Remoção de vírus

hyan · 02/02/2009

P0rra wolf vlw msm cara vc eh mto gnt boa de mais brow e intendi pra caramba desse assunto de virus e outras m3rdas parabens msm velhow :yes: :lol:

depois se poder me dar umas aulas pq sou completamente idiota nessa parada de virus e outras coisas uma duvida wolf o eset nod32 antivirus eh bom???

vou baixar esse ccleaner slim q nao conhecia hehhe vlwz

e vou ler essas paradas de como evitar virus tbm vlwz ahhh a restauraçao aki eu deixo desativado msm

odeio essa m3rda comendo espaço no hd

ahhh tbm ja reinstalei os navegadores meu aki so o ie q nao sei como se poder dar uma ajuda aew

wolf vlw msm cara vc eh f0da de mais sabe das coisas pra mais de metro brow

thanks brother

abrass

PerfectBlue · 02/02/2009

Instalei o FindyKill e rodei, tá aí o log, já deu pra ver os malditos que eu falava... mas tão na pasta prefetch do Windows...
Ah e esse
Windows Service help=C:\RECYCLER\S-1-5-21-3192281266-7410456852-905514803-7773\winservices.exe
É o maldito que instala sempre no pendrive...

Valeu pela ajuda!!!

###################### [ FindyKill V4.715 ]

# User: User - P4
# Executed from : C:\Arquivos de programas\FindyKill
# Update on 29/01/09 by Chiquitine29
# Start at 21:50:49 the seg 02/02/2009
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.715 - Scan ] ##############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Windows Sidebar\sidebar.exe
C:\Arquivos de programas\Windows Sidebar\sidebar.exe
C:\Arquivos de programas\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\User\CONFIG~1\Temp\880.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe

\\\\\\\\\\\\\\\\\\ [ Infected files / folders ] ///////////////////

################## [ C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Found ! - C:\WINDOWS\prefetch\171.EXE-16C0C3BF.pf
Found ! - C:\WINDOWS\prefetch\323.EXE-2E5E7C04.pf
Found ! - C:\WINDOWS\prefetch\390.EXE-087C6EFA.pf
Found ! - C:\WINDOWS\prefetch\502.EXE-37054C14.pf
Found ! - C:\WINDOWS\prefetch\504.EXE-21D1FCA2.pf
Found ! - C:\WINDOWS\prefetch\549.EXE-165B3138.pf
Found ! - C:\WINDOWS\prefetch\634.EXE-0486F16C.pf
Found ! - C:\WINDOWS\prefetch\823.EXE-219D943E.pf
Found ! - C:\WINDOWS\prefetch\880.EXE-21263476.pf
Found ! - C:\WINDOWS\prefetch\923.EXE-1324D715.pf

################## [ C:\WINDOWS\system32 ]

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\User\Dados de aplicativos ]

################## [ C:\DOCUME~1\User\CONFIG~1\Temp ]

\\\\\\\\\\\\\\\\\\ [ Registry / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
AlcoholAutomount="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
Sidebar=C:\Arquivos de programas\Windows Sidebar\sidebar.exe /autoRun
Windows Service help=C:\RECYCLER\S-1-5-21-2849502165-6062441156-556718455-6353\winservices.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
<NO NAME>=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SoundMan=SOUNDMAN.EXE
AlcWzrd=ALCWZRD.EXE
Alcmtr=ALCMTR.EXE
AVP="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Adobe Acrobat Speed Launcher="C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
<NO NAME>=
Acrobat Assistant 8.0="C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
<NO NAME>=
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

\\\\\\\\\\\\\\\\\\ [ States / Services ] ///////////////////

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

EapHost - # Type of startup = 3

Ip6Fw - # Type of startup = 3

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2

\\\\\\\\\\\\\\\\\\ [ Searching in removable drives ] ///////////////////

# Informations :

C: - Unidade de disco fixo

# Contents of autorun : C:\autorun.inf

[autorun]
icon=%systemroot%\SYSTEM32\SHELL32.Dll,4
Action=Open folder to view files
ShellExecute=vshost.exe

# Presence of files :

Found ! [02/02/2009 20:05][-rahs----] - C:\autorun.inf

\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////

-> Not found !

################## [ ! End of report # FindyKill V4.715 ! ]

Carlos MEP · 02/02/2009

Mr.Wolf disse:
Olá pessoal!

Amigo Carlos MEP, não estou no Brasil. No país onde estou são exatamente 10:42 da manhã do dia 02 de fevereiro. E no dia em que postei minha resposta anterior à você eram 13:33 da tarde.

Oi meu caro rei Mr.Wolf, agora entendi porque respondeu aquela hora. Aqui era 6 da manhã e como esta fora do brasil realmente é diferente né. Tudo de bom ai no internacional.

Bem Mr.Wolf fiz tudo que me disse e cada vez o pc fica melhor nem sei como agradece-lo. O VundoFix ficou mais de 4 horas escaneando é assim mesmo???? ele achava um virus e ficava uns 20 minutos so nele!!!! depois fiz o ResetVundo.reg la e o executei com sucesso.

Seguem os logs dentro do spoiler. E novamente agradeço sua otima vontade em nos ajudar da melhor forma possivel Mr.Wolf, voce merece uma medalha de ouro e de honra.

Atenciosamente

Carlos

Um grande abração pra ti e sucesso no que esta fazendo fora do brasil

VundoFix

VundoFix V7.0.6

Scan started at 11:20:12 2/2/2009

Listing files found while scanning....

C:\WINDOWS\system32\xxyaywu.dll
C:\WINDOWS\system32\uhnajmxbhsu.dll
C:\WINDOWS\system32\ihanjuo.dll
C:\WINDOWS\system32\owuihefhaiSNDIUS\tgankjshui.dll
C:\WINDOWS\system32\hnamksj.dll
C:\WINDOWS\system32\armirbun.ini
C:\WINDOWS\system32\atpsavsr.dll
C:\WINDOWS\system32\khfeday.dll
C:\WINDOWS\system32\unalosp0.dll
C:\WINDOWS\uahnkslo.exe

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V7.0.6

Scan started at 15:52:08 2/2/2009

Listing files found while scanning....

No infected files were found.

Beginning removal...

E o do HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:30, on 2/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe.exec
C:\WINDOWS\system32\svchost.exe.ex1
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.111.10.9:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.111.10.9:3128;local;10.111.10.8:3128
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.174 6\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MONSTER] "C:\Windows\jzamfklz\kwo\ksdm.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolb arNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe (file missing)

--
End of file - 7231 bytes

KinCaiD · 02/02/2009

C deh da uma olhada v c acha algo no log do hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:05, on 2/2/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrador.SERVIDOR2\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\system32\lserver.exe
C:\WINDOWS\system32\tftpd.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.200:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intranet;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-21-3354417457-2684760389-3448181342-1112\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'expedicao1')
O4 - HKUS\S-1-5-21-3354417457-2684760389-3448181342-1121\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'rosangelaj')
O4 - HKUS\S-1-5-21-3354417457-2684760389-3448181342-1123\..\Run: [] (User 'tele1')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Documents and Settings\Administrador.SERVIDOR2\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Documents and Settings\Administrador.SERVIDOR2\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrador.servidor2\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1231179499218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = herwegwts.local
O17 - HKLM\Software\..\Telephony: DomainName = herwegwts.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDE256EC-1A7D-4ADA-853E-E264E20FC440}: NameServer = 10.0.0.52
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = herwegwts.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = herwegwts.local
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe

--
End of file - 6366 bytes

luisednardo · 02/02/2009

Olá Mr Wof,
aí está o log do combofix que me pediu. Mandei junto um novo log do hijackthis. Abração e obrigado por tudo.
P.S.: Só pra matar a gente de inveja, em qual país vc está? Pode nos revelar?

ComboFix 09-02-02.03 - Administrador 2009-02-02 17:56:34.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1023.825 [GMT -2:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\scsaver.exe
E:\Autorun.inf

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-02 to 2009-02-02 ))))))))))))))))))))))))))))
.

2009-02-02 17:38 . 2008-06-13 14:04 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\nodtmpb
2009-02-02 17:38 . 2008-06-13 13:58 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Modelos
2009-02-02 17:38 . 2008-06-13 10:26 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Meus documentos
2009-02-02 17:38 . 2008-06-13 10:26 <DIR> dr------- c:\documents and settings\LogMeInRemoteUser\Menu Iniciar
2009-02-02 17:38 . 2008-06-13 14:07 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Favoritos
2009-02-02 17:38 . 2008-06-13 14:05 <DIR> dr-h----- c:\documents and settings\LogMeInRemoteUser\Dados de aplicativos
2009-02-02 17:38 . 2009-02-02 17:58 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Configurações locais
2009-02-02 17:38 . 2008-06-13 10:26 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Ambiente de rede
2009-02-02 17:38 . 2008-06-13 10:26 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Ambiente de impressão
2009-02-02 17:38 . 2009-02-02 17:38 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser
2009-01-30 13:22 . 2009-01-30 13:22 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\LogMeIn
2009-01-30 13:22 . 2009-02-02 17:36 <DIR> d-------- c:\arquivos de programas\LogMeIn
2009-01-30 13:22 . 2008-10-02 19:45 87,352 --a------ c:\windows\system32\LMIinit.dll
2009-01-30 13:22 . 2008-10-02 19:46 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll
2009-01-30 13:22 . 2008-07-24 18:46 47,640 --a------ c:\windows\system32\drivers\LMIRfsDriver.sys
2009-01-30 13:22 . 2008-10-02 19:45 28,984 --a------ c:\windows\system32\LMIport.dll
2009-01-30 13:22 . 2009-01-30 13:22 1,024 --a------ C:\.rnd
2009-01-30 12:44 . 2009-01-30 12:44 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avg8
2009-01-30 12:27 . 2009-01-30 13:19 <DIR> d-------- C:\HijackThis
2009-01-30 12:27 . 2008-12-11 01:23 812,344 --a------ C:\HJTInstall.exe
2009-01-30 12:26 . 2009-01-30 12:26 <DIR> d--h----- c:\windows\system32\GroupPolicy

