[rsteenoven]

Eu li que isso é ruim, eu não tenho o Internet Explorer aberto, mas ele ainda está em execução no meu task manager (eu não penso que é suposto ser em maiúsculas), ele está a abrandar o meu computador. É um vírus? spyware etc?

Como faço para removê-lo?

[evilfantasy]

Permite ter uma olhada rápida.

Download e renomear HijackThis (HJT)

• Dê um duplo clique sobre HJTInstall.
• Clique sobre a Instalar botão.
• Será automaticamente no lugar HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
• Após a instalação, HijackThis deve abrir para você.
  • Fechar HijackThis e renomeá-lo.
  • Vá para C: \ Program Files \ Trend Micro \HijackThis.exe
  • Clique direito sobre HijackThis.exe e selecione Renomeie.
  • Tipo de sniper.exe e pressione Digite.
  • Botão direito do mouse ligado sniper.exe e selecione Enviar para > Desktop (criar atalho)
• Na área de trabalho aberto HiackThis.
• Se utilizar o Windows Vista, certifique-se de Executar como administrador
• Clique sobre a Faça um sistema de digitalizar e salvar um arquivo de log botão
• HijackThis fará a varredura e, em seguida, será aberto um log no Bloco de Notas.
• Copie e cole o log na sua postagem.
  • Não HijackThis correção tem nada ainda. A maior parte do que ele encontra serão inofensivos ou mesmo exigido.

Mesmo que temos HijackThis renomeado para sniper, vamos ainda se referem a ele como HijackThis ou HJT.

[rsteenoven]

Por alguma razão eu cant IEXPLORE.exe ver aqui, mas é definitivamente na TM

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 7:02:55, em 1/15/2008
Plataforma: Windows XP SP2 (WinNT 5/01/2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Windows Live \ Messenger \ usnsvc.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Windows Media Player \ Wmplayer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no arquivo)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Second bat criativo pico] C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Axis Readme Second Bat \ mortos lite.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb mais noun.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Enviar para o OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & final para o OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
Fim do processo - 7104 bytes

[evilfantasy]

Sim você tem algumas más infecções.

Passo 1

Faça o download NoLop.exe para o Desktop:

• Feche quaisquer programas em execução desde que tenha uma reinicialização é necessária
• Dê um clique duplo NoLop.exe para executá-lo
• Em seguida, clique no botão: Search and Destroy
  <<Your computador será agora digitalizado para infectados files>>
• Quando a pesquisa estiver concluída, se infectada, é-lhe pedido para reiniciar
• Clique em OK
• Agora, clique em: REBOOT
• Uma mensagem deverá popup de NoLop. Se não, faça duplo clique no programa novamente e ele irá terminar.
• Publique o conteúdo da C: \ NoLop.log na próxima resposta.

Nota: Se você receber um erro ", Mscomctl.ocx ou uma de suas dependências não estão correctamente registados," faça o download para o seu Mscomctl.ocx pasta system32 então execute novamente o programa.

---------------

Passo 2

Baixar SUPERAntiSpyware Free Edition (SAS)

• Dê um duplo clique no ícone na sua área de trabalho para executar o instalador.
• Quando perguntado para Atualizar definições do programa, clique em Sim
• Em seguida clique no Preferências botão.
• Clique no Scanando Controle separador.
• Sob Scanner Opções certifique-se apenas as seguintes estão marcadas:
  • Feche navegadores antes da digitalização
  • Varredura para seguir bolinhos
  • Terminate memória ameaças antes quarantining
  • Por favor, deixe os outros desmarcada.
  • Clique no botão Fechar para sair do centro de controlo tela.
• Clique no Fechar botão para deixar o centro de controlo tela.
• Na tela principal clique Scan seu computador
• À esquerda check C: \ Fixo Drive
• À direita escolher Realize varredura completa
• Clique Próximo para iniciar a digitalização. Por favor, seja paciente enquanto ele verifica o seu computador.
• Completada a pesquisa, um resumo caixa irá aparecer. Clique OK
• Certifique-se de tudo na caixa branca tem uma verificação junto a ele e, em seguida, clique em Próximo
• Será que ela encontrou quarentena e se pergunta se você deseja reiniciar, clique em Sim
• Para obter a remoção informação faça o seguinte:
  • Após a reinicialização, faça duplo clique no ícone SUPERAntiSpyware em seu desktop.
  • Clique Preferências. Clique no Estatísticas / Logs separador.
  • Sob Scanner Logs, clique duas vezes SUPERAntiSpyware Scan Log.
  • Será aberta no seu editor texto padrão (como o Bloco de Notas / Wordpad).
  • Salve o arquivo para seu desktop notepad clicando (no bloco) "Arquivo""Salvar Como"
• Salve o log em algum lugar que você pode facilmente encontrá-lo. (normalmente o desktop)
• Clique em fechar e fechar novamente para sair do programa.
• Por favor, copie e cole o log na sua postagem.

----------

Passo 3

Execute um novo scan HijackThis e postar o log

----------

Próximo post queira acrescentar.
O conteúdo de C: \ NoLop.log
SUPERAntiSpyware log
Nova HijackThis log

Pode demorar mais de um cargo para obter todos os logs destacado. Isso é bom, se for necessário.

