[Coolyxxx]

Oi,
Bem, minha mãe e do firewall baixado algo surgiu com alguma mensagem. De alguma forma ele tem instalado antes que ela me disse. Então, scans estão executando agora, isso pode levar algum tempo, porque isso é um computador lento. Eu não sei o que ele é chamado, porém, é tudo estranho símbolos, e ilegível. Tenho um log HijackThis entanto, pelo menos uma coisa que não tem tempo ...

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 8:53:31, em 31/10/2008
Plataforma: Windows XP SP3 (WinNT 5/01/2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ SYSTEM32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ WINDOWS \ SYSTEM32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ Program Files \ DAP \ DAP.EXE
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe
C: \ Arquivos de Programas \ Spybot - Search & Destroy \ SpybotSD.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Avast4 \ ashSimpl.exe
C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe
C: \ Program Files \ Avast4 \ setup \ avast.setup

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Windows Internet Explorer fornecido por Administrator Kevin
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = local
R3 - URLSearchHook: (no name) - (0A94B116-4504-4e26-AB05-E61E474AA38B) - (no arquivo)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download e Record Plugin para o Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no arquivo)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ RunOnce: [Malwarebytes' Anti-Malware] C: \ Program Files \ Malwarebytes' Anti-Malware \ mbamgui.exe / instalação / silêncio
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Startup: äéò ÉËÙÍÁ ¶ ¶ ¯ ¹. Lnk =?
O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra context menu item: & Baixar com & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra context menu item: Download & all with DAP - C: \ Program Files \ DAP \ dapextie2.htm
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll
O9 - Extra 'Tools' menuitem:? QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1133040258574
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Seiko Epson Corporation - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe

--
Fim do processo - 7692 bytes
_______________________________________________
Qualquer ajuda é apreciada.
BTW. Não consigo encontrar um ícone que parece 'desinstalar' para mim, para desinstalar não será uma opção ...

[Coolyxxx]

Bem. Saí a correr os exames durante a noite, mas SUPERAntiSpyware mantida a encontrar problemas e fechado ... Tenho MalwareBytes login aqui:

Malwarebytes' Anti-Malware 1/30
Database version: 1343
5/1/2600 Windows Service Pack 3

1/11/2008 9:19:03
mbam-log-2008-11-01 (09-19-03). txt

Scan type: Full Scan (C: \ | D: \ | E: \ |)
Objetos digitalizados: 190626
Tempo decorrido: 3 hora (s), 56 minuto (s), 28 segundo (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Valores do Registro infectados: 0
Dados de Registro Items Infected: 0
Pastas infectadas: 0
Arquivos infectados: 2

Memory Processes Infected:
(N º itens maliciosos detectados)

Memory Modules Infected:
(N º itens maliciosos detectados)

Registry Keys Infected:
(N º itens maliciosos detectados)

Valores do Registro infectados:
(N º itens maliciosos detectados)

Dados de Registro Items Infected:
(N º itens maliciosos detectados)

Folders Infected:
(N º itens maliciosos detectados)

Arquivos Infectados:
C: \ WINDOWS \ system32 \ _005069_.tmp.dll (Trojan.Agent) -> quarentena e eliminado com sucesso.
C: \ WINDOWS \ system32 \ _005101_.tmp.dll (Trojan.Agent) -> quarentena e eliminado com sucesso.

[Glasgow]

Oi

Continue com os exames que você está executando, siga estas instruções.

Baixar ComboFix a partir de um destes locais:

Link 1
Link 2
Link 3

* IMPORTANTE! Salvar ComboFix.exe para o seu desktop

• Desabilite o seu AntiVirus e AntiSpyware aplicações, geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir com o outro nossas ferramentas
• Faça duplo clique no ComboFix.exe & siga as instruções.
• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Com malware infecções serem como são hoje, é fortemente recomendado que este pré-instalado em sua máquina antes de fazer qualquer malware remoção. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.
• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.

** Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.

Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:




Clique em Sim, Para continuar a digitalização de malware.

Quando terminar, ComboFix deve produzir um log para você. Inclua a C: \ ComboFix.txt na sua próxima resposta, alog com os outros registros.

[Coolyxxx]

Por alguma razão, ComboFix SUPERAntiSpyware fechada enquanto ele estava fazendo a varredura, por isso é reiniciado agora. E avast! não arranquem em padrão mais ... Eu abrir o programa, mas ela ainda não na bandeja do sistema coisa ... E o programa que minha mãe baixado está definido para executar no arranque ... Log aqui mesmo assim:

ComboFix 08-10-30.13 - Vip 2008-11-01 9:36:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.732 [GMT 11:00]
Executando de: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe
* Criado um novo ponto restaurar
.

