[RB211]

Oi pessoal .. Eu só abriu um e-mail e foi atropelado por um vírus Antivírus XP 2008. Cant se livrar dela. Any help much appreciated ..

[evilfantasy]

Iniciar AQUI

Post os logs quando completa.

[RB211]

Desculpe amigo eu não entendo .. Que queres que eu a ver com isso tudo?

[Hybr! D]

Aproveite o tempo para lê-lo e, em seguida, execute o software e postar os arquivos de log, para que possamos ver o que está acontecendo com o seu PC.

[RB211]

Heres os logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Produzido em 07/05/2008 às 05:20
Aplicação Versão: 4/15/1000
Core Rules Database Version: 3497
Trace Rules Database Version: 1488
Scan type: Quick Scan
Total Scan Time: 00:10:14
Memória itens digitalizados: 268
Memória ameaças detectadas: 1
Secretaria itens digitalizados: 407
Secretaria ameaças detectadas: 26
Arquivo itens digitalizados: 6977
Arquivo ameaças detectadas: 175
Rogue.AntiVirus XP 2008
C: \ PROGRAM FILES \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ PROGRAM FILES \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Antivirus XP 2008 \ Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Antivirus XP 2008 \ How to Register Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Antivirus XP 2008 \ License Agreement.lnk
C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Antivirus XP 2008 \ Register Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Antivirus XP 2008 \ Uninstall.lnk
C: \ Documents and Settings \ All Users \ Menu Iniciar \ Programas \ Antivirus XP 2008
C: \ AA \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
Rogue.Dropper / Gen
[lphctv6j0erel] C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ danny @ servindo-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ burstnet [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ clickbank [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ advertpro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wjnywnc5eeo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserver.mediarun [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 192 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adviva [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-mgnlimited.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ sex-video [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ Mediaplex [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.onestat [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevenue [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.videhost [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pugetsoundsoftwar e [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ publicidade [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ DoubleClick [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.burstnet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@tracking.summitmedia. co [1]. txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tacoda [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ s [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ Kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@data.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ questionmarket [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ roiservice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adbrite [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@counter.hitslink [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserving.muppetism [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [4]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@vhost.oddcast [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@rotator.adjuggler [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@s1.trafficmaxx [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.ookla [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ neocounter2 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.doublepimp [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@te.kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 9167811 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevolver [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ indextools [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ sexyandshocking [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ yadro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@w00tpublishers.wootme dia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@dynamic.media.adrevol ver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wfkokkcjcao.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ atwola [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ Zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adecn [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@mobilefun.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@m1.webstats.motigo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 1068755026 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ specificclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ firstchoice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 2o7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ TradeDoubler [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.techguy [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adultadworld [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-bestbuy.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ firstchoice [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-twi.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ revsci [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@exchange.ggmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adlegend [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@shopping.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-iwantoneofthose.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.digitalrock.co [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 63701567 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ overture [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.clickhype [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ @ danny um [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ bluestreak [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ StatCounter [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ atdmt [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pubmatic [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 247realmedia [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@avgtechnologies.112.2 o7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ Bravenet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@heavycom.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.dealtime [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@server.iad.liveperson [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ fastclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tripé [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ Adtech [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ melhorar [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-systemax.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ gostats [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@network-ca.247realmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ AdRotator [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 1048893890 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.clash-media [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ indexstats [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@test.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@eas.apm.emediate [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ Adtech [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ehg-iwantoneofthose.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@metacafe.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@stat.onestat [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter4.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ atdmt [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@as1.falkag [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@hg1.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@c1.zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter13.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter15.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ adrevolver [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ Zedo [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ targetnet [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@adopt.hbmediapro [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ 2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ atwola [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@stats.searchtrack [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ atdmt [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ quinze [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.fifteen [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflisidjkko.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ Adtech [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@marksandspencer.122 ,2 o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ adrevolver [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@perf.overture [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ windowsmedia [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ StatCounter [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ contas [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflyckcjabo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-debenhams.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@paypal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@tracker.roitesting [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ Bravenet [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@data4.perf.overture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ revsci [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ Mediaplex [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@etype.adbureau [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@112.2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-bskyb.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ads.telegraph.co [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ questionmarket [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ servindo-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indextools [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ 2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ publicidade [2]. Txt
Rogue.AntiSpywareExpert
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC # NextInstance
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Serviço
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Legacy
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ConfigFlags
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Classe
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ClassGUID
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # DeviceDesc
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control # ActiveService
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ty ep
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # St arte
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Er rorControl
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Im agePath
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Di splayName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ob jectName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Op t
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ Se gurança
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ # Se gurança Segurança
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En hum
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En hum # 0
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En hum # Count
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En hum # NextInstance
NotHarmful.Sysinternals Bluescreen Screen Saver
C: \ WINDOWS \ SYSTEM32 \ BLPHCTV6J0EREL.SCR
Trojan.Unclassified / CBEvtSvc
C: \ WINDOWS \ SYSTEM32 \ CBEVTSVC.EXE
C: \ WINDOWS \ prefetch \ CBEVTSVC.EXE-2F4C36CD.pf
Trojan.Unknown Origem
C: \ WINDOWS \ SYSTEM32 \ PHCTV6J0EREL.BMP