[rsteenoven]

Nolop log:

NoLop! Entrar pela Skate_Punk_21

Fix correr a partir de: C: \ Program Files \ Mozilla Firefox
[1/15/2008]
[7:34:10]

--- Infection Files Found/Removed---
C: \ WINDOWS \ Tasks \ ADB7C425918477B9.job

Início Remoção ...
Reiniciando ...
Removendo esgalhar's ficado arquivos / pastas ...
Editando Secretaria ...
** Fix Complete! **

--- --- Listing AppData sub-diretórios

C: \ Documents and Settings \ All Users \ Application Data \ Adobe
C: \ Documents and Settings \ All Users \ Application Data \ Apple
C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
C: \ Documents and Settings \ All Users \ Application Data \ Avg7
C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Axis Readme Second Bat
C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Messenger Plus! - Directório vazio
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Help
C: \ Documents and Settings \ All Users \ Application Data \ Nvidia - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Sony
C: \ Documents and Settings \ All Users \ Application Data \ Temp - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Application Data \ Wlinstaller
C: \ Documents and Settings \ Default User \ Application Data \ Microsoft
C: \ Documents and Settings \ LocalService \ Application Data \ Avg7 - directório vazio
C: \ Documents and Settings \ LocalService \ Application Data \ Microsoft
C: \ Documents and Settings \ LocalService \ Application Data \ Xfire - EMPTY Directory
C: \ Documents and Settings \ NetworkService \ Application Data \ Microsoft
C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire - EMPTY Directory
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Adobe
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Apple Computer
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Avg7
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Bittorrent
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Divx
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Dna
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Dvdcss
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Fotowire
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Gtk-2.0
C: \ Documents and Settings \ Richard \ Application Data \ Identities
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Installshield
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Macromedia
C: \ Documents and Settings \ Richard \ Application Data \ Microsoft
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Monkeyjam
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Mozilla
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Publish Providers - EMPTY Directory
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Real
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ SmartFTP
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Sony
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Sony Setup
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ domingo
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Systemrequirementslab
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ vlc
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Waybowsreal
C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Xfire


Super anti spyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Produzido em 01/15/2008 às 08:32

Aplicação Versão: 3/9/1008

Core Rules Database Version: 3380
Trace Rules Database Version: 1374

Scan type: Complete Scan
Total Scan Time: 00:46:41

Memória itens digitalizados: 385
Memória ameaças detectadas: 0
Secretaria itens digitalizados: 5574
Secretaria ameaças detectadas: 0
Arquivo itens digitalizados: 40825
Arquivo ameaças detectadas: 66

Adware.Tracking Cookie
C: \ Documents and Settings \ Richard \ Cookies \ richard @ cassava [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ fastclick [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ casalemedia [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.ppctracking [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ servindo-sys [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.adserver5 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ carphonewarehouse .112.2 o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@m1.webstats.motig o [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.vlaze [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@reduxads.valuead [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@rotator.adjuggler [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 888 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ uk [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 247realmedia [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adfarm1.adition [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@login.tracking101 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@stats.channel4 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ azjmp [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@partygaming.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ DoubleClick [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ publicidade [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ bluestreak [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anad.tacoda [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ehg-youtube.hitbox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.carnavalca sino [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 60915153 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@tracking.foxnews [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.veoh [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.clash-media [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@a.websponsors [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.casino.bla ckpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@prospect.adbureau [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ adrevolver [3]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.bingo.blac kpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ p [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ Lycos-de [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@eas.apm.emediate [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.zanox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ net-Receitas [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ hitbox [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ revsci [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@statse.webtrendsl ive [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ questionmarket [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.addynamix [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ 2o7 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ pacificpoker [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ Mediaplex [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.xfire [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ atdmt [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ apmebf [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ Partypoker [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ Zedo [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ adrevolver [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adserver.filefron t [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard @ um [1]. Txt

Adware.180solutions/ZangoSearch
C: \ System Volume Information \ _restore (39B7D61A-C471-441E-B6D4-5930E1D582CD) \ RP37 \ A0003673.EXE

Oi jack log:

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 8:38:58, em 1/15/2008
Plataforma: Windows XP SP2 (WinNT 5/01/2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ Arquivos de Programas \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no arquivo)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Second bat criativo pico] C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Axis Readme Second Bat \ mortos lite.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb mais noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Enviar para o OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & final para o OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
Fim do processo - 7041 bytes


Espero que esta seja suficiente

[evilfantasy]

Abrir HijackThis e escolha Faça um sistema de verificação só em seguida, colocar uma marca de verificação ao lado:

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no arquivo)


Feche todas as janelas excepto no HijackThis e clique em Fix controlados

Sair HijackThis.

----------

Faça o download do Combofix por subcategorias de um dos links abaixo.
(Experimente todos os três, se necessário)

• Link # 1
• Link # 2
• Link # 3

IMPORTANTE - Combofix.exe DEVE ser guardadas até à sua Desktop.

• Feche todos os browsers abertos. (Firefox, Internet Explorer, etc)
• Fechar / desativar todos os anti virus e anti malware programas para que não interfiram com Combofix. <- IMPORTANTE
  • Clique em este link para ver uma lista dos programas que devem ser desativados. Se o seu caso não está listado e você não sabe como desativá-lo, por favor, pergunte.
• Dê um clique duplo combofix.exe e siga as instruções.
  • A partir do teclado selecione 1 e pressione Digite
• Quando terminar, ela irá produzir um log para você.
• Post que a log na sua próxima resposta.