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 19:51 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\BrOffice.org2
2009-01-30 14:02 131,072 --sh--r c:\windows\trvtg.exe
2009-01-30 14:02 131,072 --sh--r c:\windows\system32\rcmoz.exe
2009-01-30 14:02 131,072 --sh--r c:\windows\system32\bmizk.exe
2009-01-30 14:02 131,072 --sh--r c:\windows\inf\fkqwu.exe
2009-01-30 14:02 131,072 --sh--r c:\arquivos de programas\Arquivos comuns\uerdv.exe
2008-11-17 09:19 73,728 --sh--r c:\windows\system32\avc35.exe
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"RSetting"="c:\windows\inf\fkqwu.exe" [2009-01-30 131072]
"UserTools"="c:\arquivos de programas\arquivos comuns\uerdv.exe" [2009-01-30 131072]
"CheckS"="c:\windows\config\lmrok.exe" [2009-01-30 131072]
"DeviceSys"="c:\windows\system32\bmizk.exe" [2009-01-30 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Share-to-Web Namespace Daemon"="c:\arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"tDefault"="c:\windows\system32\rcmoz.exe" [2009-01-30 131072]
"Settings"="c:\windows\trvtg.exe" [2009-01-30 131072]
"SystemT"="c:\windows\system\jbzuc.exe" [2009-01-30 131072]
"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\
BrOffice.org 2.3.lnk - c:\arquivos de programas\BrOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
AutoCAD Startup Accelerator.lnk - c:\arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe [2006-03-05 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-02 19:45 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP2014MC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2005-09-19 77312]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-01-30 47640]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79d35061-b4c1-11dd-9313-0013d4feb7e3}]
\Shell\Auto\Command - program.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{904c06c3-4865-11dd-aed9-0013d4feb7e3}]
\Shell\AutoRun\command - avc35.exe
\Shell\explore\command - avc35.exe explore
\Shell\find\command - avc35.exe
\Shell\open\command - avc35.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96273872-cb5e-11dd-9336-0013d4feb7e3}]
\Shell\Auto\Command - F:\program.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1fe8e96-c2bc-11dd-932c-0013d4feb7e3}]
\Shell\AutoRun\command - F:\avc35.exe
\Shell\explore\command - F:\avc35.exe explore
\Shell\find\command - F:\avc35.exe
\Shell\open\command - F:\avc35.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1fe8ea5-c2bc-11dd-932c-0013d4feb7e3}]
\Shell\AutoRun\command - F:\avc35.exe
\Shell\explore\command - F:\avc35.exe explore
\Shell\find\command - F:\avc35.exe
\Shell\open\command - F:\avc35.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7060e9b-3c7e-11dd-aec5-0013d4feb7e3}]
\Shell\AutoRun\command - F:\lgrncie.bat
\Shell\explore\Command - F:\lgrncie.bat
\Shell\open\Command - F:\lgrncie.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd295ca2-443d-11dd-aed3-0013d4feb7e3}]
\Shell\AutoRun\command - F:\avc35.exe
\Shell\explore\command - F:\avc35.exe explore
\Shell\find\command - F:\avc35.exe
\Shell\open\command - F:\avc35.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0012b7c-866c-11dd-92ba-0013d4feb7e3}]
\Shell\AutoRun\command - ermvu8.cmd
\Shell\explore\Command - ermvu8.cmd
\Shell\open\Command - ermvu8.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1ef69d2-3d6b-11dd-aec6-0013d4feb7e3}]
\Shell\AutoRun\command - F:\avc35.exe
\Shell\explore\command - F:\avc35.exe explore
\Shell\find\command - F:\avc35.exe
\Shell\open\command - F:\avc35.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dad00c7f-411e-11dd-aecb-0013d4feb7e3}]
\Shell\AutoRun\command - F:\avc35.exe
\Shell\explore\command - F:\avc35.exe explore
\Shell\find\command - F:\avc35.exe
\Shell\open\command - F:\avc35.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edac4db6-5d60-11dd-926f-0013d4feb7e3}]
\Shell\AutoRun\command - F:\avc35.exe
\Shell\explore\command - F:\avc35.exe explore
\Shell\find\command - F:\avc35.exe
\Shell\open\command - F:\avc35.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fded11ff-bf95-11dd-9328-0013d4feb7e3}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 10.10.10.1:6588
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 17:59:27
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\LMIinit.dll
.
Tempo para conclusão: 2009-02-02 18:02:53
ComboFix-quarantined-files.txt 2009-02-02 20:01:36
ComboFix2.txt 2009-01-30 15:12:38

Pré-execução: 12 pasta(s) 66.062.065.664 bytes disponíveis
Pós execução: 12 pasta(s) 66,110,357,504 bytes disponíveis

181

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:58, on 2/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\ARQUIV~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\windows\trvtg.exe
C:\windows\system\jbzuc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\windows\inf\fkqwu.exe
C:\arquivos de programas\arquivos comuns\uerdv.exe
C:\windows\config\lmrok.exe
C:\windows\system32\bmizk.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\BrOffice.org 2.3\program\soffice.exe
C:\Arquivos de programas\BrOffice.org 2.3\program\soffice.BIN
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.10.1:6588
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Arquivos de programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [tDefault] c:\windows\system32\rcmoz.exe
O4 - HKLM\..\Run: [Settings] c:\windows\trvtg.exe
O4 - HKLM\..\Run: [SystemT] c:\windows\system\jbzuc.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RSetting] c:\windows\inf\fkqwu.exe
O4 - HKCU\..\Run: [UserTools] c:\arquivos de programas\arquivos comuns\uerdv.exe
O4 - HKCU\..\Run: [CheckS] c:\windows\config\lmrok.exe
O4 - HKCU\..\Run: [DeviceSys] c:\windows\system32\bmizk.exe
O4 - HKUS\S-1-5-21-1844237615-1592454029-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-1844237615-1592454029-725345543-1004\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-1844237615-1592454029-725345543-1004\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: BrOffice.org 2.3.lnk = C:\Arquivos de programas\BrOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1213374838265
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

--
End of file - 6670 bytes

PerfectBlue · 02/02/2009

Editei o log do FindyKill no post anterior, mas não consegui editar novamente pra colocar outro log do HijackThis, com o pc resetado e sem eu tentar apagar nada
Apareceram coisas que não tinha no anterior pq eu tinha finalizado eles pelo Gerenciador de Tarefas

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:20, on 2/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Windows Sidebar\sidebar.exe
C:\Arquivos de programas\Windows Sidebar\sidebar.exe
C:\Arquivos de programas\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\User\CONFIG~1\Temp\880.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Sidebar] C:\Arquivos de programas\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Windows Service help] C:\RECYCLER\S-1-5-21-2849502165-6062441156-556718455-6353\winservices.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1218523021921
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{159DF49C-D029-4F83-B532-B6D243E604A4}: NameServer = 200.204.0.10,192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{159DF49C-D029-4F83-B532-B6D243E604A4}: NameServer = 200.204.0.10,192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{159DF49C-D029-4F83-B532-B6D243E604A4}: NameServer = 200.204.0.10,192.168.0.1
O20 - AppInit_DLLs: ??????P,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\adialhk.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll acaptuser32.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)
O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9112 bytes

Mr.Wolf · 03/02/2009

Olá pessoal!

PerfectBlue, isto está sendo causado por um Worm.pif-VT, é um vírus que, além de espalhar em rede, consegue baixar/criar outros malwares em sua máquina. Caso esteja conectado em rede, sugiro que desconecte-se imediatamente. Até mesmo o uso da Internet deve ser controlado, pois afinal, este vírus consegue baixar outros malwares de servidores maliciosos.

Siga as instruções abaixo por favor PerfectBlue.

1ª Etapa

- Execute novamente a ferramenta FindyKill dando dois cliques em seu ícone;
- Tecle E para selcionar a linguagem Inglês. Pressione as teclas 2 > Enter e aguarde;
- Se aparecer uma mensagem de confirmação para a remoção dos virus clique em OK;
- O PC poderá reiniciar duas vezes durante o processo;
- Um novo relatório será criado em C:\FindyKill.txt.

2ª Etapa

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole os logs do FindyKill e ComboFix em sua próxima resposta PerfectBlue.

___________________________________

Carlos MEP, não é normal o VundoFix ter levado quatro horas no scan não. Porém, se tratando do novo vundo, tudo é possível...
Delete a ferramenta VundoFix Carlos. Siga as instruções abaixo.

- Baixe o McAfee Avert Stinger e salve no desktop;
- Desconecte-se da Internte. Reinicie seu computador em Modo de Segurança;
- Execute a ferramenta dando dois cliques em Stinger.exe;
- Clique em Scan Now e aguarde. O scan pode ser um pouco demorado;
- Caso ele consiga detectar as infecções, clique em Remove e aguarde. Seu pc poderá reiniciar duas vezes.

