Flash Object]
InProcServer32 = C:\Windows\system32\Macromed\Flash\Flash10a.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
NameSpace #7: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\system32\webcheck.dll

--------------------------------------------------
End of report, 7.511 bytes
Report generated in 0,078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

DDS.txt

DDS (Ver_09-01-19.01) - NTFSx86
Run by Vitor at 11:05:22,95 on 24/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.55.1046.18.2047.1406 [GMT -2:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Vitor\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.terra.com.br/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RGSC] f:\gtaiv\rockstar games social club\RGSCLauncher.exe /silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Launch LCDMon] "c:\program files\common files\logitech\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\common files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 8.0\avp.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 8.0\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {6C518058-25C2-4B12-9639-BFB7058B3151} = 200.204.0.10 200.204.0.138
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: G G
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\vitor\appdata\roaming\mozilla\firefox\profiles\panj3qq1.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\users\vitor\appdata\roaming\mozilla\firefox\profiles\panj3qq1.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\vitor\appdata\roaming\mozilla\firefox\profiles\panj3qq1.default\extensions\piclens@cooliris.com\components\piclensstub.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2007-10-24 32272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2007-10-16 20496]
R4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R4 TimerStop;TimerStop;c:\windows\system32\TimerStop.sys [2008-10-27 4096]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2008-11-13 240128]
S4 gupdate1c8f57561018344;Google Update Service (gupdate1c8f57561018344);c:\program files\google\update\GoogleUpdate.exe [2008-8-3 133104]

=============== Created Last 30 ================

2009-01-24 01:45 <DIR> --d----- C:\ComboFix
2009-01-24 01:07 161,792 a------- c:\windows\SWREG.exe
2009-01-24 01:07 98,816 a------- c:\windows\sed.exe
2009-01-23 23:14 96,976 a------- c:\windows\system32\drivers\klin.dat
2009-01-23 23:14 87,855 a------- c:\windows\system32\drivers\klick.dat
2009-01-23 23:13 <DIR> --d----- c:\program files\Kaspersky Lab
2009-01-23 23:13 15,819,808 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-01-23 23:13 188,600 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-01-23 23:05 <DIR> --d----- c:\program files\Trend Micro
2009-01-23 22:58 <DIR> --d----- c:\users\vitor\appdata\roaming\Malwarebytes
2009-01-23 22:58 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-23 22:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-23 22:58 <DIR> --d----- c:\programdata\Malwarebytes
2009-01-23 22:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-23 22:58 <DIR> --d----- c:\progra~2\Malwarebytes
2009-01-23 21:17 2,048 a------- c:\windows\system32\tzres.dll
2009-01-23 21:17 678,408 a------- c:\windows\system32\gpprefcl.dll
2009-01-23 21:15 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2009-01-23 21:15 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-01-23 21:15 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-01-23 21:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-01-23 21:15 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-01-23 21:14 1,645,568 a------- c:\windows\system32\connect.dll
2009-01-23 21:14 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-01-23 21:04 171,136 a--shr-- C:\grldr
2009-01-13 17:37 288,768 a------- c:\windows\system32\drivers\srv.sys
2008-12-26 20:21 <DIR> --d----- c:\program files\NYKO

==================== Find3M ====================

2009-01-24 02:02 634,004 a------- c:\windows\system32\prfh0416.dat
2009-01-24 02:02 121,690 a------- c:\windows\system32\prfc0416.dat
2009-01-23 23:13 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-23 23:13 86,016 a------- c:\windows\inf\infstor.dat
2009-01-23 23:13 51,200 a------- c:\windows\inf\infpub.dat
2008-12-02 10:13 453,152 a------- c:\windows\system32\nvuninst.exe
2008-12-01 23:36 2,568 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-11-12 20:32 12,288 a------- c:\windows\impborl.dll
2008-11-10 20:15 103,736 a------- c:\windows\system32\PnkBstrB.exe
2008-11-01 01:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 01:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 01:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 01:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 01:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-29 04:29 2,927,104 a------- c:\windows\explorer.exe
2008-10-28 17:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-02 21:46 47,360 a------- c:\users\vitor\appdata\roaming\pcouffin.sys
2008-08-19 09:25 665,600 a------- c:\windows\inf\drvindex.dat
2008-07-17 22:41 9,759 a------- c:\program files\megacubo_log.log
2006-11-05 23:22 318,818 a------- c:\windows\inf\perflib\0416\perfi.dat
2006-11-05 23:22 318,818 a------- c:\windows\inf\perflib\0416\perfh.dat
2006-11-05 23:22 37,412 a------- c:\windows\inf\perflib\0416\perfd.dat
2006-11-05 23:22 37,412 a------- c:\windows\inf\perflib\0416\perfc.dat
2006-11-02 07:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 07:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 07:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 07:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-01-24 11:05 16,076,064 a--sh--- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 11:06:17,39 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 02/07/2008 18:39:30
System Uptime: 24/01/2009 10:35:54 (1 hours ago)