((((((((((((((((((((((((((((((((((((((( Outros Supressões ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Program Files \ Warcraft III \ _desktop.ini
C: \ WINDOWS \ system32 \ _005058_.tmp.dll
C: \ WINDOWS \ system32 \ _005059_.tmp.dll
C: \ WINDOWS \ system32 \ _005060_.tmp.dll
C: \ WINDOWS \ system32 \ _005061_.tmp.dll
C: \ WINDOWS \ system32 \ _005068_.tmp.dll
C: \ WINDOWS \ system32 \ _005070_.tmp.dll
C: \ WINDOWS \ system32 \ _005071_.tmp.dll
C: \ WINDOWS \ system32 \ _005072_.tmp.dll
C: \ WINDOWS \ system32 \ _005073_.tmp.dll
C: \ WINDOWS \ system32 \ _005074_.tmp.dll
C: \ WINDOWS \ system32 \ _005075_.tmp.dll
C: \ WINDOWS \ system32 \ _005076_.tmp.dll
C: \ WINDOWS \ system32 \ _005077_.tmp.dll
C: \ WINDOWS \ system32 \ _005078_.tmp.dll
C: \ WINDOWS \ system32 \ _005079_.tmp.dll
C: \ WINDOWS \ system32 \ _005080_.tmp.dll
C: \ WINDOWS \ system32 \ _005081_.tmp.dll
C: \ WINDOWS \ system32 \ _005082_.tmp.dll
C: \ WINDOWS \ system32 \ _005084_.tmp.dll
C: \ WINDOWS \ system32 \ _005087_.tmp.dll
C: \ WINDOWS \ system32 \ _005088_.tmp.dll
C: \ WINDOWS \ system32 \ _005092_.tmp.dll
C: \ WINDOWS \ system32 \ _005093_.tmp.dll
C: \ WINDOWS \ system32 \ _005094_.tmp.dll
C: \ WINDOWS \ system32 \ _005095_.tmp.dll
C: \ WINDOWS \ system32 \ _005096_.tmp.dll
C: \ WINDOWS \ system32 \ _005097_.tmp.dll
C: \ WINDOWS \ system32 \ _005098_.tmp.dll
C: \ WINDOWS \ system32 \ _005099_.tmp.dll
C: \ WINDOWS \ system32 \ _005100_.tmp.dll
C: \ WINDOWS \ system32 \ _005102_.tmp.dll
C: \ WINDOWS \ system32 \ _005103_.tmp.dll
C: \ WINDOWS \ system32 \ _005104_.tmp.dll
C: \ WINDOWS \ system32 \ _005106_.tmp.dll
C: \ WINDOWS \ system32 \ _005107_.tmp.dll
C: \ WINDOWS \ system32 \ _005108_.tmp.dll
C: \ WINDOWS \ system32 \ _005109_.tmp.dll
C: \ WINDOWS \ system32 \ _005110_.tmp.dll
C: \ WINDOWS \ system32 \ _005111_.tmp.dll
C: \ WINDOWS \ system32 \ _005112_.tmp.dll
C: \ WINDOWS \ system32 \ _005115_.tmp.dll
C: \ WINDOWS \ system32 \ _005116_.tmp.dll
C: \ WINDOWS \ system32 \ _005117_.tmp.dll
C: \ WINDOWS \ system32 \ _005118_.tmp.dll
C: \ WINDOWS \ system32 \ _005119_.tmp.dll
C: \ WINDOWS \ system32 \ _005121_.tmp.dll
C: \ WINDOWS \ system32 \ _005122_.tmp.dll
C: \ WINDOWS \ system32 \ _005123_.tmp.dll
C: \ WINDOWS \ system32 \ _005125_.tmp.dll
C: \ WINDOWS \ system32 \ _005128_.tmp.dll
C: \ WINDOWS \ system32 \ _005129_.tmp.dll
C: \ WINDOWS \ system32 \ _005133_.tmp.dll
C: \ WINDOWS \ system32 \ _005134_.tmp.dll
C: \ WINDOWS \ system32 \ _005136_.tmp.dll
C: \ WINDOWS \ system32 \ _005137_.tmp.dll
C: \ WINDOWS \ system32 \ _005139_.tmp.dll
C: \ WINDOWS \ system32 \ _005141_.tmp.dll
C: \ WINDOWS \ system32 \ _005142_.tmp.dll
C: \ WINDOWS \ system32 \ _005143_.tmp.dll
C: \ WINDOWS \ system32 \ _005144_.tmp.dll
C: \ WINDOWS \ system32 \ _005147_.tmp.dll
C: \ WINDOWS \ system32 \ _005148_.tmp.dll
C: \ WINDOWS \ system32 \ _005149_.tmp.dll
C: \ WINDOWS \ system32 \ _005150_.tmp.dll
C: \ WINDOWS \ system32 \ _005151_.tmp.dll
C: \ WINDOWS \ system32 \ _005156_.tmp.dll
C: \ WINDOWS \ system32 \ _005158_.tmp.dll
C: \ WINDOWS \ system32 \ Cache
C: \ WINDOWS \ system32 \ Cfx32.lic
C: \ WINDOWS \ system32 \ cfx32.ocx

.
((((((((((((((((((((((((((((((((((((((( Drivers / Serviços )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Legacy_NPF


((((((((((((((((((((((((( Arquivos criados a partir de 2008/09/28 a 2008/10/31 ))))))))))) ))))))))))))))))))))
.