Abra o HijackThis e clique no botão Open the Misc Tools Section. Clique no botão Open ADS Spy e desmarque as duas opções: Quick scan (Windows base folder only) e Ignore safe system info streams.
Clique em Scan e aguarde. Se algo for encontrado, não remova nada! Clique em Save Log e salve o relatório com o nome de sua preferência no computador.

Poste um novo log do HijackThis em sua próxima resposta Carlos MEP.

Mr.Wolf · 03/02/2009

Olá KinCaiD, siga, por gentileza, as instruções do spoiler abaixo.

- Faça o download do Malwarebytes Anti-Malware e salve-o no desktop;

● Dê dois cliques no programa para iniciar a instalação. Selecione o idioma Português (Brasil);
● Ao final da instalação, marque as opções "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em Concluir;
● Após a instalação execute o programa;
● Marque a opção Verificação Completa e depois clique em Verificar. Selecione sua unidade C: e clique no botão Iniciar Verificação;
● Quando o scan terminar, clique em OK e o log será automaticamente aberto para você;
● Se algo for detectado, verifique se todos os itens estão marcados e clique no botão Remover.
OBS: Caso apareça uma mensagem pedindo para que você reinicie o computador para completar o processo de remoção, reinicie-o imediatamente;
● O log pode ser consultado clicando em Logs do menu principal também;

Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

___________________________________

Opa amigo luisednardo, estou em Moscou (Rússia), enfrentando um frio de 9 graus negativos.

Siga as instruções abaixo luisednardo.

Selecione e copie o texto abaixo. Cole no Bloco de Notas e salve-o como CFScript.txt no desktop:

Código:

File::
C:\.rnd
c:\windows\trvtg.exe
c:\windows\system32\rcmoz.exe
c:\windows\system32\bmizk.exe
c:\windows\inf\fkqwu.exe
c:\arquivos de programas\Arquivos comuns\uerdv.exe
c:\windows\system\jbzuc.exe
c:\windows\system32\avc35.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RSetting"=-
"UserTools"=-
"CheckS"=-
"DeviceSys"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tDefault"=-
"Settings"=-
"SystemT"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79d35061-b4c1-11dd-9313-0013d4feb7e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{904c06c3-4865-11dd-aed9-0013d4feb7e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96273872-cb5e-11dd-9336-0013d4feb7e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1fe8e96-c2bc-11dd-932c-0013d4feb7e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1fe8ea5-c2bc-11dd-932c-0013d4feb7e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7060e9b-3c7e-11dd-aec5-0013d4feb7e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd295ca2-443d-11dd-aed3-0013d4feb7e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0012b7c-866c-11dd-92ba-0013d4feb7e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1ef69d2-3d6b-11dd-aec6-0013d4feb7e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dad00c7f-411e-11dd-aecb-0013d4feb7e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edac4db6-5d60-11dd-926f-0013d4feb7e3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fded11ff-bf95-11dd-9328-0013d4feb7e3}]
DirLook::
c:\windows\system32\GroupPolicy
SysRst::

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

PerfectBlue · 03/02/2009

Wolf, passei o FindyKill de novo e mandei apagar os arquivos

###################### [ FindyKill V4.715 ]

# User : User - P4
# Executed from : C:\Arquivos de programas\FindyKill
# Update on 29/01/09Nby Chiquitine29
# Start at 9:50:26 the 2009-02-03
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.715 - Deleting ] ###############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe

\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////

################## [ C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

################## [ C:\WINDOWS\system32 ]

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\User\Dados de aplicativos ]

################## [ C:\DOCUME~1\User\CONFIG~1\Temp ]

################## [ C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5 ]

\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

EapHost - # Type of startup = 2

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2

\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

# Informations :

C: - Unidade de disco fixo

# deleting files :

Deleted ! - C:\autorun.inf

\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////

-> Not found !

\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////

Suspect ! - fe8d03923ccc06cf8743b1c7e8947975 C:\Documents and Settings\User\Desktop\Renato\SETool2\setool2lt.exe

\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////

C:\Documents and Settings\User\Meus documentos\Vray fo Sketch-up\Crack
C:\Documents and Settings\User\Meus documentos\Vray fo Sketch-up\Crack\how to crack.txt
C:\Documents and Settings\User\Meus documentos\Vray fo Sketch-up\Crack\msvcp80.dll
C:\Documents and Settings\User\Meus documentos\Vray fo Sketch-up\Crack\msvcr80.dll
C:\Documents and Settings\User\Meus documentos\Vray fo Sketch-up\Crack\vray.dll

################## [ ! End of report # ! ]

E o ComboFix instalou, rodou, mas quando reiniciou ele não passou de novo, nem criou log, repeti 2 vezes pra ter certeza de que não ia passar a segunda vez e foi tudo igual

Segue um log novo do HijackThis, só pra complementar

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19, on 2009-02-03
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Arquivos de programas\Windows Sidebar\sidebar.exe
C:\Arquivos de programas\Windows Sidebar\sidebar.exe
C:\Arquivos de programas\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\DOCUME~1\User\CONFIG~1\Temp\587.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Sidebar] C:\Arquivos de programas\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Windows Service help] C:\RECYCLER\S-1-5-21-2849502165-6062441156-556718455-6353\winservices.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1218523021921
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{159DF49C-D029-4F83-B532-B6D243E604A4}: NameServer = 200.204.0.10,192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{159DF49C-D029-4F83-B532-B6D243E604A4}: NameServer = 200.204.0.10,192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{159DF49C-D029-4F83-B532-B6D243E604A4}: NameServer = 200.204.0.10,192.168.0.1
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll (file missing)
O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8971 bytes

No fim, não sei se deu certo porque os arquivos vshost.exe e autorun.inf, apareceram de novo em C:

Acabei de repetir os procedimentos no outro PC que estava em rede e seguem os logs, nele o ComboFix fez tudo certo, reiniciou e fez o log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:00, on 3/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\windows\softwaredistribution\download\install\STacSV.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\User\CONFIG~1\Temp\801.exe
C:\DOCUME~1\User\CONFIG~1\Temp\927.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Service help] C:\RECYCLER\S-1-5-21-6804593228-6886361236-461749516-8377\winservices.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9387692E-DB41-42AF-ABDD-570105DB4E74}: NameServer = 200.204.0.10,192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\adialhk.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\windows\softwaredistribution\download\install\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe

--
End of file - 7413 bytes

###################### [ FindyKill V4.715 ]

# User : User - C2D
# Executed from : C:\Arquivos de programas\FindyKill
# Update on 29/01/09Nby Chiquitine29
# Start at 10:11:28 the ter 03/02/2009
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.715 - Deleting ] ###############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe

\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////

################## [ C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\043.EXE-35FFA4E4.pf

################## [ C:\WINDOWS\system32 ]

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\User\Dados de aplicativos ]

################## [ C:\DOCUME~1\User\CONFIG~1\Temp ]

################## [ C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5 ]

\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

EapHost - # Type of startup = 2

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2

\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

# Informations :

C: - Unidade de disco fixo

# deleting files :

Deleted ! - C:\autorun.inf

\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////

-> Not found !