Motherboard: http://www.abit.com.tw/ | | KN9(NF-MCP55 series)
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2600/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 15,083 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 1,515 GiB free.
E: is FIXED (NTFS) - 137 GiB total, 20,609 GiB free.
F: is FIXED (NTFS) - 99 GiB total, 8,112 GiB free.
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador do Microsoft 6to4
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador do Microsoft 6to4
Device ID: ROOT\*6TO4MP\0005
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0005
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Adaptador do Microsoft 6to4
Device ID: ROOT\*6TO4MP\0025
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0025
Service: tunnel

==== System Restore Points ===================

RP294: 23/01/2009 23:12:28 - Installed Kaspersky Internet Security 8.0 Beta.
RP295: 24/01/2009 01:10:06 - ComboFix created restore point
RP296: 24/01/2009 01:46:07 - ComboFix created restore point

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.60 beta
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS3 Presets
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 3 Master Collection
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Illustrator CS4
Adobe InDesign CS3 Icon Handler
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS3
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AHV content for Acrobat and Flash
AnyDVD
Apple Mobile Device Support
Apple Software Update
Arquivo do WinRAR
Assistente de Conexão do Windows Live
Audiosurf
BD Advisor 2.0
Bonjour
BR
Brothers in Arms: Hell's Highway
CCleaner (remove only)
CloneDVD2
Combat Arms
Connect
CorelDRAW Graphics Suite X3
Dual-Core Optimizer
DVD Shrink 3.1.7
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.6
Esquemas de Som do Windows
EVEREST Ultimate Edition v4.50
FontNav
Google Chrome
Google Earth
Google Update
Grand Theft Auto IV
Guitar Hero III
Guitar Hero: Aerosmith
HijackThis 2.0.2
iTunes
iTunes Lyrics Importer
Java(TM) 6 Update 2
Java(TM) 6 Update 7
K-Lite Mega Codec Pack 3.4.5
KaraFun 1.18
Kaspersky Internet Security 8.0 Beta
kuler
Last.fm 1.5.2.38918
LimeWire PRO 4.14.5
Lively by Google
Logitech G15 Keyboard Software 1.04
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MobileMe Control Panel
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 7 Ultra Edition
neroxml
NVIDIA Drivers
NVIDIA PhysX v8.10.13
NYKO Gamepad Mapping Tools 2.0.0
OEM Logo and Information
OpenAL
OpenSSL 0.9.6m
PDF Settings CS4
Photodex Presenter
Photoshop Camera Raw
Pixel Bender Toolkit
PowerDVD
Prince of Persia
ProShow Gold
Pure
QuickTime
Realtek High Definition Audio Driver
Rockstar Games Social Club
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Sony Noise Reduction Plug-In 2.0e
Sony Sound Forge 9.0
Suite Shared Configuration CS4
Ultimate Extras sounds from Microsoft® Tinker™
Unity Web Player
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Update Manager
VBA
VCRedistSetup
Windows Live installer
Windows Live Messenger

==== End Of File ===========================

Carlos MEP · 24/01/2009

Caros colegas do forum agora é o seguinte, somos somente nós. O nosso professor e rei Mr.Wolf infelizmente estará ausente nos proximos dias como foi mesmo dito por ele que espero que sejam poucos se deus quiser, o que faremos??