Não mouseclick combofix da janela enquanto está a rodar.
O scan irá desativar temporariamente seu desktop.
Se interrompida, pode deixar o seu computador congelado.
Se isto ocorrer, por favor, reinicie para restaurar a área de trabalho.


----------

Próximo post
Combofix log

[rsteenoven]

ComboFix 08-01-15.4 - Richard 2008-01-15 21:03:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.587 [GMT 0:00]
Executando de: C: \ Documents and Settings \ Ricardo \ Desktop \ ComboFix.exe
* Criado um novo ponto restaurar

ATENÇÃO-ESTE NÃO TEM MÁQUINA DE RECUPERAÇÃO CONSOLE INSTALLED!
.

((((((((((((((((((((((((( Arquivos criados a partir de 2007/12/15 a 2008/01/15 ))))))))))) ))))))))))))))))))))
.

2008/01/15 21:03. 2000/08/31 08:00 51,200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008/01/15 19:41. 2008/01/15 20:38 <dir> d -------- C: \ Program Files \ SUPERAntiSpyware
2008/01/15 19:41. 2008/01/15 19:41 <dir> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008/01/15 19:41. 2008/01/15 19:41 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ SUPERAntiSpyware.com
2008/01/15 19:41. 2008/01/15 19:41 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008/01/15 19:34. 2008/01/15 19:36 <dir> d -------- C: \ NoLopBackups
2008/01/15 19:01. 2008/01/15 19:01 <dir> d -------- C: \ Program Files \ Trend Micro
2008/01/15 16:32. 2008/01/15 16:32 <dir> d -------- C: \ Program Files \ WayBowsReal
2008/01/11 10:27. 2005/05/26 15:34 2297552 - a ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008/01/11 10:26. 2008/01/11 10:26 22,328 - a ------ C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ PnkBstrK.sys
2008/01/11 10:25. 2008-01-11 10:25 319 - a ------ C: \ WINDOWS \ game.ini
2008/01/11 10:15. 2008/01/11 10:15 <dir> d -------- C: \ Program Files \ Activision
2008/01/11 10:14. 2008/01/11 10:14 <dir> d - hs ---- C: \ WINDOWS \ ftpcache
2008/01/11 00:29. 2008/01/11 00:29 54,608 - a ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008/01/05 21:00. 2008/01/05 21:00 <dir> d - h ----- C: \ WINDOWS \ $ hf_mig $
2008/01/03 18:41. 2008/01/03 18:41 <dir> d -------- C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Messenger Plus!
2008/01/03 18:00. 2008/01/03 18:00 <dir> d -------- C: \ Program Files \ Messenger Plus! Vivo
2008/01/03 18:00. 2008/01/15 19:36 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ WayBowsReal
2008/01/03 18:00. 2008/01/15 16:33 <dir> d -------- C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Axis Readme Second Bat
2007/12/30 16:54. 2007/12/30 16:54 <dir> d -------- C: \ Program Files \ Whisper Tecnologia
2007/12/30 16:36. 2007/12/30 16:36 <dir> d -------- C: \ Arquivos de Programas \ SmartFTP Client 2/5 Setup Files
2007/12/30 16:36. 2007/12/30 16:36 <dir> d -------- C: \ Arquivos de Programas \ SmartFTP Client
2007/12/30 16:36. 2007/12/30 16:36 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ SmartFTP
2007/12/30 07:48. 2007/12/30 07:48 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Sony
2007/12/30 07:48. 2007/12/30 07:48 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Publish Providers
2007/12/30 07:45. 2007/12/30 07:45 <dir> d -------- C: \ Program Files \ Vstplugins
2007/12/30 07:45. 2007/12/30 07:45 <dir> d -------- C: \ Program Files \ Sony
2007/12/30 07:45. 2007/12/30 07:45 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Sony
2007/12/30 07:39. 2007/12/30 07:39 <dir> d -------- C: \ Program Files \ Sony Setup
2007/12/30 07:39. 2007/12/30 07:39 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Sony Setup
2007/12/29 23:30. 2008/01/15 17:00 54,156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007/12/29 23:30. 2007/12/29 23:30 1409 - a ------ C: \ WINDOWS \ QTFont.for
2007/12/29 15:45. 2007/12/29 15:45 <dir> d -------- C: \ Program Files \ FPS
2007/12/29 15:45. 2007/12/29 15:45 286,720 --------- C: \ WINDOWS \ Setup1.exe
2007/12/29 15:45. 2007/12/29 15:45 73,216 - a ------ C: \ WINDOWS \ ST6UNST.EXE
2007/12/29 12:08. 2004/08/03 23:10 10,880 - a ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007/12/29 12:08. 2004/08/03 23:10 10,880 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007/12/29 12:08. 2004/08/03 22:58 5504 - a ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007/12/29 12:08. 2004/08/03 22:58 5,504 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007/12/29 12:04. 2007/12/29 12:04 <dir> d -------- C: \ SXS
2007/12/29 12:04. 2007/12/29 12:04 <dir> d -------- C: \ Program Files \ Logitech
2007/12/29 12:04. 2007/12/29 12:04 <dir> d -------- C: \ Program Files \ Common Files \ FotoWire
2007/12/29 12:04. 2007/12/29 12:04 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ FotoWire
2007/12/29 12:03. 2007/12/29 12:03 <dir> d -------- C: \ Program Files \ Common Files \ Logitech
2007/12/28 19:09. 2007/12/28 19:46 <dir> d -------- C: \ Program Files \ eMule
2007/12/28 17:29. 2007/12/28 17:29 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ DivX
2007/12/27 00:05. 2007/12/27 00:05 <dir> d -------- C: \ Fraps
2007/12/27 00:05. 2007/12/27 00:05 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2007/12/24 17:11. 2007/07/30 19:19 271,224 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007/12/24 17:11. 2007/07/30 19:19 207,736 - a ------ C: \ WINDOWS \ system32 \ muweb.dll
2007/12/24 17:11. 2007/07/30 19:19 30,072 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007/12/23 21:01. 2008/01/03 20:48 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ gtk-2.0
2007/12/23 21:01. 2007/12/23 21:01 <dir> d -------- C: \ Documents and Settings \ Richard \. Miniaturas
2007/12/23 21:00. 2007/12/23 21:00 <dir> d -------- C: \ Arquivos de Programas \ GIMP-2.0
2007/12/23 21:00. 2008/01/03 20:54 <dir> d -------- C: \ Documents and Settings \ Richard \. Gimp-2.4
2007/12/22 15:39. 2007/12/22 15:39 <dir> d -------- C: \ Program Files \ DNA
2007/12/22 15:39. 2008/01/15 20:56 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ DNA
2007/12/22 15:39. 2007/12/28 19:40 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ BitTorrent
2007/12/22 15:22. 2007/12/22 15:22 <dir> d -------- C: \ Program Files \ Audacity
2007/12/22 15:21. 2007/12/22 15:21 <dir> d -------- C: \ Program Files \ MonkeyJam
2007/12/22 15:21. 2007/12/22 15:21 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ MonkeyJam
2007/12/22 15:21. 2005/02/27 17:11 424,960 - a ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007/12/21 15:27. 2007/12/21 15:27 <dir> d -------- C: \ Arquivos de Programas \ Microsoft Works