\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////

Suspect ! - 1f212a16e5b300e4890855d71c13179e C:\Nexon\MapleStory\MapleStory.exe

\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////

C:\Documents and Settings\User\Dados de aplicativos\uTorrent\Adobe Photoshop CS3 Extended + Crack.torrent
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\Crack
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\Deployment.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\Instructions.nfo
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\Setup.exe
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\Torrent downloaded from Demonoid.com.txt
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\VersionInfo.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\WinBootstrapper.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\WinBootstrapper1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\Crack\Photoshop.exe
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeALMAnchorServiceAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeAssetServices3All
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeAUM5.1All
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeBridge2All
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeCameraRaw4.0All
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeCMapsAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorCommonSetAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorEU_ExtraSettingsAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorNA_RecommendedAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorPhotoshopAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeFontsAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeHelpViewerAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeLinguisticsAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePDFL8All
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePDFSettingsNAEU
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePhotoshop10en_US
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeStockPhotos1.5All
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeTypeSupportAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeVersionCueClient3All
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeWinSoftLinguisticsPluginAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeXMPPanelsAll
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\BridgeStartMeeting
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\setup.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeALMAnchorServiceAll\AdobeALMAnchorServiceAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeALMAnchorServiceAll\AdobeALMAnchorServiceAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeALMAnchorServiceAll\AdobeALMAnchorServiceAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeALMAnchorServiceAll\AdobeALMAnchorServiceAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeAssetServices3All\AdobeAssetServices3All.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeAssetServices3All\AdobeAssetServices3All.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeAssetServices3All\AdobeAssetServices3All.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeAssetServices3All\AdobeAssetServices3All1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeAUM5.1All\AdobeAUM5.1All.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeAUM5.1All\AdobeAUM5.1All.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeAUM5.1All\AdobeAUM5.1All.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeAUM5.1All\AdobeAUM5.1All1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeBridge2All\AdobeBridge2All.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeBridge2All\AdobeBridge2All.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeBridge2All\AdobeBridge2All.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeBridge2All\AdobeBridge2All1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeCameraRaw4.0All\AdobeCameraRaw4.0All.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeCameraRaw4.0All\AdobeCameraRaw4.0All.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeCameraRaw4.0All\AdobeCameraRaw4.0All.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeCameraRaw4.0All\AdobeCameraRaw4.0All1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeCMapsAll\AdobeCMapsAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeCMapsAll\AdobeCMapsAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeCMapsAll\AdobeCMapsAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeCMapsAll\AdobeCMapsAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorCommonSetAll\AdobeColorCommonSetAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorCommonSetAll\AdobeColorCommonSetAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorCommonSetAll\AdobeColorCommonSetAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorCommonSetAll\AdobeColorCommonSetAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorEU_ExtraSettingsAll\AdobeColorEU_ExtraSettingsAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorEU_ExtraSettingsAll\AdobeColorEU_ExtraSettingsAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorEU_ExtraSettingsAll\AdobeColorEU_ExtraSettingsAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorEU_ExtraSettingsAll\AdobeColorEU_ExtraSettingsAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorEU_ExtraSettingsAll\en_US.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorEU_ExtraSettingsAll\ja_JP.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorEU_ExtraSettingsAll\ko_KR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorEU_ExtraSettingsAll\zh_CN.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorEU_ExtraSettingsAll\zh_TW.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\AdobeColorJA_ExtraSettingsAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\AdobeColorJA_ExtraSettingsAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\AdobeColorJA_ExtraSettingsAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\AdobeColorJA_ExtraSettingsAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\ar_AE.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\cs_CZ.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\da_DK.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\de_DE.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\el_GR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\en_GB.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\en_US.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\es_ES.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\fi_FI.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\fr_FR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\hu_HU.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\it_IT.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\nb_NO.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\nl_NL.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\pl_PL.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\pt_BR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\ru_RU.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\sv_SE.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorJA_ExtraSettingsAll\tr_TR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorNA_RecommendedAll\AdobeColorNA_RecommendedAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorNA_RecommendedAll\AdobeColorNA_RecommendedAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorNA_RecommendedAll\AdobeColorNA_RecommendedAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorNA_RecommendedAll\AdobeColorNA_RecommendedAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorNA_RecommendedAll\en_US.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorPhotoshopAll\AdobeColorPhotoshopAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorPhotoshopAll\AdobeColorPhotoshopAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorPhotoshopAll\AdobeColorPhotoshopAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeColorPhotoshopAll\AdobeColorPhotoshopAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\AdobeDefaultLanguageCS3All.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\AdobeDefaultLanguageCS3All.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\AdobeDefaultLanguageCS3All.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\AdobeDefaultLanguageCS3All1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\ar_AE.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\bg_BG.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\ca_ES.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\cs_CZ.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\da_DK.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\de_DE.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\el_GR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\en_GB.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\en_US.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\es_ES.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\et_EE.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\fi_FI.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\fr_FR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\he_IL.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\hr_HR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\hu_HU.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\it_IT.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\ja_JP.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\ko_KR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\lt_LT.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\lv_LV.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\nb_NO.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\nl_NL.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\pl_PL.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\pt_BR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\ro_RO.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\ru_RU.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\sk_SK.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\sl_SI.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\sv_SE.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\tr_TR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\uk_UA.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\zh_CN.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDefaultLanguageCS3All\zh_TW.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\AdobeDeviceCentralAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\oem
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Bitte lesen.html
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Ilgeobogi.html
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Lees mij.html
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Leggimi.html
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Lisez-moi.html
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 L‚ame.html
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Oyomikudasai.html
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Read Me.html
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Tu Wo Tang An.html
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Viktigt.html
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeDeviceCentralAll\oem\Adobe Device Central CS3\Device Central CS3 Zishu.html
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\AdobeExtendScriptToolKitAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\ar_AE.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\be_BY.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\bg_BG.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\ca_ES.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\cs_CZ.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\da_DK.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\de_DE.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\el_GR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\en_GB.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\en_US.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\en_XC.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\en_XM.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\es_ES.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\es_QM.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\et_EE.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\fi_FI.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\fr_FR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\fr_XM.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\he_IL.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\hi_IN.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\hr_HR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\hu_HU.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\is_IS.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\it_IT.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\ja_JP.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\ko_KR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\lt_LT.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\lv_LV.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\mk_MK.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\nb_NO.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\nl_NL.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\pl_PL.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\pt_BR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\ro_RO.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\ru_RU.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\sh_YU.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\sk_SK.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\sl_SI.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\sq_AL.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\sv_SE.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\th_TH.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\tr_TR.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\uk_UA.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\vi_VN.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\zh_CN.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeExtendScriptToolKitAll\zh_TW.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeFontsAll\AdobeFontsAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeFontsAll\AdobeFontsAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeFontsAll\AdobeFontsAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeFontsAll\AdobeFontsAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeHelpViewerAll\AdobeHelpViewerAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeLinguisticsAll\AdobeLinguisticsAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeLinguisticsAll\AdobeLinguisticsAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeLinguisticsAll\AdobeLinguisticsAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeLinguisticsAll\AdobeLinguisticsAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePDFL8All\AdobePDFL8All.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePDFL8All\AdobePDFL8All.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePDFL8All\AdobePDFL8All.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePDFL8All\AdobePDFL8All1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePDFSettingsNAEU\AdobePDFSettingsAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePDFSettingsNAEU\AdobePDFSettingsAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePDFSettingsNAEU\AdobePDFSettingsAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePDFSettingsNAEU\AdobePDFSettingsAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePhotoshop10en_US\AdobePhotoshop10en_US.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePhotoshop10en_US\AdobePhotoshop10en_US.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePhotoshop10en_US\AdobePhotoshop10en_US.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePhotoshop10en_US\AdobePhotoshop10en_US1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobePhotoshop10en_US\en_US.mst
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeStockPhotos1.5All\AdobeStockPhotos1.5All.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeStockPhotos1.5All\AdobeStockPhotos1.5All.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeStockPhotos1.5All\AdobeStockPhotos1.5All.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeStockPhotos1.5All\AdobeStockPhotos1.5All1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeTypeSupportAll\AdobeTypeSupportAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeTypeSupportAll\AdobeTypeSupportAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeTypeSupportAll\AdobeTypeSupportAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeTypeSupportAll\AdobeTypeSupportAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeVersionCueClient3All\AdobeVersionCueClient3All.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeVersionCueClient3All\AdobeVersionCueClient3All.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeVersionCueClient3All\AdobeVersionCueClient3All.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeVersionCueClient3All\AdobeVersionCueClient3All1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeWinSoftLinguisticsPluginAll\AdobeWinSoftLinguisticsPluginAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeWinSoftLinguisticsPluginAll\AdobeWinSoftLinguisticsPluginAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeWinSoftLinguisticsPluginAll\AdobeWinSoftLinguisticsPluginAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeWinSoftLinguisticsPluginAll\AdobeWinSoftLinguisticsPluginAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\AdobeXMPPanelsAll\AdobeXMPPanelsAll1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\BridgeStartMeeting\BridgeStartMeeting.boot.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\BridgeStartMeeting\BridgeStartMeeting.msi
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\BridgeStartMeeting\BridgeStartMeeting.proxy.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\payloads\BridgeStartMeeting\BridgeStartMeeting1.cab
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsInstaller-KB893803-v2-x86.exe
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsServer2003-KB898715-ia64-enu.exe
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsServer2003-KB898715-x64-enu.exe
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsServer2003-KB898715-x86-enu.exe
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\redist\WindowsXP-KB898715-x64-enu.exe
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\common
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\main.html
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\main.xml
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\media
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\common\alert
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\common\scripts
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\common\alert\alert.css
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\common\alert\alert.html
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\common\alert\alert_ie.css
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\common\scripts\ContainerProxy.js
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\common\scripts\localization.js
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\common\scripts\silentWorkflow.js
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\common\scripts\utils.js
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\media\css
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\media\img
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\media\css\styles.css
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\media\img\progbarLeft_on.png
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\media\img\progbarRight.png
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\media\img\progbar_on.png
C:\Documents and Settings\User\Meus documentos\Downloads\Adobe Photoshop CS3 Extended + Crack\resources\media\img\progbox.png
C:\Arquivos de programas\Gpotato\Flyff\SFX\sfx_sklassknuburstcrack01.sfx
C:\Arquivos de programas\Gpotato\Flyff\Sound\PcSkillD-Burstcrack.wav
C:\Arquivos de programas\Steam\SteamApps\dark_harpuia\garrysmod\garrysmod\addons\Phoenix-Storm\sound\phx\eggcrack.wav

################## [ ! End of report # ! ]

ComboFix 09-02-02.04 - User 2009-02-03 10:32:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2030.1565 [GMT -2:00]
Executando de: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *enabled*
* Criado um novo ponto de restauro
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\arquivos de programas\temp.tmp

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-03 to 2009-02-03 ))))))))))))))))))))))))))))
.