2008/10/31 20:45. 2008/10/31 20:45 <dir> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com
2008/10/31 20:45. 2008/10/31 20:45 <dir> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes
2008/10/31 20:33. 2008/10/31 20:33 <dir> d -------- C: \ Program Files \ YouTube
2008/10/24 12:04. 2008/10/16 03:34 337,408 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Netapi32.dll
2008/10/15 20:43. 2008/09/15 23:12 1846400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ win32k.sys
2008/10/15 20:43. 2008/09/08 21:41 333,824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Srv.sys
2008/10/15 20:42. 2008/08/14 21:11 2189184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe
2008/10/15 20:42. 2008/08/14 21:09 2145280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlmp.exe
2008/10/15 20:42. 2008/08/14 20:33 2066048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe
2008/10/15 20:42. 2008/08/14 20:33 2023936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe
2008/09/18 19:05. 2008/10/31 20:52 <dir> d -------- C: \ Program Files \ Avast4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/10/31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III
2008/10/31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008/10/31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-Malware
2008/10/31 09:32 --------- d --- aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008/10/22 05:10 38,496 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008/10/22 05:10 15,504 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008/10/09 06:46 --------- d ----- w C: \ Program Files \ PPStream
2008/10/09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2008/10/09 03:28 --------- d ----- w C: \ Arquivos de Programas \ Spybot - Search & Destroy
2008/09/18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Dados de aplicativos \ Ahead
2008/09/08 10:41 333,824 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legit entradas padrão não são mostrados
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"CTFMON.EXE" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e xe" [2001-07-09 155648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2008-04-14 15360]

C: \ Documents and Settings \ Vip \ Menu Iniciar \ Programas \ Startup \
' "Ôîú ÓëÖμôû.lnk - C: \ Program Files \ YouTube \ ú ÓëTudou \ TudouVa.exe [2008/07/06 3248128]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ policies \ system]
"DisableChangePassword" = 1 (0x1)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ policies \ Explorer]
"NoAutoUpdate" = 1 (0x1)
"MaxRecentDocs" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ explorer \ ShellExecuteHooks]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \! SASWinLogon]
2008/10/09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"VIDC.I420" = i420vfw.dll
"aux" = ctwdm32.dll
"VIDC.HFYU" = huffyuv.dll
"VIDC.X264" = x264vfw.dll
"VIDC.3iv2" = 3ivxVfWCodec.dll
"VIDC.VP31" = vp31vfw.dll
"msacm.l3fhg" = mp3fhg.acm
"msacm.ac3filter" = ac3filter.acm

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Arranque ^ Adobe Reader Speed Launch.lnk]
backup = C: \ WINDOWS \ pss \ Adobe Reader Speed Launch.lnkCommon Inicialização

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Arranque ^ Adobe Reader Synchronizer.lnk]
backup = C: \ WINDOWS \ pss \ Adobe Reader Synchronizer.lnkCommon Inicialização

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Inicializar ^ WinZip Quick Pick.lnk]
backup = C: \ WINDOWS \ pss \ WinZip Quick Pick.lnkCommon Inicialização

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ Azureus Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ Azureus Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ Azureus Ultra Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ Azureus Ultra Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ BitTorrent Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ BitTorrent Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ eMule Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ eMule Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ LimeWire Em Startup.lnk]
backup = C: \ WINDOWS \ pss \ LimeWire On Startup.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ LimeWire Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ LimeWire Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ PowerReg Agendador V3.exe]
backup = C: \ WINDOWS \ pss \ PowerReg Agendador V3.exeStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Inicializar ^ Registro Tom Clancy's Rainbow Six]
backup = C: \ WINDOWS \ pss \ Registration Tom Clancy's Rainbow SixStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ SpeedFan.lnk]
backup = C: \ WINDOWS \ pss \ SpeedFan.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Inicializar ^ Thoosje Sidebar.lnk]

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ WordWeb.lnk]
backup = C: \ WINDOWS \ pss \ WordWeb.lnkStartup
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \! AVG Anti-Spyware
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BitTorrent
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Boss Key
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CmCardRun
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CursorXP
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ EasyTuneVPro
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ iTunesHelper
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Ã
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ OrderReminder
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RecordPadRun
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SpeedOptimizer
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ swg
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Veoh