Malwarebytes' Anti-Malware 1/19
Database versão: 924
5/1/2600 Windows Service Pack 3
19:22:42 05/07/2008
mbam-log-7-5-2008 (19-22-42). txt
Scan type: Full Scan (C: \ | D: \ | E: \ |)
Objetos digitalizados: 113635
Tempo decorrido: 42 minuto (s), 4 segundo (s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Valores do Registro infectados: 0
Dados de Registro Items Infected: 2
Pastas infectadas: 0
Arquivos infectados: 4
Memory Processes Infected:
(N º itens maliciosos detectados)
Memory Modules Infected:
(N º itens maliciosos detectados)
Registry Keys Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Software Notifier (Rogue.Multiple) -> quarentena e eliminado com sucesso.
Valores do Registro infectados:
(N º itens maliciosos detectados)
Dados de Registro Items Infected:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Policies \ System \ NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> quarentena e eliminado com sucesso.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Policies \ System \ NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> quarentena e eliminado com sucesso.
Folders Infected:
(N º itens maliciosos detectados)
Arquivos Infectados:
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ rp2 \ A0000029.exe (Trojan.Downloader) -> quarentena e eliminado com sucesso.
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ rp2 \ A0000047.dll (Rogue.AntivirusXP2008) -> quarentena e eliminado com sucesso.
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000262.exe (Trojan.Downloader) -> quarentena e eliminado com sucesso.
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000485.dll (Rogue.AntivirusXP2008) -> quarentena e eliminado com sucesso.

JavaRa 1/08 Remoção Log.Report segue após a linha .------------------------------------ O processo de remoção JavaRa Foi iniciado em Sat Jul 05 19:49:54 2008
Encontrado e removido: C: \ Program Files \ Java \ jre1.6.0_05Found e removido: SOFTWARE \ JavaSoft \ Java Runtime Environment \ 1.4Found e removido: SOFTWARE \ Classes \ JavaWebStart.isInstalled.1.5.0.0F ound e removido: Software \ JavaSoft \ Java2D \ 1.5.0_02Found e removido: Software \ JavaSoft \ Java2D \ 1.5.0_04Found e removido: Software \ JavaSoft \ Java2D \ 1.5.0_06Found e removido: Software \ JavaSoft \ Java2D \ 1.5.0_09Found e removido: Software \ JavaSoft \ Java2D \ 1.5.0_10Found e removido: Software \ JavaSoft \ Java2D \ 1.5.0_11Found e removido: SOFTWARE \ Classes \ JavaPlugin.150_02Found e removido: SOFTWARE \ Classes \ JavaPlugin.150_04Found e removido: SOFTWARE \ Classes \ JavaPlugin.150_06Found e removidos: SOFTWARE \ Classes \ JavaPlugin.150_09Found e removido: SOFTWARE \ Classes \ JavaPlugin.150_10--------------------------------- --- Finished relatórios.