2009-02-03 10:06 . 2009-02-03 10:26 <DIR> d-------- c:\arquivos de programas\FindyKill
2009-02-03 10:04 . 2009-02-03 10:05 <DIR> d-------- C:\HijackThis
2009-02-03 03:17 . 2009-02-03 03:17 220,672 -r-hs---- C:\vshost.exe
2009-02-02 21:14 . 2009-02-02 21:14 <DIR> d-------- c:\documents and settings\User\Tracing
2009-02-02 21:09 . 2009-02-02 21:09 <DIR> d-------- c:\arquivos de programas\Microsoft
2009-02-02 21:08 . 2009-02-02 21:08 <DIR> d-------- c:\arquivos de programas\Windows Live SkyDrive
2009-02-02 20:52 . 2009-02-02 20:52 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Windows Live
2009-02-01 07:24 . 2003-10-27 14:06 140,488 --a------ c:\windows\system32\comdlg32.ocx
2009-02-01 07:24 . 2003-10-27 14:06 115,016 --a------ c:\windows\system32\MSINET.OCX
2009-02-01 07:24 . 2003-10-27 14:06 89,360 --a------ c:\windows\system32\VB5DB.DLL
2009-02-01 07:24 . 2003-10-27 14:06 69,632 --a------ c:\windows\system32\xmltok.dll
2009-02-01 07:24 . 2003-10-27 14:06 36,864 --a------ c:\windows\system32\xmlparse.dll
2009-02-01 07:24 . 2003-10-27 14:06 35,840 --a------ c:\windows\system32\comdlg32.oca
2009-02-01 07:24 . 2003-10-27 14:06 29,184 --a------ c:\windows\system32\MSINET.oca
2009-02-01 07:24 . 2003-10-27 14:06 26,096 --a------ c:\windows\system32\xmlinst.exe
2009-02-01 07:24 . 2003-10-27 14:06 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-02-01 07:21 . 2009-02-01 07:24 <DIR> d-------- c:\arquivos de programas\UBISOFT
2009-01-23 00:23 . 2009-01-23 00:23 <DIR> d-------- c:\arquivos de programas\CCleaner
2009-01-22 23:12 . 2009-01-22 23:32 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-01-22 23:12 . 2009-01-22 23:12 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-01-22 23:11 . 2009-01-22 23:11 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2009-01-22 23:11 . 2009-02-03 09:39 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2009-01-22 23:11 . 2009-01-22 23:11 <DIR> d-------- c:\arquivos de programas\Kaspersky Lab
2009-01-22 23:11 . 2009-02-03 11:29 5,419,040 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-22 23:11 . 2009-02-03 11:29 622,624 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-22 23:11 . 2009-02-03 11:29 43,416 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-22 23:11 . 2009-02-03 11:29 3,208 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-22 01:34 . 2009-01-22 01:34 <DIR> d-------- c:\arquivos de programas\Microsoft XNA
2009-01-22 01:25 . 2009-01-22 01:25 <DIR> d-------- c:\arquivos de programas\Beatnik Games
2009-01-14 23:33 . 2009-01-14 23:33 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-01-14 23:32 . 2009-01-22 23:00 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-01-14 23:29 . 2009-01-22 22:56 <DIR> d-------- c:\windows\Internet Logs
2009-01-12 17:03 . 2009-01-12 17:03 <DIR> d-------- c:\arquivos de programas\Dyson
2009-01-11 14:46 . 2009-01-11 14:46 <DIR> d-------- c:\arquivos de programas\Codemasters
2009-01-10 23:36 . 2009-01-10 23:37 <DIR> d-------- c:\documents and settings\User\Dados de aplicativos\Crayon Physics Deluxe
2009-01-10 23:36 . 2009-01-11 00:02 <DIR> d-------- c:\arquivos de programas\Crayon Physics Deluxe Demo
2009-01-10 17:12 . 2009-01-10 17:12 <DIR> d-------- c:\arquivos de programas\Audacity
2009-01-08 19:27 . 2009-01-08 19:34 203 --a------ c:\windows\GSdx9 sse2.INI
2009-01-06 23:55 . 2009-01-10 00:03 <DIR> d-------- c:\documents and settings\User\Dados de aplicativos\skypePM
2009-01-06 23:55 . 2009-01-06 23:55 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-06 23:53 . 2009-01-22 22:54 <DIR> d-------- c:\documents and settings\User\Dados de aplicativos\Skype
2009-01-06 23:53 . 2009-01-06 23:53 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Skype
2009-01-06 23:53 . 2009-01-06 23:53 <DIR> d-------- c:\arquivos de programas\Skype
2009-01-06 23:53 . 2009-01-06 23:53 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Skype
2009-01-06 23:26 . 2009-01-06 23:26 <DIR> d-------- c:\documents and settings\User\Dados de aplicativos\teamspeak2
2009-01-06 23:26 . 2009-01-06 23:50 <DIR> d-------- c:\arquivos de programas\Teamspeak2_RC2
2009-01-06 23:26 . 2009-01-06 23:26 34,064 --a------ c:\windows\system32\lhacm.acm

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 13:29 --------- d-----w c:\documents and settings\User\Dados de aplicativos\WTablet
2009-02-02 23:22 --------- d-----w c:\arquivos de programas\Steam
2009-02-02 23:08 --------- d-----w c:\arquivos de programas\Windows Live
2009-02-01 09:21 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information
2009-01-30 04:02 --------- d-----w c:\arquivos de programas\DivX
2009-01-28 20:47 --------- d-----w c:\arquivos de programas\PaintTool SAI English Pack
2009-01-23 21:11 --------- d-----w c:\arquivos de programas\Lightside - Legend Ragnarok
2009-01-23 20:08 --------- d-----w c:\arquivos de programas\Gravity
2009-01-23 02:06 --------- d-----w c:\arquivos de programas\EA GAMES
2009-01-23 00:50 --------- d-----w c:\arquivos de programas\Arquivos comuns\Apple
2009-01-14 23:58 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2009-01-02 05:12 --------- d-----w c:\arquivos de programas\CFS-Technologies
2008-12-27 13:55 --------- d-----w c:\arquivos de programas\Cakewalk
2008-12-25 14:37 --------- d-----w c:\documents and settings\User\Dados de aplicativos\SYSTEMAX Software Development
2008-12-25 14:37 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SYSTEMAX Software Development
2008-12-25 05:49 --------- d-----w c:\arquivos de programas\Tablet
2008-12-24 19:01 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Test Drive Unlimited
2008-12-23 15:37 --------- d-----w c:\documents and settings\User\Dados de aplicativos\Image Zone Express
2008-12-20 01:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\TechSmith
2008-12-20 01:10 --------- d-----w c:\arquivos de programas\TechSmith
2008-12-20 01:10 --------- d-----w c:\arquivos de programas\Arquivos comuns\TechSmith Shared
2008-12-20 00:37 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP
2008-12-19 06:33 --------- d-----w c:\arquivos de programas\CamStudio
2008-12-19 05:55 --------- d-----w c:\documents and settings\User\Dados de aplicativos\DivX
2008-12-19 05:06 --------- d-----w c:\documents and settings\User\Dados de aplicativos\Webcammax
2008-12-16 20:25 --------- d-----w c:\documents and settings\User\Dados de aplicativos\ZOO Digital Publishing
2008-12-16 20:16 --------- d-----w c:\arquivos de programas\ZOO Digital Publishing
2008-12-14 20:24 --------- d-----w c:\documents and settings\User\Dados de aplicativos\Hamachi
2008-12-14 02:33 --------- d-----w c:\documents and settings\User\Dados de aplicativos\SPORE
2008-12-14 01:38 --------- d-----w c:\arquivos de programas\Electronic Arts
2008-12-13 13:42 --------- d-----w c:\arquivos de programas\Violeiro
2008-12-13 01:14 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Subversion
2008-12-13 00:49 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Media Center Programs
2008-12-13 00:37 --------- d-----w c:\arquivos de programas\THQ
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:26 --------- d-----w c:\documents and settings\User\Dados de aplicativos\Printer Info Cache
2008-12-11 00:45 --------- d-----w c:\arquivos de programas\Hamachi
2008-12-11 00:44 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-12-08 18:00 44 ----a-w c:\arquivos de programas\error_message.txt
2008-12-08 18:00 2,292,201 ----a-w c:\arquivos de programas\CHLOG.TXT
2008-12-08 17:59 479 ----a-w c:\arquivos de programas\R3Engine.ini
2008-12-08 17:59 --------- d-----w c:\arquivos de programas\System
2008-12-08 17:59 --------- d-----w c:\arquivos de programas\NetLog
2008-12-08 17:57 30,511 ----a-w c:\arquivos de programas\Uninstall.ini
2008-12-08 17:57 230,498 ----a-w c:\arquivos de programas\Uninstall.exe
2008-12-08 17:57 --------- d-----w c:\arquivos de programas\SpriteImage
2008-12-08 17:57 --------- d-----w c:\arquivos de programas\Snd
2008-12-08 17:57 --------- d-----w c:\arquivos de programas\HackShield
2008-12-08 17:57 --------- d-----w c:\arquivos de programas\Effect
2008-12-08 17:57 --------- d-----w c:\arquivos de programas\DataTable
2008-12-08 17:57 --------- d-----w c:\arquivos de programas\Chef
2008-12-08 14:33 --------- d-----w c:\arquivos de programas\Temp
2008-12-08 14:33 --------- d-----w c:\arquivos de programas\ScreenShots
2008-12-08 14:33 --------- d-----w c:\arquivos de programas\Map
2008-12-08 14:33 --------- d-----w c:\arquivos de programas\Item
2008-12-08 14:33 --------- d-----w c:\arquivos de programas\Character
2008-12-04 18:35 --------- d-----w c:\documents and settings\User\Dados de aplicativos\Nexon
2008-12-03 23:39 --------- d-----w c:\arquivos de programas\Arquivos comuns\DirectX
2008-11-07 02:24 65,536 ----a-w c:\windows\IFinst27.exe
2008-10-04 17:05 10,141,468 ----a-w c:\arquivos de programas\RF_Online.bin
2008-09-20 17:23 16,842 ----a-w c:\arquivos de programas\LauncherMessage.ini
2008-09-20 03:13 7,421,952 ----a-w c:\arquivos de programas\Just RF CCR.exe
2008-07-28 00:34 48,610 ----a-w c:\arquivos de programas\GameData.edf
2008-06-06 11:25 437,457 ----a-w c:\arquivos de programas\CharacterW.edf
2008-06-06 11:25 437,457 ----a-w c:\arquivos de programas\Character.edf
2008-04-25 15:11 2,127,673 ----a-w c:\arquivos de programas\Language.pak
2007-01-16 17:19 143,360 ----a-w c:\arquivos de programas\Updater.lc
2005-12-16 11:51 126 ----a-w c:\arquivos de programas\Ceba.env
2005-07-14 18:03 69,632 ----a-w c:\arquivos de programas\PurifierA.dll
2005-07-14 18:03 61,440 ----a-w c:\arquivos de programas\StringLoaderA.dll
2004-12-07 13:11 258,352 ----a-w c:\arquivos de programas\unicows.dll
2004-12-03 18:10 77,824 ----a-w c:\arquivos de programas\Adv.dll
2004-12-03 17:36 77,824 ----a-w c:\arquivos de programas\ABuse.dll
2004-10-08 14:34 163,840 ----a-w c:\arquivos de programas\X2PU.dll
2004-09-16 22:19 53,248 ----a-w c:\arquivos de programas\PDLL.dll
2004-08-29 22:31 14,816 ----a-w c:\arquivos de programas\x2prtm.sys
2004-08-18 18:20 184,320 ----a-w c:\arquivos de programas\TcX2G.dll
2004-08-18 18:20 15,264 ----a-w c:\arquivos de programas\x2prm2.sys
2004-08-18 18:20 106,496 ----a-w c:\arquivos de programas\X2PMgr.dll
2004-08-17 18:09 15,264 ----a-w c:\arquivos de programas\x2prm.sys
2004-08-17 18:09 106,496 ----a-w c:\arquivos de programas\X2ProcMon.dll
2004-05-10 22:50 188,416 ----a-w c:\arquivos de programas\X2ReportDll.dll
2003-06-14 21:18 39 ----a-w c:\arquivos de programas\dlctemp.db
2003-01-29 17:10 764,928 ----a-w c:\arquivos de programas\dbghelp.dll
2003-01-20 14:15 349,696 ----a-w c:\arquivos de programas\MSS32.DLL
2003-01-20 14:15 125,952 ----a-w c:\arquivos de programas\mssmp3.asi
2002-09-13 16:17 630 ----a-w c:\arquivos de programas\Sound.ini
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\arquivos de programas\Arquivos comuns\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Windows Service help"="c:\recycler\S-1-5-21-6804593228-6886361236-461749516-8377\winservices.exe" [2009-02-01 101376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-10-16 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.MJPG"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-08-10 02:17 4608 c:\arquivos de programas\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 09:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 18:40 289576 c:\arquivos de programas\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 16:09 413696 c:\arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 16:31 21633320 c:\arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-01 15:23 61440 c:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 05:27 144784 c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
--a------ 2008-04-10 21:07 413696 c:\arquivos de programas\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\AOL\\Loader\\aolload.exe"=
"c:\\Arquivos de programas\\AIM6\\aim6.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\sysreset\\mirc.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Arquivos de programas\\Steam\\SteamApps\\dark_harpuia\\garrysmod\\hl2.exe"=
"c:\\Arquivos de programas\\Steam\\SteamApps\\dark_harpuia\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Arquivos de programas\\Steam\\SteamApps\\dark_harpuia\\source sdk base\\hl2.exe"=
"c:\\Arquivos de programas\\Steam\\SteamApps\\dark_harpuia\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Steam\\SteamApps\\dark_harpuia\\zombie panic! source\\hl2.exe"=
"c:\\Arquivos de programas\\Electronic Arts\\Red Alert 3\\RA3.exe"=
"c:\\Arquivos de programas\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=
"c:\\Arquivos de programas\\Steam\\SteamApps\\dark_harpuia\\synergy\\hl2.exe"=
"c:\\Arquivos de programas\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.4.game"=
"c:\\Arquivos de programas\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"c:\\Arquivos de programas\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Documents and Settings\\All Users\\Documentos\\TDU\\TestDriveUnlimited.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Steam\\SteamApps\\dark_harpuia\\counter-strike source\\hl2.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-08-04 143360]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-25 1373480]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\arquivos de programas\Viewpoint\Common\ViewpointService.exe [2008-08-10 24652]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S3 XDva164;XDva164;\??\c:\windows\system32\XDva164.sys --> c:\windows\system32\XDva164.sys [?]