2007/12/21 15:27. 2006/10/26 19:56 32,592 - a ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007/12/21 15:26. 2007/12/21 15:26 <dir> d -------- C: \ Program Files \ MSBuild
2007/12/21 15:23. 2007/12/21 15:26 <dir> d -------- C: \ WINDOWS \ ShellNew
2007/12/21 15:22. 2007/12/21 15:22 <dir> dr-h ----- C: \ MSOCache
2007/12/21 15:22. 2007/12/21 15:27 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Help
2007/12/19 19:56. 2007/12/28 13:01 <dir> d -------- C: \ Program Files \ DivX
2007/12/15 23:51. 2007/12/15 23:51 <dir> d -------- C: \ Program Files \ VideoLAN
2007/12/15 23:51. 2007/12/15 23:51 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ vlc
2007/12/15 23:51. 2007/12/15 23:51 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ dvdcss
2007/12/15 23:36. 2007/12/22 15:29 <dir> d -------- C: \ Program Files \ Real
2007/12/15 23:36. 2007/12/15 23:36 <dir> d -------- C: \ Program Files \ Common Files \ Xing partilhada
2007/12/15 23:36. 2007/12/15 23:36 <dir> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/01/15 19:36 --------- d ----- w C: \ Program Files \ Xfire
2008/01/15 17:54 --------- d ----- w C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ AVG7
2008/01/15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008/01/15 17:46 22,328 ---- aw C: \ WINDOWS \ system32 \ drivers \ PnkBstrK.sys
2008/01/15 17:46 107,832 ---- aw C: \ WINDOWS \ system32 \ PnkBstrB.exe
2008/01/15 17:45 --------- d ----- w C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Xfire
2008/01/11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008/01/11 22:26 5,615 ---- aw C: \ Program Files \ install.log
2008/01/11 19:06 66,872 ---- aw C: \ WINDOWS \ system32 \ PnkBstrA.exe
2008/01/11 10:25 --------- d - h - w C: \ Program Files \ InstallShield Informações de instalação
2007/12/22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007/12/21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Territory
2007/12/12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007/12/12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Dados de aplicativos \ NVIDIA
2007/12/12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007/12/12 20:38 --------- d ----- w C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Apple Computer
2007/12/12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007/12/12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007/12/12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007/12/12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2007/12/12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2007/12/10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ Xfire
2007/12/10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire
2007/12/10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007/12/10 18:02 --------- d ----- w C: \ Program Files \ Java
2007/12/10 18:02 --------- d ----- w C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ SystemRequirementsLab
2007/12/10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007/12/10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007/12/10 17:54 --------- d ----- w C: \ Program Files \ Windows Live
2007/12/10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2007/12/10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner v2.06
2007/12/08 22:50 12,464 ---- aw C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007/12/07 18:43 499,712 ---- aw C: \ WINDOWS \ system32 \ msvcp71.dll
2007/12/07 18:43 348,160 ---- aw C: \ WINDOWS \ system32 \ msvcr71.dll
2007/12/07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007/12/07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007/12/07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007/12/07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007/12/07 17:45 --------- d ----- w C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ InstallShield
2007/12/07 17:44 4,716 ---- aw C: \ WINDOWS \ gdrv.sys
2007/12/07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007/12/07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007/12/07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
2007/12/04 01:33 823,296 ---- aw C: \ WINDOWS \ system32 \ divx_xx0c.dll
2007/12/04 01:33 823,296 ---- aw C: \ WINDOWS \ system32 \ divx_xx07.dll
2007/12/04 01:33 802,816 ---- aw C: \ WINDOWS \ system32 \ divx_xx11.dll
2007/12/04 01:33 682,496 ---- aw C: \ WINDOWS \ system32 \ DivX.dll
2007/11/29 22:30 524,288 ---- aw C: \ WINDOWS \ system32 \ DivXsm.exe
2007/11/29 22:30 3.596.288 ---- aw C: \ WINDOWS \ system32 \ qt-dx331.dll
2007/11/29 22:30 200,704 ---- aw C: \ WINDOWS \ system32 \ ssldivx.dll
2007/11/29 22:30 1.044.480 ---- aw C: \ WINDOWS \ system32 \ libdivx.dll
2007/11/29 22:28 81,920 ---- aw C: \ WINDOWS \ system32 \ dpl100.dll
2007/11/29 22:28 196,608 ---- aw C: \ WINDOWS \ system32 \ dtu100.dll
2007/11/28 21:55 156,992 ---- aw C: \ WINDOWS \ system32 \ DivXCodecVersionChecker.exe
2007/11/28 21:53 593,920 ---- aw C: \ WINDOWS \ system32 \ dpuGUI11.dll
2007/11/28 21:53 57,344 ---- aw C: \ WINDOWS \ system32 \ dpv11.dll
2007/11/28 21:53 53,248 ---- aw C: \ WINDOWS \ system32 \ dpuGUI10.dll
2007/11/28 21:53 344,064 ---- aw C: \ WINDOWS \ system32 \ dpus11.dll
2007/11/28 21:53 294,912 ---- aw C: \ WINDOWS \ system32 \ dpu11.dll
2007/11/28 21:53 294,912 ---- aw C: \ WINDOWS \ system32 \ dpu10.dll
2007/11/28 21:52 12,288 ---- aw C: \ WINDOWS \ system32 \ DivXWMPExtType.dll
2007/11/21 18:23 81,920 ---- aw C: \ WINDOWS \ system32 \ frapsvid.dll
2007/10/18 11:31 51,224 ---- aw C: \ WINDOWS \ system32 \ sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legit entradas padrão não são mostrados
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 12:00 15360]
"BitTorrent DNA" = "C: \ Program Files \ DNA \ btdna.exe" [2007-12-22 15:39 290112]
"curblicense" = "C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb mais noun.exe" [2008-01-15 16:32 443904]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"Segundo morcego criativo pico" = "C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Axis Readme Second Bat \ lite.exe morto" [2008-01-15 20:37 1348608]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv; C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0); C: \ WINDOWS \ system32 \ DRIVERS \ CamDrL2 1.sys [2004-02-14 04:09]