Bom a última coisa que o caríssimo Mr.Wolf me pediu para fazer foi executar o programa FindAWF e teclar 3, por os arquivos que ele me pediu no bloco de notas e finalizar com o programa. Me mandou tambem postar um novo log do HijackThis.

Se alguem aqui tambem sabe analisar um log desse programa poderia me dizer qual o proximo passo a tomar?? ficarei imensamente grato.

Bem abaixo deixo meus logs para quem souber analisar o log e se prontificar a me dar uma luz sera bem vinda.

PS.: Lembrando que o pc pode estar com bastante virus ainda nao sei porque nao faço a minima ideia de como saber, mas esta muito melhor que antes estou conseguindo fazer tudo ja.

Atenciosamente

Carlos

Logs:

FindAWF

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Sun 01/24/2009
The current time is: 12:48:58.51

bak folders found
~~~~~~~~~~~

Directory of C:\Arquivos de programas\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak
Directory of C:\Arquivos de programas\Java\jre1.6.0_02\bin\bak
Directory of C:\Arquivos de programas\DISC\bak
Directory of C:\Arquivos de programas\DISC\bak
Directory of C:\Arquivos de programas\Lexmark X1100 Series\bak
Directory of C:\Arquivos de programas\PCPal\bak

0 File(s) 0 bytes

0 File(s) 218,240 bytes

~~~~~~~~~~~~~~~~~~~~~~~

FELKERN SUCESSFULLY - bak folders found

Directory of C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\bak

~~~~~~~~~~~~~~~~~~~~~~~

Duplicate files of bak directory contents

~~~~~~~~~~~~~~~~~~~~~~~

end of report

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:40, on 24/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\msne.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolb arNotifier.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\hkcmd.exe
c:\arquivos de programas\avira\antivir personaledition classic\avcenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.111.10.9:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.111.10.9:3128;local;10.111.10.8:3128
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\ljjigghau.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\Arcade\WINDOWS\system32\j.exe
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navaunhsyshext5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O2 - BHO: (no name) - {AC5B426E-3FE7-48C5-B700-915F98DA0BC3}B700-915F98DA0BC3} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.174 6\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [msne.exe] C:\WINDOWS\system32\msne.exe
O4 - HKLM\..\Run: [C:\WINDOWS\System32\kdhnl.exe] C:\WINDOWS\system32\kdhnl.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de Programas\MSN Messenger\msnmmsgr.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolb arNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.ssaabb.com/files/epl221bf2.cab
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

--
End of file - 7412 bytes

Obrigado desde já.

Um grande abraço a todos e espero que possam me ajudar.

The Dog · 24/01/2009

Mr. Wolf, pode me dar uma ajuda?

Passei o scanner online do Kaspersky e eles acusou 137 arquivos infectados pelo mesmo virus, o dundun.

Qual procedimento que devo fazer?

Gustavo MPO · 25/01/2009

Carlos MEP disse:
Caros colegas do forum agora é o seguinte, somos somente nós. O nosso professor e rei Mr.Wolf infelizmente estará ausente nos proximos dias como foi mesmo dito por ele que espero que sejam poucos se deus quiser, o que faremos??

Bom a última coisa que o caríssimo Mr.Wolf me pediu para fazer foi executar o programa FindAWF e teclar 3, por os arquivos que ele me pediu no bloco de notas e finalizar com o programa. Me mandou tambem postar um novo log do HijackThis.

Se alguem aqui tambem sabe analisar um log desse programa poderia me dizer qual o proximo passo a tomar?? ficarei imensamente grato.

Bem abaixo deixo meus logs para quem souber analisar o log e se prontificar a me dar uma luz sera bem vinda.

PS.: Lembrando que o pc pode estar com bastante virus ainda nao sei porque nao faço a minima ideia de como saber, mas esta muito melhor que antes estou conseguindo fazer tudo ja.