--- ---

*NewlyCreated* - HELPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C987892}]
c:\recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\RisinG.exe
.
- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-Windows Service help - c:\recycler\S-1-5-21-1976568937-2908462829-913181723-8365\winservices.exe

.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.uol.com.br/
uInternet Settings,ProxyOverride = *.local
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {9387692E-DB41-42AF-ABDD-570105DB4E74} = 200.204.0.10,192.168.0.1
FF - ProfilePath - c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\72q44vj2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br/
FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\arquivos de programas\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\arquivos de programas\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\documents and settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\72q44vj2.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 11:31:53
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(268)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-02-03 11:36:11 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-02-03 13:36:09

Pré-execução: 21 pasta(s) 70.492.815.360 bytes disponíveis
Pós execução: 21 pasta(s) 70,513,897,472 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

345 --- E O F --- 2009-01-14 23:58:16

110 · 03/02/2009

Mr.Wolf, hoje quando liguei o computador o avira nao parava de detectar um virus/trojan:

Virus or unwanted program 'TR/Agent.583680 [trojan]'
detected in file 'C:\WINDOWS\system32\NetSettings.exe.
Action performed: Deny access

Eu mandava o avira ignorar, deletar,etc.. e continuava o avisao , entao desabilitei ele e reabilitei e parou.
O que pode ser isso?

Log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:25, on 3/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\NetSettings.exe
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\cmd.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EssSpkPhone] essspk1.exe -c
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Netsettings] "C:\WINDOWS\System32\NetSettings.exe"
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6839 bytes

Atoledo · 03/02/2009

Olá Mr. Wolf, tudo tranquilo? então estou com outro servidor aqui, ele está normal, só gostaria de saber se o log está 100% limpo..... Obrigado!