Thanks guys

[evilfantasy]

Precisa do HijackThis log agora.

[RB211]

Opa desculpe. Aqui está:

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 20:24:21, em 05/07/2008
Plataforma: Windows XP SP3 (WinNT 5/01/2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ System32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Musicmatch \ Musicmatch Jukebox \ Mmtask.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Unidos Alertas \ UnitedAlerts.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearch.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearchIndexer.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearchFilter.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (arquivo ausente)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Arquivos de Programas \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download e Record Plugin para o Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ arquivos de programas \ google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-gb \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (arquivo ausente)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-gb \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ arquivos de programas \ google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-s
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Program Files \ Musicmatch \ Musicmatch Jukebox \ Mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" update demora 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Alertas Unidos] C: \ Program Files \ Unidos Alertas \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Arquivos de Programas \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Arquivos de Programas \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Arquivos de Programas \ Microsoft Office \ Office10 \ Osa.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search = C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O8 - Extra context menu item: & Google Search - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: & ICQ Toolbar Search - res: / / C: \ Program Files \ ICQToolbar \ toolbaru.dll / SEARCH.HTML
O8 - Extra context menu item: & MSN Search - res: / / C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-gb \ msntb.dll / search.htm
O8 - Extra context menu item: Backward Links - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Instantâneo da página em cache - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra context menu item: Abrir em nova guia fundo - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra context menu item: Abrir em nova guia plano - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra context menu item: Páginas semelhantes - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Traduzir para Inglês - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra button: Medion-Reino Unido - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-IPP4-05D1BAB28801) (RegUserCfgUI Classe) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Arquivos de Programas \ SPAMfighter \ sfus.exe
--
Fim do arquivo - 10438 bytes

[evilfantasy]

Ainda algum trabalho a fazer.

Baixar SDFix.exe e guardá-la para o seu desktop.

Dê um clique duplo SDFix.exe e ele irá extrair os arquivos para% systemdrive%
(Unidade que contém o diretório do Windows, normalmente C: \ SDFix)

Agora, em seguida, reinicie o seu computador em Safe Mode fazendo o seguinte:

• Reinicie o computador
• Depois de ouvir o seu computador apitar uma vez durante a inicialização, mas antes do Windows ícone aparece, toque na tecla F8 continuamente;
• Em vez de carregar o Windows como normal, o menu Opções avançadas deve aparecer;
• Selecione a primeira opção, para executar o Windows no Modo de Segurança e, em seguida, pressione Digite.
• Escolha o seu habitual conta.
• Abra a pasta SDFix extraídos e clique duas vezes RunThis.bat para iniciar o script.
• Tipo Y para iniciar o processo de limpeza.
• Ela irá remover qualquer Trojan Serviços e entradas de registo que se encontra, em seguida, pedir-lhe para pressione qualquer tecla para reiniciar.
• Pressione qualquer tecla e ele irá reiniciar o PC.
• Quando o PC reinicia o Fixtool irá correr novamente e concluir o processo de remoção em seguida, apresentar Finished, Pressione qualquer tecla para terminar o script e carregar seu desktop ícones.
• Após carregar os ícones do desktop SDFix relatório será aberta na tela e também em salvar a pasta SDFix como Report.txt
  (Report.txt também serão copiados para a Área de Transferência).
• Finalmente copie e cole o conteúdo do arquivo resultados Report.txt com um novo HijackThis log na sua próxima resposta.