* Serviço recém-criado * - PROCEXP90
.
Conteúdo da 'Tarefas agendadas' pasta
"2007-12-12 20:03:45 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

CatchMe 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 21:04:58
5/1/2600 Windows Service Pack 2 NTFS

digitalizar processos escondidos ...

escaneamento automático entradas escondidas ...

digitalizar os arquivos ocultos ...

varredura foi concluída com êxito
ficheiros ocultos: 0

************************************************** ************************
.
Conclusão time: 2008-01-15 21:05:11
.
2008-01-05 21:00:15 --- EOF ---

[evilfantasy]

Excluir esses arquivos / pastas, como se segue:

1. Ir para Iniciar > Correr > Tipo Notepad.exe e clique em OK para abrir o Bloco de Notas.
Ele deve ser Notepad, Wordpad não.

• Clique Iniciar E, em seguida, Correr
• Tipo notepad.exe Na caixa Executar.

2. Copie o negrito texto abaixo, destacando todo o texto e pressionar Ctrl + C


Arquivo::
C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Axis Readme Second Bat \ mortos lite.exe
C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb mais noun.exe

Registro::
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"curblicense" =-
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Segundo morcego pico criativo" =-


3. Vá até a janela e clique em Bloco de notas Editar > Colar
4. Em seguida, clique em Arquivo > Salvar
5. Nome do arquivo CFScript.txt - Salve o arquivo para o seu desktop
6. Em seguida, arraste o CFScript (mantenha o botão esquerdo do mouse ao arrastar o arquivo) e largá-la (liberar o botão esquerdo do mouse) em ComboFix.exe como você vê na imagem abaixo. Importante: Realize estas instruções cuidadosamente!



ComboFix irá começar a executar, basta seguir as instruções na tela.
Após o reboot (no caso ele pede para reiniciar), que irá produzir um log para você.
Post que log (Combofix.txt) em sua próxima resposta.

Nota: Não mouseclick combofix da janela enquanto ele está sendo executado. Isso pode fazer com que seu sistema de congelar

----------

Execute um novo scan HijackThis e postar o log.

----------

Próximo post
Combofix log
Nova HijackThis log

[rsteenoven]

ComboFix 08-01-15.4 - Richard 2008-01-15 22:03:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.560 [GMT 0:00]
Executando de: C: \ Documents and Settings \ Ricardo \ Desktop \ ComboFix.exe
Comando interruptores utilizados:: C: \ Documents and Settings \ Ricardo \ Desktop \ CFScript.txt
* Criado um novo ponto restaurar

ATENÇÃO-ESTE NÃO TEM MÁQUINA DE RECUPERAÇÃO CONSOLE INSTALLED!