Atenciosamente

Carlos

Logs:

FindAWF

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Sun 01/24/2009
The current time is: 12:48:58.51

bak folders found
~~~~~~~~~~~

Directory of C:\Arquivos de programas\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak
Directory of C:\Arquivos de programas\Java\jre1.6.0_02\bin\bak
Directory of C:\Arquivos de programas\DISC\bak
Directory of C:\Arquivos de programas\DISC\bak
Directory of C:\Arquivos de programas\Lexmark X1100 Series\bak
Directory of C:\Arquivos de programas\PCPal\bak

0 File(s) 0 bytes

0 File(s) 218,240 bytes

~~~~~~~~~~~~~~~~~~~~~~~

FELKERN SUCESSFULLY - bak folders found

Directory of C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\bak

~~~~~~~~~~~~~~~~~~~~~~~

Duplicate files of bak directory contents

~~~~~~~~~~~~~~~~~~~~~~~

end of report

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:40, on 24/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\msne.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolb arNotifier.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\hkcmd.exe
c:\arquivos de programas\avira\antivir personaledition classic\avcenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.111.10.9:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.111.10.9:3128;local;10.111.10.8:3128
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\ljjigghau.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\Arcade\WINDOWS\system32\j.exe
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navaunhsyshext5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O2 - BHO: (no name) - {AC5B426E-3FE7-48C5-B700-915F98DA0BC3}B700-915F98DA0BC3} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.174 6\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [msne.exe] C:\WINDOWS\system32\msne.exe
O4 - HKLM\..\Run: [C:\WINDOWS\System32\kdhnl.exe] C:\WINDOWS\system32\kdhnl.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de Programas\MSN Messenger\msnmmsgr.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolb arNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.ssaabb.com/files/epl221bf2.cab
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

--
End of file - 7412 bytes

Obrigado desde já.

Um grande abraço a todos e espero que possam me ajudar.

Pelo que pude perceber pelos logs Carlos, Mr.Wolf encontrou uma infecção por um Downloader.Agent.awf.
O log do HiJackThis também apontam outras infecções na sua máquina.
Estou sem tempo para lhe dar instruções agora, assim que voltar tentarei te ajudar na remoção desses virus.

The Dog disse:
Mr. Wolf, pode me dar uma ajuda?

Passei o scanner online do Kaspersky e eles acusou 137 arquivos infectados pelo mesmo virus, o dundun.

Qual procedimento que devo fazer?

Poste o log do Kaspersky e um log do HiJackThis por favor.

luisednardo · 25/01/2009

Carlos MEP,
Vá em INICIAR / CONFIGURAÇÕES / PAINEL DE CONTROLE / ADICIONAR E REMOVER PROGRAMAS e remova o Item ASK TOOLBAR

Analisarei seu log com mais calma depois, juntamente com o Gustavo MPO
Abraços

Carlos MEP · 26/01/2009

Caros colegas Gustavo MPO e Luis Ednardo, muito obrigado por tentarem me ajudar enquanto o rei Mr.Wolf está ausente.

Bem Luis Ednardo, fui lá no Adicionar e Remover Programas e não achei esse programa ASK TOOLBAR.

Saberiam me dizer qual é o próximo passo???

Atenciosamente

Carlos

Um grande abraço

Gustavo MPO · 26/01/2009

Carlos siga as instruções:

- Faça o download do [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/URL] e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Poste o referido log em sua próxima resposta.

Carlos MEP · 26/01/2009

Caro Gustavo MPO aqui está o log gerado pelo programa ComboFix.

PS.: Gustavo só uma coisa, depois que passei esse ComboFix o micro ficou pior, não consigo abrir alguns programas novamente, como relatei no meu primeiro topico que postei aqui. Será que todos os vírus retornaram para o micro???

Segue o log do ComboFix

ComboFix 09-01-21.04 - Administrador 2009-01-26 14:30:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.478.160 [GMT -3:00]
Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

Atenciosamente

Muito obrigado pela ajuda.

Gustavo MPO · 26/01/2009

O log está incompleto.
Repita o procedimento em modo de segurança.

Carlos MEP · 26/01/2009

Caro Gustavo deu a mesma coisa em modo de segurança. Só foi gerado isso mesmo, esta errado?

Obrigado

ComboFix 09-01-21.04 - Administrador 2009-01-26 15:00.2 - Minimal NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.478.160 [GMT -3:00]
Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled*
* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

Gustavo MPO · 26/01/2009

Sim, o Combofix não esta executando.
Vamos tentar de outra forma.