Se SDFix não será executado ou você receber erros, siga o link para obter instruções sobre como executar o SDFix. Como usar o SDFix

----------

Próximo post adicionar
SDFix log
UM NOVO HijackThis log

[RB211]

OK Próxima logs

SDFix: Version 1,201
Corre por Danny em 05/07/2008 às 21:08
Microsoft Windows XP [Versão 5/1/2600]
Running From: C: \ Músicas \ SDFix
Verificando Serviços :

Restaurar Padrão de Segurança Valores
Restaurar Predefinição Arquivo Hosts
Reinicializar

Verificar Arquivos :
Não Trojan Files Found



Removing Temp Files
ADS Check :


Final Check :
CatchMe 0.3.1361.2 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 21:21:39
5/1/2600 Windows Service Pack 3 NTFS
digitalizar processos escondidos ...
varredura serviços ocultos e sistema colmeia ...
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ serviços es \ BTHPORT \ Parameters \ Keys \ 000c55050b1d]
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ B THPORT \ Parameters \ Keys \ 000c55050b1d]
varredura escondida Registro entradas ...
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Prefetcher]
"TracesProcessed" = dword: 000000aa
"TracesSuccessful" = dword: 00000005
digitalizar os arquivos ocultos ...
varredura foi concluída com êxito
processos ocultos: 0
serviços ocultos: 0
ficheiros ocultos: 0

Restantes serviços :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ serviços es \ SharedAccess \ Parameters \ firewallpolicy \ standard profile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ Sessmgr.exe" = "% windir% \ \ siste M32 \ \ Sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ \ Arquivos de Programas \ \ CA \ eTrust Antivirus \ \ InoRpc.exe" = "C: \ \ Arquivos de Programas \ \ CA \ eTrust Antivirus \ \ InoRpc.exe: *: Enabled: eTrust Antivirus - O servidor RPC "
"C: \ \ Arquivos de Programas \ \ CA \ eTrust Antivirus \ \ InocIT.exe" = "C: \ \ Arquivos de Programas \ \ CA \ eTrust Antivirus \ \ InocIT.exe: *: Enabled: eTrust Antivirus - Local Scanner "
"C: \ \ Arquivos de Programas \ \ CA \ eTrust Antivirus \ \ Realmon.exe" = "C: \ \ Arquivos de Programas \ \ CA \ eTrust Antivirus \ \ Realmon.exe: *: Enabled: eTrust Antivirus - Realtime monitor "
"C: \ \ Arquivos de Programas \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Arquivos de Programas \ \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"C: \ \ Arquivos de Programas \ \ Unidos Alertas \ \ UnitedAlerts.exe" = "C: \ \ Arquivos de Programas \ \ Unidos Alertas \ \ UnitedAlerts.exe"
"C: \ \ Arquivos de Programas \ \ ICQ \ \ Icq.exe" = "C: \ \ Arquivos de Programas \ \ ICQ \ \ Icq.exe: *: Enabled: ICQ"
"C: \ \ Arquivos de Programas \ \ CA \ eTrust Antivirus \ \ Shellscn.exe" = "C: \ \ Arquivos de Programas \ \ CA \ eTrust Antivirus \ \ Shellscn.exe: *: Enabled: Shellscn"
"C: \ \ Arquivos de Programas \ \ iTunes \ \ iTunes.exe" = "C: \ \ Arquivos de Programas \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"C: \ \ StubInstaller.exe" = "C: \ \ StubInstaller.exe: *: E nabled: LimeWire swarmed instalador"
"C: \ \ Arquivos de Programas \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Arquivos de Programas \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ \ Arquivos de Programas \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Arquivos de Programas \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"C: \ \ Arquivos de Programas \ \ BitTorrent_DNA \ \ dna.exe" = "C: \ \ Arquivos de Programas \ \ BitTorrent_DNA \ \ dna.exe: *: Enabled: BitTorren t DNA"
"C: \ \ Program Files \ \ DNA \ \ btdna.exe" = "C: \ \ Program Files \ \ DNA \ \ btdna.exe: *: Enabled: DNA"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20000"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ serviços es \ SharedAccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ Sessmgr.exe" = "% windir% \ \ siste M32 \ \ Sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ \ Arquivos de Programas \ \ Unidos Alertas \ \ UnitedAlerts.exe" = "C: \ \ Arquivos de Programas \ \ Unidos Alertas \ \ UnitedAlerts.exe"
"C: \ \ Arquivos de Programas \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Arquivos de Programas \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20000"
Remaining Files :