FILE
C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb mais noun.exe
C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Axis Readme Second Bat \ mortos lite.exe
.

((((((((((((((((((((((((((((((((((((((( Outros Supressões ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb mais noun.exe
C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Axis Readme Second Bat \ mortos lite.exe

.
((((((((((((((((((((((((( Arquivos criados a partir de 2007/12/15 a 2008/01/15 ))))))))))) ))))))))))))))))))))
.

2008/01/15 21:03. 2000/08/31 08:00 51,200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008/01/15 19:41. 2008/01/15 20:38 <dir> d -------- C: \ Program Files \ SUPERAntiSpyware
2008/01/15 19:41. 2008/01/15 19:41 <dir> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008/01/15 19:41. 2008/01/15 19:41 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ SUPERAntiSpyware.com
2008/01/15 19:41. 2008/01/15 19:41 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008/01/15 19:34. 2008/01/15 19:36 <dir> d -------- C: \ NoLopBackups
2008/01/15 19:01. 2008/01/15 19:01 <dir> d -------- C: \ Program Files \ Trend Micro
2008/01/15 16:32. 2008/01/15 16:32 <dir> d -------- C: \ Program Files \ WayBowsReal
2008/01/11 10:27. 2005/05/26 15:34 2297552 - a ------ C: \ WINDOWS \ system32 \ d3dx9_26.dll
2008/01/11 10:26. 2008/01/11 10:26 22,328 - a ------ C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ PnkBstrK.sys
2008/01/11 10:25. 2008-01-11 10:25 319 - a ------ C: \ WINDOWS \ game.ini
2008/01/11 10:15. 2008/01/11 10:15 <dir> d -------- C: \ Program Files \ Activision
2008/01/11 10:14. 2008/01/11 10:14 <dir> d - hs ---- C: \ WINDOWS \ ftpcache
2008/01/11 00:29. 2008/01/11 00:29 54,608 - a ------ C: \ WINDOWS \ system32 \ xfcodec.dll
2008/01/05 21:00. 2008/01/05 21:00 <dir> d - h ----- C: \ WINDOWS \ $ hf_mig $
2008/01/03 18:41. 2008/01/03 18:41 <dir> d -------- C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Messenger Plus!
2008/01/03 18:00. 2008/01/03 18:00 <dir> d -------- C: \ Program Files \ Messenger Plus! Vivo
2008/01/03 18:00. 2008/01/15 22:03 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ WayBowsReal
2008/01/03 18:00. 2008/01/15 22:03 <dir> d -------- C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Axis Readme Second Bat
2007/12/30 16:54. 2007/12/30 16:54 <dir> d -------- C: \ Program Files \ Whisper Tecnologia
2007/12/30 16:36. 2007/12/30 16:36 <dir> d -------- C: \ Arquivos de Programas \ SmartFTP Client 2/5 Setup Files
2007/12/30 16:36. 2007/12/30 16:36 <dir> d -------- C: \ Arquivos de Programas \ SmartFTP Client
2007/12/30 16:36. 2007/12/30 16:36 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ SmartFTP
2007/12/30 07:48. 2007/12/30 07:48 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Sony
2007/12/30 07:48. 2007/12/30 07:48 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Publish Providers
2007/12/30 07:45. 2007/12/30 07:45 <dir> d -------- C: \ Program Files \ Vstplugins
2007/12/30 07:45. 2007/12/30 07:45 <dir> d -------- C: \ Program Files \ Sony
2007/12/30 07:45. 2007/12/30 07:45 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Sony
2007/12/30 07:39. 2007/12/30 07:39 <dir> d -------- C: \ Program Files \ Sony Setup
2007/12/30 07:39. 2007/12/30 07:39 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Sony Setup
2007/12/29 23:30. 2008/01/15 17:00 54,156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007/12/29 23:30. 2007/12/29 23:30 1409 - a ------ C: \ WINDOWS \ QTFont.for
2007/12/29 15:45. 2007/12/29 15:45 <dir> d -------- C: \ Program Files \ FPS
2007/12/29 15:45. 2007/12/29 15:45 286,720 --------- C: \ WINDOWS \ Setup1.exe
2007/12/29 15:45. 2007/12/29 15:45 73,216 - a ------ C: \ WINDOWS \ ST6UNST.EXE
2007/12/29 12:08. 2004/08/03 23:10 10,880 - a ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007/12/29 12:08. 2004/08/03 23:10 10,880 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007/12/29 12:08. 2004/08/03 22:58 5504 - a ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007/12/29 12:08. 2004/08/03 22:58 5,504 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007/12/29 12:04. 2007/12/29 12:04 <dir> d -------- C: \ SXS
2007/12/29 12:04. 2007/12/29 12:04 <dir> d -------- C: \ Program Files \ Logitech
2007/12/29 12:04. 2007/12/29 12:04 <dir> d -------- C: \ Program Files \ Common Files \ FotoWire
2007/12/29 12:04. 2007/12/29 12:04 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ FotoWire
2007/12/29 12:03. 2007/12/29 12:03 <dir> d -------- C: \ Program Files \ Common Files \ Logitech
2007/12/28 19:09. 2007/12/28 19:46 <dir> d -------- C: \ Program Files \ eMule
2007/12/28 17:29. 2007/12/28 17:29 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ DivX
2007/12/27 00:05. 2007/12/27 00:05 <dir> d -------- C: \ Fraps
2007/12/27 00:05. 2007/12/27 00:05 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2007/12/24 17:11. 2007/07/30 19:19 271,224 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll
2007/12/24 17:11. 2007/07/30 19:19 207,736 - a ------ C: \ WINDOWS \ system32 \ muweb.dll