Faça o download do SDFix:

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em C:\SDFix

Reinicie o PC em modo de segurança

Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
Tecle Y para que a ferramenta inicie o processo de remoção
Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
Uma janela com o relatório do SDFix irá aparecer.
Este relatório é salvo na pasta SDFix com o nome Report.txt

Copie esse log em sua próxima resposta.

luisednardo · 26/01/2009

Carlos MEP disse:
Caros colegas Gustavo MPO e Luis Ednardo, muito obrigado por tentarem me ajudar enquanto o rei Mr.Wolf está ausente.

Bem Luis Ednardo, fui lá no Adicionar e Remover Programas e não achei esse programa ASK TOOLBAR.

Saberiam me dizer qual é o próximo passo???

Atenciosamente

Carlos

Um grande abraço

Amigo Carlos, vc não encontrou porque provavelmente o item já foi desinstalado do Adicionar ou Remover Programas mas a linha no registro do windows ainda consta lá. Faça o seguinte, siga o que o Gustavo MPO falou, rode o SDFIX que eu verei o log.

Carlos MEP · 26/01/2009

Caros Gustavo MPO e Luis Ednardo aqui está o log do SDFix que rodou certinho.

Muito obrigado aos 2 caros colegas.

Atenciosamente

Carlos

Ai vai o log do SDFix

SDFix: Version 1.240
Run by Administrador on 2009-01-26 at 17:00

Microsoft Windows XP [versÆo 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 17:15:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"="C:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Arquivos de programas\\Puxa R pido\\PuxaRapido.exe"="C:\\Arquivos de programas\\Puxa R pido\\PuxaRapido.exe:*:Enabled

uxa R pido"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\ \system32\\sessmgr.exe:*isabled

xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\MSN Messenger\\msncall.exe"="C:\\Arquivos de programas\\MSN Messenger\\msncall.exe:*isabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\MSN Messenger\\msncall.exe"="C:\\Arquivos de programas\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

Files with Hidden Attributes :

Finished!

Gustavo MPO · 27/01/2009

Carlos MEP disse:
Caros Gustavo MPO e Luis Ednardo aqui está o log do SDFix que rodou certinho.

Muito obrigado aos 2 caros colegas.

Atenciosamente

Carlos

Ai vai o log do SDFix

SDFix: Version 1.240
Run by Administrador on 2009-01-26 at 17:00
...

Novamente o log está incompleto, o SDFix também não rodou corretamente.
Siga os passos abaixo:

1 -

Faça o download do OTMoveIt3 e salve-o em sua área de trabalho.
Execute o OTMoveIt3.exe
Copie o conteúdo do code abaixo e cole no campo Paste Instructions for items to be moved.
Clique em MoveIt.

Código:

:Processes
explorer.exe

:Files
C:\WINDOWS\system32\msne.exe
C:\WINDOWS\system32\ljjigghau.dll
C:\Arcade\WINDOWS\system32\j.exe
C:\Arquivos de Programas\MSN Messenger\msnmmsgr.exe
C:\WINDOWS\system32\navaunhsyshext5.dll 
C:\WINDOWS\system32\kdhnl.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Caso o pc não tenha reiniciado, reinicie.
O log do OTMoveIt está na pasta C:\_OTMoveIt\MovedFiles.

2 -

Copie o conteúdo do code abaixo, abra o notepad e cole. Salve o arquivo como disp.cmd em sua área de trabalho e execute-o.
Uma tela preta ira piscar, é normal.
Copie o conteúdo do arquivo arcade_content.txt localizado em C:\ e cole em sua próxima resposta também.

Código:

@echo off
cd C:\Arcade\
dir > arcade_content.txt
move arcade_content.txt C:\

3 -

Execute o HiJackThis e clique em Do a System scan only.
Selecione as entradas abaixo e clique em Fix Checked.

Código:

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\ljjigghau.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\Arcade\WINDOWS\system32\j.exe
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navaunhsyshext5.dll 
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Arquivos de programas\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: (no name) - {AC5B426E-3FE7-48C5-B700-915F98DA0BC3}B700-915F98DA0BC3} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Arquivos de programas\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM\..\Run: [msne.exe] C:\WINDOWS\system32\msne.exe
O4 - HKLM\..\Run: [C:\WINDOWS\System32\kdhnl.exe] C:\WINDOWS\system32\kdhnl.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de Programas\MSN Messenger\msnmmsgr.exe" /background

Em sua próxima resposta envie os logs do OTMoveIt3, o conteúdo do arquivo arcade_content.txt e um novo log do HiJackThis por favor.