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Adobe Photo Downloader]
- a ------ 2005-09-09 01:18 57344 C: \ Arquivos de Programas \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)]
- a ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ DAEMON Tools]
- a ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ LanguageShortcut]
- a ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Language \ Language.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ QuickTime Task]
- a ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RemoteControl]
- a ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2008-09-16 12:16 1833296 C: \ Arquivos de Programas \ Spybot - Search & Destroy \ TeaTimer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Steam]
- a ------ 2008-03-29 09:39 1271032 C: \ Valve \ Steam \ Steam.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2]
- a ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC]
- a ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ WinampAgent]
- a ------ 2008-04-02 05:49 36352 C: \ Arquivos de Programas \ Winamp \ winampa.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BluetoothAuthenticationA gent]
- a ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ system32 \ bthprops.cpl

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ C-Media Mixer]
- a ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ services]
"WMPNetworkSvc" = 3 (0x3)
"gusvc" = 3 (0x3)
"RichVideo" = 2 (0x2)
"BthServ" = 2 (0x2)
"iPod Service" = 3 (0x3)
"Apple Mobile Device" = 2 (0x2)
"LiveUpdate Notice Service" = 2 (0x2)
"VideoAcceleratorEngine" = 3 (0x3)
"MDM" = 2 (0x2)
"IDriverT" = 3 (0x3)
"aawservice" = 3 (0x3)
"PDEngine" = 3 (0x3)
"PDAgent" = 3 (0x3)
"PML Driver HPZ12" = 3 (0x3)
"CPUCooLServer" = 2 (0x2)
"usnjsvc" = 3 (0x3)
"AdobeActiveFileMonitor4.0" = 2 (0x2)
"WLSetupSvc" = 3 (0x3)
"cmdAgent" = 2 (0x2)
"FLEXnet Licensing Service" = 3 (0x3)
"Bonjour Service" = 2 (0x2)
"ose" = 3 (0x3)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ Sessmgr.exe" =
"C: \ \ Arquivos de Programas \ \ DAP \ \ DAP.exe" =
"C: \ \ Arquivos de Programas \ \ Messenger \ \ msmsgs.exe" =
"<Não NAME>" = "C: \ \ Arquivos de Programas \ \ PPStream \ \ PPStream.exe" "C: \ \ Arquivos de Programas \ \ PPStream \ \ PPStream.exe
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Arquivos de Programas \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Arquivos de Programas \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Arquivos de Programas \ \ UT2004 \ \ System \ \ UT2004.exe" =
"C: \ \ Arquivos de Programas \ \ DeusEx \ \ System \ \ DeusEx.exe" =
"C: \ \ Arquivos de Programas \ \ YouTube \ \ ÉËÙTudou \ \ TudouVa.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3389: TCP" = 3389: TCP: *: Disabled: @ Xpsp2res.dll, -22.009
"15394: TCP" = 15394: TCP: *: Disabled: BitComet 15394 TCP
"15394: UDP" = 15394: UDP: *: Disabled: BitComet 15394 UDP
"6555: TCP" = 6555: TCP: *: Disabled: BitComet 6555 TCP
"6555: UDP" = 6555: UDP: *: Disabled: BitComet 6555 UDP

R1 aswSP; avast! Self Protection; C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008-07-20 78416]
R1 atitray; atitray; C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007-05-22 18088]
R2 aswFsBlk; aswFsBlk; C: \ WINDOWS \ system32 \ DRIVERS \ aswF sBlk.sys [2008-07-20 20560]
R2 ROCKEYNT; ROCKEYNT; C: \ WINDOWS \ system32 \ drivers \ Rock eynt.sys [2005-01-04 18223]
R2 SBKUPNT; SBKUPNT; C: \ WINDOWS \ system32 \ Drivers \ SBKUPN T. SYS [2001-07-13 14976]
S3 motccgp; Motorola USB Composite Device Driver; C: \ WINDOWS \ system32 \ DRIVERS \ motccgp.sys [2007-06-18 17920]
S3 motccgpfl; MotCcgpFlService; C: \ WINDOWS \ system32 \ DRI VERS \ motccgpfl.sys [2007/01/22 7680]
S3 MotDev; Motorola Inc. USB Device; C: \ WINDOWS \ system32 \ DRIVERS \ motodrv.sys [2007-05-07 42112]
S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C: \ WINDOWS \ system32 \ DRIVERS \ wg111v2.sys [2006-03-16 167808]
S3 XDva042; XDva042; C: \ WINDOWS \ system32 \ XDva042.sys []
.
Conteúdo da 'Tarefas agendadas' pasta

2008/10/01 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57]

2008/10/27 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC Nag.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2007/05/14 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2008/10/25 C: \ WINDOWS \ Tasks \ Uniblue SpyEraser Nag.job
- C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe []
.
- - - - ÓRFÃOS REMOVIDO - - - --