2007/12/24 17:11. 2007/07/30 19:19 30,072 - a ------ C: \ WINDOWS \ system32 \ mucltui.dll.mui
2007/12/23 21:01. 2008/01/03 20:48 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ gtk-2.0
2007/12/23 21:01. 2007/12/23 21:01 <dir> d -------- C: \ Documents and Settings \ Richard \. Miniaturas
2007/12/23 21:00. 2007/12/23 21:00 <dir> d -------- C: \ Arquivos de Programas \ GIMP-2.0
2007/12/23 21:00. 2008/01/03 20:54 <dir> d -------- C: \ Documents and Settings \ Richard \. Gimp-2.4
2007/12/22 15:39. 2007/12/22 15:39 <dir> d -------- C: \ Program Files \ DNA
2007/12/22 15:39. 2008/01/15 22:03 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ DNA
2007/12/22 15:39. 2007/12/28 19:40 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ BitTorrent
2007/12/22 15:22. 2007/12/22 15:22 <dir> d -------- C: \ Program Files \ Audacity
2007/12/22 15:21. 2007/12/22 15:21 <dir> d -------- C: \ Program Files \ MonkeyJam
2007/12/22 15:21. 2007/12/22 15:21 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ MonkeyJam
2007/12/22 15:21. 2005/02/27 17:11 424,960 - a ------ C: \ WINDOWS \ system32 \ wavdest.ax
2007/12/21 15:27. 2007/12/21 15:27 <dir> d -------- C: \ Arquivos de Programas \ Microsoft Works
2007/12/21 15:27. 2006/10/26 19:56 32,592 - a ------ C: \ WINDOWS \ system32 \ msonpmon.dll
2007/12/21 15:26. 2007/12/21 15:26 <dir> d -------- C: \ Program Files \ MSBuild
2007/12/21 15:23. 2007/12/21 15:26 <dir> d -------- C: \ WINDOWS \ ShellNew
2007/12/21 15:22. 2007/12/21 15:22 <dir> dr-h ----- C: \ MSOCache
2007/12/21 15:22. 2007/12/21 15:27 <dir> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Help
2007/12/19 19:56. 2007/12/28 13:01 <dir> d -------- C: \ Program Files \ DivX
2007/12/15 23:51. 2007/12/15 23:51 <dir> d -------- C: \ Program Files \ VideoLAN
2007/12/15 23:51. 2007/12/15 23:51 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ vlc
2007/12/15 23:51. 2007/12/15 23:51 <dir> d -------- C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ dvdcss
2007/12/15 23:36. 2007/12/22 15:29 <dir> d -------- C: \ Program Files \ Real
2007/12/15 23:36. 2007/12/15 23:36 <dir> d -------- C: \ Program Files \ Common Files \ Xing partilhada
2007/12/15 23:36. 2007/12/15 23:36 <dir> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/01/15 19:36 --------- d ----- w C: \ Program Files \ Xfire
2008/01/15 17:54 --------- d ----- w C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ AVG7
2008/01/15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008/01/15 17:46 22,328 ---- aw C: \ WINDOWS \ system32 \ drivers \ PnkBstrK.sys
2008/01/15 17:45 --------- d ----- w C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Xfire
2008/01/11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008/01/11 22:26 5,615 ---- aw C: \ Program Files \ install.log
2008/01/11 10:25 --------- d - h - w C: \ Program Files \ InstallShield Informações de instalação
2007/12/22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007/12/21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Territory
2007/12/12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007/12/12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Dados de aplicativos \ NVIDIA
2007/12/12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007/12/12 20:38 --------- d ----- w C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ Apple Computer
2007/12/12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007/12/12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007/12/12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007/12/12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2007/12/12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2007/12/10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ Xfire
2007/12/10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire
2007/12/10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007/12/10 18:02 --------- d ----- w C: \ Program Files \ Java
2007/12/10 18:02 --------- d ----- w C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ SystemRequirementsLab
2007/12/10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007/12/10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007/12/10 17:54 --------- d ----- w C: \ Program Files \ Windows Live
2007/12/10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2007/12/10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner v2.06
2007/12/08 22:50 12,464 ---- aw C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007/12/07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007/12/07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007/12/07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007/12/07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007/12/07 17:45 --------- d ----- w C: \ Documents and Settings \ Ricardo \ Dados de aplicativos \ InstallShield
2007/12/07 17:44 4,716 ---- aw C: \ WINDOWS \ gdrv.sys
2007/12/07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007/12/07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007/12/07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
.