Carlos MEP · 27/01/2009

Caro Gustavo MPO, o segundo procedimento que me passou não tive sucesso, quando executei o disp.cmd apareceu uma mensagem de que o arquivo não foi encontrado, e apareceu 2 opções, Procurar e Fechar. Usei as 2 e nenhuma teve sucesso.

Abaixo coloco os logs do OTMoveIt3 e HijackThis.

Obrigado pela ajuda

Atenciosamente

Carlos

Log do OTMoveIt3

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File move failed. C:\WINDOWS\system32\msne.exe scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\ljjigghau.dll not found.
File/Folder C:\Arcade\WINDOWS\system32\j.exe not found.
File/Folder C:\Arquivos de Programas\MSN Messenger\msnmmsgr.exe not found.
File/Folder C:\WINDOWS\system32\navaunhsyshext5.dll not found.
File/Folder C:\WINDOWS\system32\kdhnl.exe not found.
========== REGISTRY ==========
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\alows\Perflib_Perfdata_1.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\haugstgfa.defa ult\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\haugstgfa.defa ult\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\haugstgfa.defa ult\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\haugstgfa.defa ult\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\haugstgfa.defa ult\tgs.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01272009_153928

Files moved on Reboot...
File C:\WINDOWS\system32\msne.exe not found!
File C:\WINDOWS\temp\alows\Perflib_Perfdata_1.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_.dat not found!
File C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\haugstgfa.defa ult\Cache\_CACHE_001_ moved successfully.
File C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\haugstgfa.defa ult\Cache\_CACHE_002_ moved successfully.
File C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\haugstgfa.defa ult\Cache\_CACHE_003_ moved successfully.
File C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\haugstgfa.defa ult\Cache\_CACHE_MAP_ moved successfully.
File C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\haugstgfa.defa ult\tgs.mfl moved successfully.

*******************************************

Log do HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:40, on 27/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\msne.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe.exec
C:\WINDOWS\system32\svchost.exe.ex1
C:\WINDOWS\system32\svchost.exe.bat
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\hkcmd.exe
c:\arquivos de programas\avira\antivir personaledition classic\avcenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.111.10.9:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.111.10.9:3128;local;10.111.10.8:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = Ghnauhsieufh.dll ; tgajnjdojmhe.exe
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\ljjigghau.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\Arcade\WINDOWS\system32\j.exe
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navaunhsyshext5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.174 6\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [msne.exe] C:\WINDOWS\system32\msne.exe
O4 - HKLM\..\Run: [C:\WINDOWS\System32\kdhnl.exe] C:\WINDOWS\system32\kdhnl.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de Programas\MSN Messenger\msnmmsgr.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolb arNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.ssaabb.com/files/epl221bf2.cab
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

--
End of file - 7394 bytes

Marcosrrs21 · 27/01/2009

Mr.Wolf disse:
Marcosrrs21 disse:

Olá Marcosrrs21, por favor siga as instruções dentro do spoiler abaixo (basta clicar em Mostrar).

Obrigado Mr. Wolf.

Segue os logs exigidos.

abs

Clique para expandir...

Marcosrrs21 · 27/01/2009

Obrigado Mr. Wolf.

Segue o log do Hyjack que não consegui anexar:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:08, on 16/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\Xerox\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Vongo\Tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Exibir Barra de ferramentas do Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Xerox PanelMgr] C:\Windows\Xerox\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4280764979-98582117-1291604627-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Guest')
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10074 bytes

LancerIX · 27/01/2009

Por favor, alguem analisa aqui q esse negocio ta me arrancando os cabelos!
Tirei um McAfee velho q tinh no PC do meu pai e coloquei o Avira Free.