Arquivos com Hidden Attributes :
Qua 26 jan 2005 4704 A.SH. --- "C: \ WINDOWS \ system32 \ KGyGaAvL.sys"
Qua. 13 jul 2005 4,348 .. SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Sábado 5 jul 2008 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Seg 13 jun 2005 A. 7420. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar15.tmp"
Seg 13 jun 2005 A. 7420. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar9.tmp"
Seg 13 jun 2005 A. 7420. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ MarA.tmp"
Sábado 5 jul 2008 96 A.. H. --- "C: \ Documents and Settings \ All Users \ Application Data \ avg8 (2) \ scanlogs \ srmcheck.tmp"
Qua. 13 jul 2005 4,348 ... H. --- "C: \ Documents and Settings \ Danny \ Meus Documentos \ Minhas músicas \ License Backup \ drmv1key.bak"
Qua 25 jan 2006 20 A.. H. --- "C: \ Documents and Settings \ Danny \ Meus Documentos \ Minhas músicas \ License Backup \ drmv1lic.bak"
Qua. 13 jul 2005 312 A.SH. --- "C: \ Documents and Settings \ Danny \ Meus Documentos \ Minhas músicas \ License Backup \ drmv2key.bak"
Pronto!


e


Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 21:33:52, em 05/07/2008
Plataforma: Windows XP SP3 (WinNT 5/01/2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ System32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Musicmatch \ Musicmatch Jukebox \ Mmtask.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Unidos Alertas \ UnitedAlerts.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearch.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearchIndexer.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearchFilter.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (arquivo ausente)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Arquivos de Programas \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download e Record Plugin para o Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ arquivos de programas \ google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-gb \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (arquivo ausente)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-gb \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ arquivos de programas \ google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-s
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Program Files \ Musicmatch \ Musicmatch Jukebox \ Mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" update demora 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Alertas Unidos] C: \ Program Files \ Unidos Alertas \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Arquivos de Programas \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Arquivos de Programas \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Arquivos de Programas \ Microsoft Office \ Office10 \ Osa.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search = C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O8 - Extra context menu item: & Google Search - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: & ICQ Toolbar Search - res: / / C: \ Program Files \ ICQToolbar \ toolbaru.dll / SEARCH.HTML
O8 - Extra context menu item: & MSN Search - res: / / C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ en-gb \ msntb.dll / search.htm
O8 - Extra context menu item: Backward Links - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Instantâneo da página em cache - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra context menu item: Abrir em nova guia fundo - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra context menu item: Abrir em nova guia plano - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra context menu item: Páginas semelhantes - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Traduzir para Inglês - res: / / C: \ Arquivos de Programas \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra button: Medion-Reino Unido - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-IPP4-05D1BAB28801) (RegUserCfgUI Classe) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Arquivos de Programas \ SPAMfighter \ sfus.exe
--
Fim do arquivo - 10422 bytes

[evilfantasy]

Preciso de mais algumas informações sobre um jovem de arquivos. Publique aqui os links para os resultados, quando completa.

Scan Suspicious File (s)

Visite Virustotal
(Se mais de um arquivo digitalizado necessidades que deve ser feito separadamente e registra destacados para cada uma)

• Copie o caminho do arquivo na caixa abaixo Código:

Código:

C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe

• Ao fazer o upload do site, clique uma vez dentro da janela ao lado Percorrer.
• Imprensa Ctrl + V no teclado (ambos ao mesmo tempo) para colar o caminho do arquivo na janela.
• Em seguida clique em Enviar Arquivo
  • Seu arquivo será possivelmente entrou em uma fila que normalmente demora menos de um minuto para limpar.
• Isto irá realizar uma varredura em vários vírus diferentes motores.
• Importante: Espere para todos os motores a varredura completa.
• Copie e cole o link para os resultados na próxima resposta.

Agora, fazer o mesmo com este arquivo.

Código:

C: \ Program Files \ Unidos Alertas \ UnitedAlerts.exe