URLSearchHooks-(0A94B116-4504-4e26-AB05-E61E474AA38B) - (no arquivo)
ShellIconOverlayIdentifiers-hex (2): 7b, 38,41,34,32,44,46,42,46,2 d, 37,38,36,38,2 d, 34,30,32,39,2 d, 39, 35,38, \ - (no arquivo)
ShellExecuteHooks-(E0D8FD38-4C9F-6F36-AE43-EDFA2BB266BA) - (no arquivo)
MSConfigStartUp-Comodo Firewall Pro - C: \ Program Files \ Comodo \ Firewall \ cfp.exe
MSConfigStartUp-EzPrint - C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
MSConfigStartUp-FaxCenterServer - C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe
MSConfigStartUp-TkBellExe - C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
MSConfigStartUp-Uniblue SpyEraser - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe


.
Scan Suplementar ------- -------
.
FireFox -: Profile - C: \ Documents and Settings \ Vip \ Application Data \ Mozilla \ Firefox \ Profiles \ 19piaa5b.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / hk.yahoo.com /
.
.
Arquivo Associações ------- -------
.
txtFile = C: \ WINDOWS \ NOTEPAD.EXE% 1
.

************************************************** ************************

CatchMe 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 09:42:02
5/1/2600 Windows Service Pack 3 NTFS

digitalizar processos escondidos ...

escaneamento automático entradas escondidas ...

digitalizar os arquivos ocultos ...

varredura foi concluída com êxito
ficheiros ocultos: 0

************************************************** ************************
.
------------------------ Other Running Processes ----------------------- --
.
C: \ WINDOWS \ system32 \ ati2evxx.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ ati2evxx.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ WINDOWS \ system32 \ searchindexer.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ system32 \ Imapi.exe
.
************************************************** ************************
.
Conclusão tempo: 2008/11/01 9:47:03 - máquina foi reinicializada
ComboFix-quarantined-files.txt 2008-10-31 22:46:53

Pré-Run: 17476198400 bytes livres
Post-Run: 17429176320 bytes livres

WindowsXP-KB310994-SP2-Pro-Bootdisk-PTG.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[sistemas operacionais]
C: \ cmdcons \ bootsect.dat = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect

335 --- EOF --- 2008-10-24 09:01:23
__________________________________________________ _________________________________________________

EDIT: Eu estava carregando ao redor e eu encontrei um ícone que parecia desinstalação. Eu cliquei e ele começou desinstalar (ou pelo menos eu espero que era), porque ele estava em símbolos estranhos.

[Coolyxxx]

SUPERAntiSpyware log. Eu tinha que fazer verificação rápida, pois sempre aparece com um erro quando eu fiz exame completo.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Produzido em 11/01/2008 às 11:45

Aplicação Versão: 4/21/1004

Core Rules Database Version: 3618
Trace Rules Database Version: 1603

Scan type: Quick Scan
Total Scan Time: 00:35:28

Memória itens digitalizados: 490
Memória ameaças detectadas: 0
Secretaria itens digitalizados: 436
Secretaria ameaças detectadas: 0
Arquivo itens digitalizados: 33788
Arquivo ameaças detectadas: 2

Trojan.Vundo-Variante / F
C: \ WINDOWS \ SYSTEM32 \ AZIPCONTMN.DLL
C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL

[Glasgow]

Oi novamente

Por favor, não clique em nada ou executar qualquer mais varreduras Aconselho você a menos que isso. Ela só faz coisas confusas para mim - eu vejo uma entrada em um diário, mas não é mais possível a partir da próxima e assim por diante - graças.

Suspeito que esse é o problema

C: \ Program Files \ YouTube

a menos que sua mãe é uma fã de a versão em chinês do YouTube.

Eu quero ter um olhar para os dois arquivos encontrados pela SAS.


Por favor, vá para: VirusTotal

• No meio da página, você vai encontrar uma "Percorrer"Botão.
  
  
  
  Clique no botão "Procurar" e navegue até o arquivo em VERMELHO:
  
  C: \ WINDOWS \ SYSTEM32 \ AZIPCONTMN.DLL

• Clique em "Abrir".
• Então clique no botão "Enviar Arquivo"Botão na parte inferior da página VirusTotal.
• Isto irá pesquisar o arquivo. Por favor, seja paciente.
• Uma vez digitalizada, copie e cole os resultados em sua próxima resposta.

Repita o acima para esse arquivo também.

C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL




Combofix

• Feche qualquer aberto navegadores.
• Abrir notepad e copiar / colar o texto na caixa abaixo para ela:

Código:

  Pasta::
  C: \ Program Files \ YouTube 

Olhando para a imagem a seguir como um exemplo



Salvar como CFScript.txt, No mesmo local que ComboFix.exe




Referindo-se à foto acima, arraste CFScript onto ComboFix.exe.

Quando terminar, ela irá produzir um log para você no "C: \ ComboFix.txt"

Não mouseclick combofix da janela, enquanto está a rodar. Isto pode causar-lhe a barraca.

CUIDADO! Ninguém pensando em usar o script acima faz isso por sua conta e risco - você pode acabar por ter de re-instalar o Windows!