Tinha só uns 700 bichinhos e 2 nõ somem nem lascando. Qualquer ação no PC eles são executados e o Avira da o alerta. De tanto alerta to doido já!

mkfght0.dll
otrewe0.dll
otrewe1.dll

Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:43, on 27/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Google\Google Talk\googletalk.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\sistray.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe
C:\Arquivos de programas\Rockstar Games\GTA San Andreas\gta_sa.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ATIVA\Desktop\Yasuda\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MBM 5] "C:\Arquivos de programas\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Super PI 1.5\VGA\Riva\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [ertyuop] C:\WINDOWS\system32\rttrwq.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [anhtaas] C:\WINDOWS\system32\cvsdfw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Localização acelerada da Microsoft.lnk = C:\Arquivos de programas\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB1B7A7A-46FF-4ECF-B724-2657F7EAB9D9}: NameServer = 192.168.254.254
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7862 bytes

bruno.alb · 27/01/2009

Olá Mr.Wolf segue meu log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:48, on 27/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
E:\arquivos de programas\steam\steam.exe
C:\Arquivos de programas\Software WIDCOMM\Bluetooth\BTTray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\ARQUIV~1\SOFTWA~1\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Arquivos de programas\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\DADOSD~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "e:\arquivos de programas\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BAE6D75-1ADE-470F-ACC5-0B8C5824BFFF}: NameServer = 201.10.120.3,201.10.1.2
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7866 bytes

E aproveitando o post, aquela vez que conversamos sobre o tal de Agent.APKO que estava infectando a máquina de uns clientes meus, você não descobriu mais nada?

Abraço.

luisednardo · 28/01/2009

Amigo Lancer IX,
O grande criador desse tópico e nosso maior mentor (MR WOLF) teve que se ausentar por tempo indeterminado, mas tentarei te ajudar assim como alguns amigos do fórum.
Sugiro que:
- Faça o download do ComboFix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta, seguido de um outro log do hijackthis por favor amigo Lancer IX

luisednardo · 28/01/2009

Amigo bruno.alb,
O grande criador desse tópico e nosso maior mentor (MR WOLF) teve que se ausentar por tempo indeterminado, mas tentarei te ajudar assim como alguns amigos do fórum.
Na minha opinião seu log está limpo. Vc está encontrando algum sintoma estranho na máquina amigo bruno? Algum outro membro pode divergir da minha opinião mas acredito que esteja tudo ok. :thumbs_up

luisednardo · 28/01/2009

Amigo Carlos MEP,
O seu caso está dando um pouco de trabalho porque as ferramentas que estamos tentando usar não estão tirando as infecções. COmo está seu computador agora? Vc disse anteriormente que estava bem não era? Mas ele ainda possui vários processos e linhas no registro infectadas. Vou copiar e colar algumas que rapidamente pude citar:

C:\WINDOWS\system32\msne.exe (Esse é o vírus do MSN, que fica mandando mensagem automática)
C:\WINDOWS\system32\svchost.exe.exec
C:\WINDOWS\system32\svchost.exe.ex1
C:\WINDOWS\system32\svchost.exe.bat
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = Ghnauhsieufh.dll ; tgajnjdojmhe.exe
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\system32\ljjigghau.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\Arcade\WINDOWS\system32\j.exe
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navaunhsyshext5.dll
O4 - HKLM\..\Run: [msne.exe] C:\WINDOWS\system32\msne.exe
O16 - DPF: {33331111-1111-1111-1111-615111193427} - http://www.www2.ssaabb.com/files/epl221bf2.cab

Essas linhas são as que tenho certeza estarem infectadas. Não quis te deixar apavorado com isso mas ainda temos que trabalhar no seu caso. Se consegue usar seu computador normalmente, sugiro que enquanto não resolvermos seu caso, não entre no MSN e nem acesse seus bancos online. Vou discutir com o GustavoMPO uma maneira de resolver isso.
Abraços Carlos MEP

Remoção de vírus

1, 2, 3...4!!!

Malware Removal

Active Member

1, 2, 3...4!!!

Active Member

Antigo Snoopy

know-it-all Member

Spider's

Active Member

know-it-all Member

Active Member

know-it-all Member

Active Member

know-it-all Member

Spider's

Active Member

know-it-all Member

Active Member

New Member

Attachments

New Member

EVO IX

House Music Lover

Spider's

Spider's

Spider's

Users who are viewing this thread