Segue em anexo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:32, on 3/2/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
Z:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Arquivos de programas\ADAPTEC\SMBE\SMBE\afaagent.exe
C:\ESM\AlertMan\PROGRAM\AMVMain.exe
C:\WINDOWS\avgagent.exe
C:\ARQUIV~1\Grisoft\AVGTCP~1\avgtcpsv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\esmcmn.exe
C:\WINDOWS\system32\esmda.exe
C:\WINDOWS\system32\esmfs.exe
C:\WINDOWS\system32\esmstrg.exe
E:\NEC\Manager\TaskServiceD.exe
C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe
C:\Arquivos de programas\ADAPTEC\SMBE\SMBE\iomgr.exe
C:\WINDOWS\System32\ismserv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe
C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Arquivos de programas\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\ntfrs.exe
E:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
E:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
e:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lserver.exe
C:\WINDOWS\System32\wins.exe
C:\Arquivos de programas\ADAPTEC\SMBE\SMBE\arcpd.exe
C:\Arquivos de programas\ADAPTEC\SMBE\SMBE\notify.exe
C:\WINDOWS\system32\cmd.exe
E:\oracle\product\10.2.0\db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
E:\oracle\product\10.2.0\db_1\jdk\bin\java.exe
C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
E:\oracle\product\10.2.0\db_1\bin\emagent.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
E:\NEC\COMPRAS\COMPRAS.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
E:\NEC\FOLHAPAGTO\FolhaPagto.exe
E:\NEC\CONTABILIDADE\Contabilidade.Exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\McAfee\Common Framework\McTray.exe
E:\NEC\TaskBar\TaskBar.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
E:\Nec\TaskBar\TaskBar.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
E:\NEC\Manager\Manager.exe
E:\NEC\TaskBar\TaskBar.exe
C:\WINDOWS\system32\mmc.exe
E:\NEC\TaskBar\TaskBar.exe
E:\TIC\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.7:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TaskBar] E:\Nec\TaskBar\TaskBar.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-21-3863436083-4071342154-1662532374-1248\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Estanagel')
O4 - HKUS\S-1-5-21-3863436083-4071342154-1662532374-1740\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'nec')
O4 - HKUS\S-1-5-21-3863436083-4071342154-1662532374-2002\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'jrm')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O10 - Broken Internet access because of LSP provider 'z:\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone: http://www.baboo.com.br
O15 - ESC Trusted Zone: http://www.babooforum.com.br
O15 - ESC Trusted Zone: http://widgets.boo-box.com
O15 - ESC Trusted Zone: http://ivitrine.buscape.com
O15 - ESC Trusted Zone: http://vitrine.buscape.com.br
O15 - ESC Trusted Zone: http://www.ebit.com.br
O15 - ESC Trusted Zone: http://www.google-analytics.com
O15 - ESC Trusted Zone: http://www.google.com.br
O15 - ESC Trusted Zone: http://pagead2.googlesyndication.com
O15 - ESC Trusted Zone: http://ads4106.hotwords.com.br
O15 - ESC Trusted Zone: http://www.java.com
O15 - ESC Trusted Zone: http://www.linuxnarede.com.br
O15 - ESC Trusted Zone: http://search.live.com
O15 - ESC Trusted Zone: http://*.meuip.com.br
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://www.route66.com.br
O15 - ESC Trusted Zone: http://seer.entsupport.symantec.com
O15 - ESC Trusted Zone: http://*.under-linux.org
O15 - ESC Trusted Zone: http://adclient-uol.lp.uol.com.br
O15 - ESC Trusted Zone: http://barra.uol.com.br
O15 - ESC Trusted Zone: http://bn.uol.com.br
O15 - ESC Trusted Zone: http://email.uol.com.br
O15 - ESC Trusted Zone: http://home.noticias.uol.com.br
O15 - ESC Trusted Zone: http://home.tvuol.uol.com.br
O15 - ESC Trusted Zone: http://mail-b.uol.com.br
O15 - ESC Trusted Zone: http://stc.busca.uol.com.br
O15 - ESC Trusted Zone: http://uil.uol.com.br
O15 - ESC Trusted Zone: http://www.uol.com.br
O15 - ESC Trusted Zone: http://www1.folha.uol.com.br
O15 - ESC Trusted Zone: http://m.webtrends.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://yui.yahooapis.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.0.7
O15 - ESC Trusted IP range: http://192.168.0.222
O15 - ESC Trusted IP range: http://192.168.0.226
O15 - ESC Trusted IP range: http://192.168.0.10
O15 - ESC Trusted IP range: http://192.168.0.220
O15 - ESC Trusted IP range: http://192.168.0.221
O15 - ESC Trusted IP range: http://70.84.178.186
O15 - ESC Trusted IP range: http://209.62.61.234
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188912503953
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = itapetininga.sp.gov.br
O17 - HKLM\Software\..\Telephony: DomainName = itapetininga.sp.gov.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{49AA1AAB-6936-4982-B919-9E5043B4D857}: NameServer = 192.168.0.2,200.255.255.70
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = itapetininga.sp.gov.br
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = itapetininga.sp.gov.br
O20 - AppInit_DLLs: C:\WINDOWS\system32\rserver30\newtstop.dll
O23 - Service: Adaptec RAID Remote Services Agent (AAC_AGENT) - Adaptec, Inc. - C:\Arquivos de programas\ADAPTEC\SMBE\SMBE\afaagent.exe
O23 - Service: Alert Manager ALIVE(S) Service (AlertManagerALIVESendService) - Unknown owner - C:\ESM\AlertMan\PROGRAM\AMVALVS.EXE
O23 - Service: Alert Manager Main Service (AlertManagerMainService) - Unknown owner - C:\ESM\AlertMan\PROGRAM\AMVMain.exe
O23 - Service: Alert Manager Socket(S) Service (AlertManagerSocketSendService) - Unknown owner - C:\ESM\AlertMan\PROGRAM\AMVSCKS.EXE
O23 - Service: Adaptec Web Server (ARCPD) - Unknown owner - C:\Arquivos de programas\ADAPTEC\SMBE\SMBE\arcpd.exe
O23 - Service: Adaptec Storage Manager Notifier (ASMBENotify) - Unknown owner - C:\Arquivos de programas\ADAPTEC\SMBE\SMBE\notify.exe
O23 - Service: AVG7 Remote Support Service (AvgAgent) (avgagent) - Unknown owner - avgagent.exe (file missing)
O23 - Service: AVG7 TCP Server (AVGTCPSv) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGTCP~1\avgtcpsv.exe
O23 - Service: ESMCommonService - NEC Corporation - C:\WINDOWS\system32\esmcmn.exe
O23 - Service: ESMDiskArray - NEC Corporation - C:\WINDOWS\system32\esmda.exe
O23 - Service: ESMFSService - NEC Corporation - C:\WINDOWS\system32\esmfs.exe
O23 - Service: ESM Storage Service (ESMStorageService) - NEC Corporation - C:\WINDOWS\system32\esmstrg.exe
O23 - Service: ESRAS Utility Service (ESRAS_Utl) - NEC Corporation - C:\WINDOWS\system32\nvramsrv.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\datasus\firebird1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\datasus\firebird1_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: GRP - Administração Pública (GRPAcertaData) - Unknown owner - E:\NEC\Manager\TaskServiceD.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\Borland\InterBase\bin\ibserver.exe
O23 - Service: Adaptec I/O Manager Server (IOManager) - Unknown owner - C:\Arquivos de programas\ADAPTEC\SMBE\SMBE\iomgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: OracleDBConsoleNEC - Oracle Corporation - E:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
O23 - Service: OracleOraDb10g_home1TNSListenerNEC - Unknown owner - E:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
O23 - Service: OracleServiceNEC - Oracle Corporation - e:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Arquivos de programas\WinPcap\rpcapd.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

--
End of file - 15269 bytes

luisednardo · 03/02/2009

Olá Mr Wolf,
Obrigado por estar me ajudando mais uma vez. Seguem os logs em anexo

P.S.: É Mr Wolf, vc não me faz inveja não!!! heheheeheh
Pode ficar aí no seu frio de rachar que eu prefiro pegar a minha praia no final de semana aqui em Fortaleza

Ver anexo hijackthis.txt

Ver anexo ComboFix.txt

Carlos MEP · 03/02/2009

Caro Mr.Wolf muito obrigado mesmo pela atenção colega. Sou eternamente grato mesmo, como ja te falei cada vez que faço algo que me passas o micro fica bem melhor. O micro agora esta em perfeito estado, gostaria de saber a situaçao dele caríssimo Mr.Wolf??? é critica ainda ou podemos comemorar ja???

Bem passei o McAfee Avert Stinger que foi um escan demorado como tu mesmo me disse caro rei, e depois fiz aquele procedimento com HijackThis e abaixo estao os logs

Atenciosamente

Carlos

Um abração e parabens pela ida a moscou, muitas felicidades pra voce ai caro mestre

Open ADS Spy HijackThis

C:\Arquivos de programas\Windows Media Connect 2\Thumbs.db : encryptable (0 bytes)
C:\Arquivos de programas\Windows Media Player\Network Sharing\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documentos\Minhas imagens\Amostras de imagens\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Administrador\Favoritos\Mozilla Firefox 2.url : favicon (1406 bytes)
C:\Documents and Settings\Administrador\HP\Forting.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrador\HP\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\DSC03047.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\DSC03050.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\DSC03051.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\DSC03055.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\DSC03057.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\DSC03065.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\DSC03070.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\DSC03093.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\DSC03120.JPG : Zone.Identifier (26 bytes)
C:\Documents and Settings\Administrador\Meus documentos\Meus arquivos recebidos\DSC03178.JPG : Zone.Identifier (26 bytes)
C:\WINDOWS\SHELLNEW\Thumbs.db : encryptable (0 bytes)
C:\WINDOWS\system32\dhcp\Thumbs.db : encryptable (0 bytes)
C:\WINDOWS\system32\svchost.exe.bat : encryptable (0 bytes)
C:\WINDOWS\system32\Thumbs.db : encryptable (0 bytes)
C:\WINDOWS\Web\Thumbs.db : encryptable (0 bytes)
C:\WINDOWS\Web\Wallpaper\Thumbs.db : encryptable (0 bytes)

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:40, on 3/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.111.10.9:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.111.10.9:3128;local;10.111.10.8:3128
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.174 6\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolb arNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: BrOffice.org 2.2.lnk = C:\Arquivos de programas\BrOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/actives.../as2stubie.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BandLuxe Service (BandLuxe_Service) - BandRich Inc. - C:\Arquivos de programas\BandRich\BandLuxe HSDPA utility R11\BRService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe (file missing)

--
End of file - 7234 bytes

PS: bahh mestre Mr.Wolf estas 9 graus negativos ai em moscou????? putz

hmy: voce esta aguentando Mr.Wolf???? eu odeio frio viu rapaiz.

VINICIUS GR · 03/02/2009

Desculpem se eu ja fiz esta pergunta antes +++ e porque nao vi minha resposta entao ai vai dnovo.

To meio cansado de ter que Formatar o pc devido os virus.
Bom Mr. wolf queria saber qual antivirus vc me recomenda usar, eu estou usando o avira personal antivirus axo ele bom mais queria um pouco mais de proteçao o que vc recomenda ?
Tbm preciso que vc me endique um firewell bom, e se possivel ensinar como fasso para remover virus do pc ou seja '' tenta me passar ai uns toques para proteger melhor o pc pfff''

Ps: bom sou noob no assunto espero que tenha entendido e me ajude vlw kara:yes::yes::yes::wave::wave::wave:

fungo · 03/02/2009

Msas2009 - o infeliz do falso Microsoft Antispyware 2009

Ola Wolf.

Cara to com um problema daqueles.

Vou esplicar o q aconteceu pra vc ter uma noção.

Sem querer minha irma baixou um arquivo e executou.

Resultado - Instalou o falso MS Anti spyware 2009

Bom, ele simplesmente ferrou tudo.
Eu estava sem antivirus (pois nao tinha nem um dia q o pc havia sido formatado).

Mas como tenho o Kaspersky Internet security 2009, instalei, so q o virus ele bloqueia o acesso a internet. Fui olhar nos Hardwares do PC e vi o q ele faz, ele simplesmente faz com q o windows pense q eu tenho duas placas d rede.

O kaspersky rodando sem atualizar nao achou nada, sem contar q todas as açoes q o virus ia realizando, o kaspersky aceitava e marcava com Low Restriction. Resultado, nao adiaantou nada.

Baixei o HijackThis, apaguei tudo q havia d anormal, mas nao resolveu muito, eu apagava uma coisa, quando reiniciava o pc elas voltavam em dobro.

o ComboFix nao funcionava.

Enfim depois d muitas tentativas e horas na frente do pc eu desisti, e formatei a partição C:

reinstalei o windows e pra minha surpresa alguns minutos depois, as infecções voltaram, e foram voltando aos poucos.

eu as apagava com o combofix, com hijackthis, malware bytes e naaaada adiantava, apagava manualmente no registro e naaada.... sempre voltavam com nome diferente em local diferente.

Resultado. desisti mais uma vez e o PC ta la formatando novamente. Só q desta vez eu deletei a partição C e a recriei pra v c ajuda.