Por favor, postar o log C: \ ComboFix.txt , O VirusTotal resultados e uma nova Log HijackThis para posterior análise.

[Coolyxxx]

Sim a minha mãe relógios chinesa alguns vídeos ... Eu não poderia encontrar os arquivos quando navega no VirusTotal. Eu mesmo fui para eles no Explorer, e não conseguiu encontrar os dois. Tenho os registros:
ComboFix:

ComboFix 08-11-01.01 - Vip 2008-11-02 10:36:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.865 [GMT 11:00]
Executando de: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe
Comando interruptores utilizados:: C: \ Documents and Settings \ Vip \ Desktop \ CFScript.txt
* Criado um novo ponto restaurar
.

((((((((((((((((((((((((((((((((((((((( Outros Supressões ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Program Files \ YouTube

.
((((((((((((((((((((((((( Arquivos criados a partir de 2008/10/01 a 2008/11/01 ))))))))))) ))))))))))))))))))))
.

2008/11/01 09:55. 2008/11/01 09:55 <dir> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Uniblue
2008/10/31 20:45. 2008/10/31 20:45 <dir> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com
2008/10/31 20:45. 2008/10/31 20:45 <dir> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes
2008/10/24 12:04. 2008/10/16 03:34 337,408 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Netapi32.dll
2008/10/15 20:43. 2008/09/15 23:12 1846400 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ win32k.sys
2008/10/15 20:43. 2008/09/08 21:41 333,824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Srv.sys
2008/10/15 20:42. 2008/08/14 21:11 2189184 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntoskrnl.exe
2008/10/15 20:42. 2008/08/14 21:09 2145280 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ntkrnlmp.exe
2008/10/15 20:42. 2008/08/14 20:33 2066048 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe
2008/10/15 20:42. 2008/08/14 20:33 2023936 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/10/31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III
2008/10/31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008/10/31 09:52 --------- d ----- w C: \ Program Files \ Avast4
2008/10/31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-Malware
2008/10/31 09:32 --------- d --- aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008/10/22 05:10 38,496 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008/10/22 05:10 15,504 ---- aw C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008/10/09 06:46 --------- d ----- w C: \ Program Files \ PPStream
2008/10/09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2008/10/09 03:28 --------- d ----- w C: \ Arquivos de Programas \ Spybot - Search & Destroy
2008/09/18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Dados de aplicativos \ Ahead
2008/09/15 12:12 1.846.400 ---- aw C: \ WINDOWS \ system32 \ win32k.sys
2008/09/08 10:41 333,824 ---- aw C: \ WINDOWS \ system32 \ drivers \ Srv.sys
2008/08/28 07:46 74,752 ---- aw C: \ WINDOWS \ system32 \ msw3prt.dll
2008/08/28 07:46 104,960 ---- aw C: \ WINDOWS \ system32 \ Win32spl.dll
2008/08/26 07:24 826,368 ---- aw C: \ WINDOWS \ system32 \ wininet.dll
2008/08/14 10:11 2.189.184 ---- aw C: \ WINDOWS \ system32 \ ntoskrnl.exe
2008/08/14 09:33 2.066.048 ---- aw C: \ WINDOWS \ system32 \ Ntkrnlpa.exe
2008/07/29 12:05 32,768 - sha-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Configurações locais \ Histórico \ History.IE5 \ MSHist012008072920080 730 \ index.dat
.

((((((((((((((((((((((((((((( Snapshot @ 2008-11-01_ 9.46.14.14 ))))))))))) ))))))))))))))))))))))))))))))
.
- 2008/10/31 22:41:26 16,384 ---- atw C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat
+ 2008/11/01 23:26:02 16,384 ---- atw C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legit entradas padrão não são mostrados
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"CTFMON.EXE" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e xe" [2001-07-09 155648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056]
"avast" = "C: \ Program Files \ Avast4 \ ashDisp.exe" [2008-07-20 78008]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ policies \ system]
"DisableChangePassword" = 1 (0x1)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ actuais ntversion \ policies \ Explorer]
"NoAutoUpdate" = 1 (0x1)
"MaxRecentDocs" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ explorer \ ShellExecuteHooks]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \! SASWinLogon]
2008/10/09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"VIDC.I420" = i420vfw.dll
"aux" = ctwdm32.dll
"VIDC.HFYU" = huffyuv.dll
"VIDC.X264" = x264vfw.dll
"VIDC.3iv2" = 3ivxVfWCodec.dll
"VIDC.VP31" = vp31vfw.dll
"msacm.l3fhg" = mp3fhg.acm
"msacm.ac3filter" = ac3filter.acm

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Arranque ^ Adobe Reader Speed Launch.lnk]
backup = C: \ WINDOWS \ pss \ Adobe Reader Speed Launch.lnkCommon Inicialização

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Arranque ^ Adobe Reader Synchronizer.lnk]
backup = C: \ WINDOWS \ pss \ Adobe Reader Synchronizer.lnkCommon Inicialização