((((((((((((((((((((((((((((( Snapshot@2008-01-15_21.05.00.95 )))))))))) )))))))))))))))))))))))))))))))
.
- 2008/01/15 21:03:50 225,280 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000001 \ Ntuser.dat
+ 2008/01/15 22:03:02 225,280 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000001 \ Ntuser.dat
- 2008/01/15 21:03:50 8,192 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000002 \ UsrClass.dat
2008/01/15 22:03:02 8192 + ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000002 \ UsrClass.dat
- 2008/01/15 21:03:50 229,376 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000003 \ Ntuser.dat
+ 2008/01/15 22:03:02 229,376 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000003 \ Ntuser.dat
- 2008/01/15 21:03:50 8,192 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000004 \ UsrClass.dat
2008/01/15 22:03:02 8192 + ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000004 \ UsrClass.dat
- 2008-01-15 21:03:50 3.670.016 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000005 \ Ntuser.dat
+ 2008-01-15 22:03:02 3.670.016 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000005 \ Ntuser.dat
- 2008/01/15 21:03:50 208,896 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000006 \ UsrClass.dat
+ 2008/01/15 22:03:02 208,896 ---- aw C: \ WINDOWS \ erdnt \ Hiv-backup \ Users \00000006 \ UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legit entradas padrão não são mostrados
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 12:00 15360]
"BitTorrent DNA" = "C: \ Program Files \ DNA \ btdna.exe" [2007-12-22 15:39 290112]
"curblicense" = "C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb mais noun.exe" []
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ WINDOWS \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"Segundo morcego criativo pico" = "C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Axis Readme Second Bat \ lite.exe morto" []

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv; C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0); C: \ WINDOWS \ system32 \ DRIVERS \ CamDrL2 1.sys [2004-02-14 04:09]

.
Conteúdo da 'Tarefas agendadas' pasta
"2007-12-12 20:03:45 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

CatchMe 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:05:20
5/1/2600 Windows Service Pack 2 NTFS

digitalizar processos escondidos ...

escaneamento automático entradas escondidas ...

digitalizar os arquivos ocultos ...

varredura foi concluída com êxito
ficheiros ocultos: 0

************************************************** ************************
.
Conclusão time: 2008-01-15 22:06:11 - máquina foi reinicializada
ComboFix-quarantined-files.txt 2008-01-15 22:06:09
ComboFix2.txt 2008-01-15 21:05:12
.
2008-01-05 21:00:15 --- EOF ---


Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 10:07:19, em 1/15/2008
Plataforma: Windows XP SP2 (WinNT 5/01/2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de Programas \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ WINDOWS \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [Second bat criativo pico] C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Axis Readme Second Bat \ mortos lite.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb mais noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Enviar para o OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & final para o OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ WINDOWS \ system32 \ PnkBstrA.exe

--
Fim do processo - 6716 bytes

[evilfantasy]

Ir para Meu Computador-> Ferramentas-> Opções de pasta-> Ver guia:

• Sob a rubrica pastas e arquivos ocultos:
• Selecione Mostrar pastas e arquivos ocultos.
• Desmarque Ocultar arquivos protegidos do sistema operacional (recomendado) opção.
• Além disso, verifique se não existe uma Marca de seleção ao lado Ocultar extensões arquivo para tipos de arquivo conhecidos.
• Clique OK

----------

Prima CTRL + ALT + DEL para abrir Process Monitor. Clique na guia Processos e matar os processos de

lite.exe <<Ou morto Lite.exe
noun.exe <<Ou Nurb mais noun.exe

----------

Abrir HijackThis e escolha Faça um sistema de verificação só em seguida, colocar uma marca de verificação ao lado de: (se encontrado)

O4 - HKLM \ .. \ Run: [Second bat criativo pico] C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Axis Readme Second Bat \ mortos lite.exe
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \ Nurb mais noun.exe

Feche todas as janelas excepto no HijackThis e clique em Fix controlados

Sair HijackThis.

----------

Abra Meu Computador a partir do desktop e locathe e eliminar estes arquivos. (se for encontrado)

C: \ Documents and Settings \ All Users \ Dados de aplicativos \ Axis Readme Second Bat \mortos lite.exe

C: \ DOCUME ~ 1 \ Richard \ Applic ~ 1 \ WAYBOW ~ 1 \Nurb mais noun.exe

----------

Por favor, execute o F-Secure Online Scanner

Nota: Este scanner funciona com o Internet Explorer Apenas!

• Desloque-se para o fundo da página e clique no botão Iniciar digitalização. Irá aparecer uma janela.
• Permitir o controlo Active X para ser instalado em seu computador, clique no botão Accept
• Clique Completa do sistema Scan e permitir que os componentes para fazer o download e para a verificação completa.
• Se malware seja encontrado, verifique Submeter amostras a F-Secure em seguida, selecione Limpeza automática
• Quando tiver finitished limpeza, clique em Exibir relatório (isto irá abrir uma janela do Internet Explorer que contém o relatório)
• Destaque e Copiar (CTRL + C) o relatório completo, e Colar (Ctrl + V) em uma nova resposta para esta postagem
  • Se limpeza automática com amostras trava Enviar, clique em CancelarE, em seguida, Novo Scan
• Quando a limpeza opção é apresentada, Desmarque Submeter amostras a F-Secure
• Clique Limpeza automática
• Quando tiver finitished limpeza, clique em Visualizar relatório (isto irá abrir uma janela do Internet Explorer que contém o relatório)
• Destaque e Copiar (CTRL + C) o relatório completo, e Colar (Ctrl + V) em uma nova resposta para esta postagem
• Esta verificação pode levar algum tempo, por isso, seja paciente

----------

Próximo post adicionar
F-Secure log
Nova HijackThis log