A partição D nao pode ser formatada, pois tem muito conteudo importante eé muuiiita coisa pra q eu possa gravar em DVD.

Bom, o Arquivo q minha irma baixou ja foi deletado.
As unica coisa q deu tempo d instalar foram os drivers d placa d video e som q foram pegos direto dos respectivos sites. Entao, a possibilidade de mim estar executando algo infectado é pequena.

Agora o PC esta com o windows sendo reinstalado, daqui 1hora +- eu termino tudo e venho aqui dizer se esta tudo certo ou se a infecção voltou e ja aproveito e coloco um Log do hijackthis para ver se esta tudo certo.

Acredito q a infecção esteja no D:, mas ja passei ate o norton online e ele nao havia achado nada, apenas dois arquivos infectados no C: q eu posteriormente deletei com o combofix atraves d script e deletei seus registros manualmente.

Espero q assim q o windows terminar a instalação, os problemas nao voltem, mas caso ainda aconteçam eu volto aqui pra t pedir ajuda.

Desde ja agradeço.

KinCaiD · 03/02/2009

MR. wOLF já q vc manja de vírus e como tirar essa pragas
indica um antivírus bom pra servidor, pago ou free se possível e se possível que não perca muito o desempenho.

vlwww

motta021 · 04/02/2009

Caro Mr.Wolf, segue abaixo meu log. Obrigado:yes::yes::yes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:44, on 04/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\system32\wscript.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [avp6_post_install] msiexec.exe /i"C:\ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\english\kis.en.msi"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5655 bytes

lyraal · 04/02/2009

Código:

Link do virus
http://www.iware.si   /images/pictures/Filtro-orkut_beta-v1.4.exe

Perfil do Orkut com script
http://www.orkut.com.br/Main#Profile.aspx?uid=4629055861933058190

Encontrado um script em um perfil do orkut que redireciona ao download de um arquivo executável.
http://www.iware.si/   images/pictures/protecao/orkut_filtro.php

Ferps · 05/02/2009

Boa noite mr wolf, fazia tempo que eu não passava por aqui, hehe
pois bem, notei faz 1~~2 dias que meu pc anda LERDO, coisa que é dificil acontecer pois tenho 2gb de ram, gostaria que me ajudasse a tirar esses virus, se é que tem :yucky::yucky::yucky:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:32, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\cliente\Meus documentos\Arquivos Luiz\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe"
O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe
O4 - Global Startup: RoxRO.lnk = C:\Arquivos de programas\Gravity\RoxRO\RoxRO.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7296DB95-F4EE-4D38-8465-5D3DCF50D247}: NameServer = 200.204.0.10 200.204.0.138
O20 - AppInit_DLLs:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\cliente\CONFIG~1\Temp\AVSETUP_497400d3\basic\avupgsvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9176 bytes

psychobain · 05/02/2009

Mr. Wolf, sou obrigado a te perturbar denovo...eu trouxe um pendrive do trabalho e quando coloquei ele aqui o avast ficou louco, nao parava de apitar mais.....só acusando trojans e mais trojans.

Consegui apagar varios dos arquivos infectados pelo avast (executei no boot, pegou o autorun.inf em 2 hd....alguns .cmd)...mas tenho a impressao de que algo ficou...
Tambem foi criada uma entrada kavo.exe na inicialização.

Uma pasta minha de GB sumiu do explorer (quando eu digito o caminho direto aparece.....bizarro)

log do HT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:20:19, on 5/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Opera\opera.exe
D:\programas\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98349D3D-6D12-454D-B781-AA872E73A25C}: NameServer = 200.204.0.10,204.204.0.138
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

--
End of file - 4052 bytes

Tosko · 06/02/2009

E ae Mr. Wolf , tudo blz? Segue meu log. Tem um arquivo aqui que nao quer ser excluido de jeito nenhum.

Logfile of HijackThis v1.99.1
Scan saved at 09:29:57, on 06/02/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Program DJ\Wireless Switch\wlss.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\VibrateGameDeviceDriver\rfpicon.exe
C:\Program Files (x86)\Program DJ\Program DJ\ProgramDJ.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Olivio\Documents\Download\PC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [WLSS] C:\Program Files (x86)\Program DJ\Wireless Switch\WLSS.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files (x86)\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [Program DJ] "C:\Program Files (x86)\Program DJ\Program DJ\ProgramDJ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Yokay · 06/02/2009

Mr. Wolf pode me ajudar ? Meu PC pegou virus, e nem sei como, mas basicamente é isso aqui que acontece, parece que todo programa q eu deixo ligado 1 tempo, o virus se instala nele, e faz o PC tipo desligar, a tela do meu monitor fica preta, e a luz do lado do botão do monitor que indica q ele esta ligado tem q ficar verde, e quando issoa contece ela fica laranja... sempre que abria o Internet Explorer dps de uns instantes isso acontecia, e dava para ver q o Internet Explorer estava com virus, pq embaixo de onde se digita as URL estava com uma linha estranha que nao tem nele... Passei Avira Antivirus, axou 3 virus, puz em quarentena e dps os exclui... ai o PC ficou de boa, deixei Tibia aberto, um jogo on-line... Um tempo depois, mesma coisa, o PC apagou, reiniciei ele e sempre que eu abria o Tibia dava a mesma coisa... Igual como era com o Internet Explorer, desinstalei e instalei o jogo, ai ficou normal, mas tenho certeza de que meu PC ainda esta infectado, peloamordeDeus, o q eu fasso ?

didifpg · 07/02/2009

Dá uma olhada aí... to achando que to com Vírus aqui...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:10:22, on 7/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\Arquivos de programas\internet explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} (Toontown IE Helper Portuguese) - http://idownload.br.toontown.com/sv1.4.14.8/ttinst-portuguese.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF32D210-948A-4A63-BD02-8938A15D4750}: NameServer = 200.225.197.34 200.225.197.37
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

--
End of file - 7542 bytes

ATIprogamer · 07/02/2009

Mr wolf,mi ajude por favor(dinovo),eu fui ve um trailer de uma serie em um site gringo,ai tinha um negocio antes de ve o video para baixar,eu baixei fui instala,o avira pego uns 4 virus so di entrada,eu botei tudo Deny acess,ai mesmo assim o virus deve te pego,ta lento pra inicia o pc,lento pra abri certos progamas,fica abrindo o IE falando qui meu pc ta com malware mais vc entra em uma pagina de scan online qui é obvia qui é forjada pelo virus,ai abre otra msg falando qui o pc ta com virus mais na janela mostra o icone do progama qui tinha virus,eu ja escaniei com avira,nao pego nada,passei malwarebytes pego 4 virus removi,falo qui alguns nao podiam ser removidos,mais mesmo assim nao resolveu!!!

Me ajude help,nao quero ter que formatar!!!

Mr. Alef · 08/02/2009

vírus

Cara to precisando muito de ajuda...
óh num seii bem se éh um vírus mesmo. Mas talvez com as informações que eu vo le dar vc possa me dizer.

Meo pc tinha 1.768 bm de memória. Mas aii toda vez q eu ia rodar um jogo o pc reiniciava. Aii tireii a memória de 1 gb, e o pc parou de reiniciar... Mas... agora fica corropendo todos os arquivos exe e naum instala nenhum antivirus. (ja tentei Avast, AVG, AV, MacAfee, norton.) E nenhum dar pra instalar.
e tem mais... eu sou web master e web design. e naum ta dando pra instalar nenhum programa da linha Cs da Adobe. Nem Cs1 nem 2 e nem 3 nenhum instala... aparece a messagen que o arquivo esta corrompido.
Ja atrazei um monte de pedido por causa disso.

Todo programa que eu tento instalar que tem arquivos no formato CAB ele diz que esta corrompido.

Vou colocar aki o log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:59:27, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
C:\Arquivos de programas\Vtune\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Free Download Manager\fdm.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\RALINK\Common\RaUI.exe
C:\Arquivos de programas\VIA\RAID\raid_tool.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\ALEFIN~1\CONFIG~1\Temp\wincxwean.exe
C:\DOCUME~1\ALEFIN~1\CONFIG~1\Temp\winkadx.exe
C:\DOCUME~1\ALEFIN~1\CONFIG~1\Temp\winoxrfdt.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Prevx\prevx.exe
C:\Arquivos de programas\Prevx\prevx.exe
C:\Documents and Settings\AlefinhoO\Desktop\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Gainward] C:\Arquivos de programas\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Dados de aplicativos\Memo save stupid creative\cdrom wave.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [active bird] C:\DOCUME~1\ALEFIN~1\DADOSD~1\admindog\IdolStyle.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C111521-DC0D-420A-A24D-4AFDC2839874}: NameServer = 200.255.255.65,200.255.255.66,201.45.250.130
O23 - Service: CSIScanner - Prevx - C:\Arquivos de programas\Prevx\prevx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8514 bytes

Por favor... me ajuda.

Ja tenteii de tudo. Mas como vc falou aki no fórum... agente naum pode se bazear no caso dos outros num éh?

Pois agradeço muito.
ValeoO.

ahh e se der... add no msn aii vc me dar umas dicas de vez em quando. blza?

alef_gda@hotmail.com

valeoO

Remoção de vírus

Member

Blue User

Active Member

Se eu pudesse matava MiL

Spider's

Blue User

Malware Removal

Malware Removal

Blue User

Ou não

Redemoinho Lan House

Spider's

Active Member

Voltando ás atividades...

New Member

Se eu pudesse matava MiL

know-it-all Member

Boom!!

Member

know-it-all Member

GIGANTE DA COLINA

New Member

Member

Active Member

New Member

Users who are viewing this thread