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Inicializar ^ WinZip Quick Pick.lnk]
backup = C: \ WINDOWS \ pss \ WinZip Quick Pick.lnkCommon Inicialização

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ Azureus Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ Azureus Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ Azureus Ultra Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ Azureus Ultra Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ BitTorrent Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ BitTorrent Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ eMule Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ eMule Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ LimeWire Em Startup.lnk]
backup = C: \ WINDOWS \ pss \ LimeWire On Startup.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ LimeWire Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ LimeWire Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ PowerReg Agendador V3.exe]
backup = C: \ WINDOWS \ pss \ PowerReg Agendador V3.exeStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Inicializar ^ Registro Tom Clancy's Rainbow Six]
backup = C: \ WINDOWS \ pss \ Registration Tom Clancy's Rainbow SixStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ SpeedFan.lnk]
backup = C: \ WINDOWS \ pss \ SpeedFan.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Inicializar ^ Thoosje Sidebar.lnk]

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Menu Iniciar ^ Programas ^ Arranque ^ WordWeb.lnk]
backup = C: \ WINDOWS \ pss \ WordWeb.lnkStartup
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \! AVG Anti-Spyware
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BitTorrent
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Boss Key
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CmCardRun
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CursorXP
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ EasyTuneVPro
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ iTunesHelper
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Ã
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ OrderReminder
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RecordPadRun
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SpeedOptimizer
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ swg
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Veoh

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Adobe Photo Downloader]
- a ------ 2005-09-09 01:18 57344 C: \ Arquivos de Programas \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)]
- a ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ DAEMON Tools]
- a ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ LanguageShortcut]
- a ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Language \ Language.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ QuickTime Task]
- a ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RemoteControl]
- a ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2008-09-16 12:16 1833296 C: \ Arquivos de Programas \ Spybot - Search & Destroy \ TeaTimer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Steam]
- a ------ 2008-03-29 09:39 1271032 C: \ Valve \ Steam \ Steam.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2]
- a ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC]
- a ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ WinampAgent]
- a ------ 2008-04-02 05:49 36352 C: \ Arquivos de Programas \ Winamp \ winampa.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BluetoothAuthenticationA gent]
- a ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ system32 \ bthprops.cpl

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ C-Media Mixer]
- a ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ services]
"WMPNetworkSvc" = 3 (0x3)
"gusvc" = 3 (0x3)
"RichVideo" = 2 (0x2)
"BthServ" = 2 (0x2)
"iPod Service" = 3 (0x3)
"Apple Mobile Device" = 2 (0x2)
"LiveUpdate Notice Service" = 2 (0x2)
"VideoAcceleratorEngine" = 3 (0x3)
"MDM" = 2 (0x2)
"IDriverT" = 3 (0x3)
"aawservice" = 3 (0x3)
"PDEngine" = 3 (0x3)
"PDAgent" = 3 (0x3)
"PML Driver HPZ12" = 3 (0x3)
"CPUCooLServer" = 2 (0x2)
"usnjsvc" = 3 (0x3)
"AdobeActiveFileMonitor4.0" = 2 (0x2)
"WLSetupSvc" = 3 (0x3)
"cmdAgent" = 2 (0x2)
"FLEXnet Licensing Service" = 3 (0x3)
"Bonjour Service" = 2 (0x2)
"ose" = 3 (0x3)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ Sessmgr.exe" =
"C: \ \ Arquivos de Programas \ \ DAP \ \ DAP.exe" =
"C: \ \ Arquivos de Programas \ \ Messenger \ \ msmsgs.exe" =
"<Não NAME>" = "C: \ \ Arquivos de Programas \ \ PPStream \ \ PPStream.exe" "C: \ \ Arquivos de Programas \ \ PPStream \ \ PPStream.exe
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Arquivos de Programas \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Arquivos de Programas \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Arquivos de Programas \ \ UT2004 \ \ System \ \ UT2004.exe" =
"C: \ \ Arquivos de Programas \ \ DeusEx \ \ System \ \ DeusEx.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3389: TCP" = 3389: TCP: *: Disabled: @ Xpsp2res.dll, -22.009
"15394: TCP" = 15394: TCP: *: Disabled: BitComet 15394 TCP
"15394: UDP" = 15394: UDP: *: Disabled: BitComet 15394 UDP
"6555: TCP" = 6555: TCP: *: Disabled: BitComet 6555 TCP
"6555: UDP" = 6555: UDP: *: Disabled: BitComet 6555 UDP

R1 aswSP; avast! Self Protection; C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008-07-20 78416]
R1 atitray; atitray; C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007-05-22 18088]
R2 aswFsBlk; aswFsBlk; C: \ WINDOWS \ system32 \ DRIVERS \ aswF sBlk.sys [2008-07-20 20560]
R2 ROCKEYNT; ROCKEYNT; C: \ WINDOWS \ system32 \ drivers \ Rock eynt.sys [2005-01-04 18223]
R2 SBKUPNT; SBKUPNT; C: \ WINDOWS \ system32 \ Drivers \ SBKUPN T. SYS [2001-07-13 14976]
S3 motccgp; Motorola USB Composite Device Driver; C: \ WINDOWS \ system32 \ DRIVERS \ motccgp.sys [2007-06-18 17920]
S3 motccgpfl; MotCcgpFlService; C: \ WINDOWS \ system32 \ DRI VERS \ motccgpfl.sys [2007/01/22 7680]
S3 MotDev; Motorola Inc. USB Device; C: \ WINDOWS \ system32 \ DRIVERS \ motodrv.sys [2007-05-07 42112]
S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C: \ WINDOWS \ system32 \ DRIVERS \ wg111v2.sys [2006-03-16 167808]
S3 XDva042; XDva042; C: \ WINDOWS \ system32 \ XDva042.sys []
.
Conteúdo da 'Tarefas agendadas' pasta

2008/10/01 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57]

2008/10/27 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC Nag.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2007/05/14 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2008/10/25 C: \ WINDOWS \ Tasks \ Uniblue SpyEraser Nag.job
- C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe []
.

************************************************** ************************

CatchMe 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 10:39:31
5/1/2600 Windows Service Pack 3 NTFS

digitalizar processos escondidos ...

escaneamento automático entradas escondidas ...

digitalizar os arquivos ocultos ...

varredura foi concluída com êxito
ficheiros ocultos: 0

************************************************** ************************
.
Conclusão time: 2008-11-02 10:41:44
ComboFix-quarantined-files.txt 2008-11-01 23:41:32
ComboFix2.txt 2008-10-31 22:47:05

Pré-Run: 17222828032 bytes livres
Post-Run: 17200967680 bytes livres

233 --- EOF --- 2008-10-24 09:01:23
__________________________________________________ _________________________

HijackThis:

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 10:50:19, em 2/11/2008
Plataforma: Windows XP SP3 (WinNT 5/01/2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Executando processos:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ Avast4 \ ashDisp.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ WINDOWS \ explorer.exe
C: \ Arquivos de Programas \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download e Record Plugin para o Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no arquivo)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [avast] C: \ Program Files \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra context menu item: & Baixar com & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra context menu item: Download & all with DAP - C: \ Program Files \ DAP \ dapextie2.htm
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll
O9 - Extra 'Tools' menuitem:? QQ - (c95fe080-8f5d-11d2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ shdocvw.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1133040258574
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Seiko Epson Corporation - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe

--
Fim do processo - 6734 bytes

[Glasgow]

Oi

Esses dois arquivos não foram encontrados pelo combofix, então eu realmente não esperava que estar lá.

Como é o sistema funcionar agora?

Vamos executar uma varredura on-line.

Realize uma varredura on-line com Panda ActiveScan

• Clique em Scan Your PC Now
• A "pop up" janela irá aparecer, ou uma nova página será aberta.
• Clique em Registar
• Escolha a opção que você gosta mais, mas recomendamos o registo gratuito.
• Clique em Registar
• Digite seu endereço de e-mail e criar uma senha.
• Selecione "Não quero receber qualquer tipo de informação. "(Se você não quiser receber essas informações)
• Clique em Enviar
• Confirmar registo, e continuar introduzindo o seu nome de usuário e senha e, em seguida, clique em Digite
• Selecione Full Scan, clique em Agora Scan
• Aguarde que os elementos para ser carregado e instalado. Não feche esta janela ou ir para outra página, embora seja o download. Você pode continuar usando a Internet, abrindo uma outra janela do seu browser.
• Se encontrar qualquer malware pode desinfectar, o Desinfecte botão será ativado. Clique em Desinfecte
• Por favor, ignore a oferta para comprar o programa. Clique em Exportar para
  
• Exportar o log e salvá-lo em seu desktop.
• Por favor anexar o conteúdo desse registo para a sua resposta, juntamente com um novo log HijackThis.

* Desligue o scanner em tempo real de qualquer programa antivírus existentes durante o desempenho da varredura on-line.

[Coolyxxx]

Citação:

Originally Posted by Glasgow

• Por favor anexar o conteúdo desse registo para a sua resposta, juntamente com um novo log HijackThis.

Bem, você disse atribuem, em vermelho, então eu pensei que eu iria juntar. Não tem certeza qual é a diferença entre os associados e copiar / colar, exceto por um longo post ... O Panda Active Scan encontrado algumas coisas, mas eu só poderia desinfectar um, a um verme, porque para os outros, ele disse que eu tenho que comprá-lo.

[Glasgow]

Oi novamente

Desculpas para não voltar mais cedo para você - a vida real é muito ocupado no momento.

Como é o sistema funcionar agora?


O único item é PowerRegScheduler - você pode removê-lo se quiser.