Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
deny.menezes

Vírus do Orkut

Recommended Posts

Boa tarde a todos!!!

Sou novo no Forum, e gostaria da ajudade vocês!!

Meu orkut está mandando recado de aumentar fãs para todos os meus contatos, passei o bankerfix e nao achou nd, meu antivírus ( Nod32 ) tb nao,e nem o Spyware terminator, vou postar o log pra ver se alguem pode me ajudar

Agradeço desde já!!!!!!!!!!!!!!!!!!!!!!

Logfile of Spyware Terminator v2.1.1.314 (db:1.0.164.922)

Scan Time: 5/4/2008 21:19:36 length: 4766 s

Platform: WXP (5.1.0.2600)

User: Admin

Boot Mode: Normal

Scan type: Full_Spyware_Scan

Scanned Objects: 79153 (Critical:0)

Filter: No System items, No Safe items, No Invalid items

Running Processes

MOUSE32A.EXE : C:\Arquivos de programas\Tech\Wheel Mouse\5.3\MOUSE32A.EXE

ekrn.exe [ESET] : C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

UnlockerAssistant.exe : C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

egui.exe [ESET] : C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

MsnMsgr.Exe [Microsoft Corporation] : C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

nvsvc32.exe [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe

usnsvc.exe [Microsoft Corporation] : C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

MsnMsgr.Exe [Microsoft Corporation] : C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

Internet Settings

R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60337

R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://br.msn.com

R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =

R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO

02 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - [scopus Tecnologia Ltda] : C:\Arquivos de programas\Scpad\scpsssh2.dll

02 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - [RealPlayer] : C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

StartUps

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msnmsgr : [Microsoft Corporation] : C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LWBMOUSE : : C:\Arquivos de programas\Tech\Wheel Mouse\5.3\MOUSE32A.EXE

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, UnlockerAssistant : : C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, egui : [ESET] : C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

Shell Extensions

WinZip - {E0D79304-84BE-11CE-9641-444553540000} - [WinZip Computing, Inc.] : C:\Arquivos de programas\WinZip\WZSHLSTB.DLL

WinZip - {E0D79305-84BE-11CE-9641-444553540000} - [WinZip Computing, Inc.] : C:\Arquivos de programas\WinZip\WZSHLSTB.DLL

WinZip - {E0D79306-84BE-11CE-9641-444553540000} - [WinZip Computing, Inc.] : C:\Arquivos de programas\WinZip\WZSHLSTB.DLL

Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll

Nokia Phone Browser - {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - [Nokia] : C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Arquivos de programas\WinRAR\rarext.dll

RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Arquivos de programas\Real\RealPlayer\rpshell.dll

Minhas Pastas de Compartilhamento - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} - [Microsoft Corporation] : C:\Arquivos de programas\Windows Live\Messenger\fsshext.8.5.1302.1018.dll

UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - : C:\Arquivos de programas\Unlocker\UnlockerCOM.dll

Eset Smart Security - Context Menu Shell Extension - {B089FE88-FB52-11D3-BDF1-0050DA34150D} - [ESET] : C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\shellExt.dll

Shell Extecute Hooks

compIB Class - {{A3717295-941D-416F-9384-ED1736729F1C}} - [scopus Tecnologia Ltda] : C:\Arquivos de programas\Scpad\scpLIB.dll

Shell Service Objects

- {CompIBBrd} - [scopus Tecnologia Ltda] : C:\Arquivos de programas\Scpad\scpLIB.dll

Protocol Handler

- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

Services

23 - [ESET] : C:\WINDOWS\system32\DRIVERS\eamon.sys

23 - [ESET] : C:\WINDOWS\system32\DRIVERS\easdrv.sys

23 - [ESET] : C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

23 - : C:\WINDOWS\system32\DRIVERS\epfwtdir.sys

23 - [Kingsun Corporation] : C:\WINDOWS\system32\DRIVERS\KS-959.sys

23 - [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe

23 - [Analog Devices, Inc.] : C:\WINDOWS\system32\drivers\smwdm.sys

23 - : C:\WINDOWS\system32\Drivers\sptd.sys

23 - [Microsoft Corporation] : C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

23 - [VIA Technologies inc,.ltd] : C:\WINDOWS\system32\DRIVERS\viasraid.sys

23 - [VM] : C:\WINDOWS\system32\Drivers\usbVM31b.sys

Advanced Files Report

%SYSDIR%\SYNCOR11.DLL [soundMAX] [staccato Systems SynthCore R2.0 Synthesizer] MD5=BD9B4450D00D4AC891407B8C0E08DE9C SIZE=40820

%PROGRAMFILES%\Unlocker\UnlockerHook.dll [] MD5=0BE47E7F7D991B5A3E377407862D60C3 SIZE=4608

%SYSDIR%\NVWRSPTB.DLL [NVIDIA Corporation] [NVIDIA nView Desktop and Window Manager] MD5=84C81D21FEDA86095136B5EFDB62EBD3 SIZE=319488

%PROGRAMFILES%\Scpad\scpLIB.dll [scopus Tecnologia Ltda] [scpIBLoad Module] MD5=5345D0E15C89EBE3FD3E1A2881345BA6 SIZE=128512

%PROGRAMFILES%\Scpad\scpMIB.dll [scopus Tecnologia Ltda.] [scpMIB Module] MD5=20E3FBD9BF10C2C05995E106CF059000 SIZE=256512

%PROGRAMFILES%\Scpad\sshib.dll [scopus Tecnologia Ltda] [scopus Tecnologia Ltda sshib] MD5=CB0AA677738A57D157B5D82FD76340C6 SIZE=19968

%PROGRAMFILES%\Nokia\Nokia PC Suite 6\PhoneBrowser.dll [Nokia] [Phone Browser] MD5=600D719D720715B28C3234C624E95BAB SIZE=562688

%PROGRAMFILES%\Nokia\Nokia PC Suite 6\PCSCM.dll [Nokia] [PC Suite Common Modules] MD5=0E51263EA765F9AB45AA8F04CADB22B9 SIZE=659456

%PROGRAMFILES%\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr [Nokia] [Nokia Phone Browser] MD5=EDE2D48BAED2FF4F5A80B55B8AF76EA3 SIZE=27648

%PROGRAMFILES%\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr [Nokia] [Nokia Phone Browser] MD5=B058E4E76A4524DC13FC44B7829FEE5F SIZE=543744

%PROGRAMFILES%\Tech\Wheel Mouse\5.3\MOUDL32A.DLL [] MD5=D437814CDF30C57A2479838C70FCC415 SIZE=73728

%SYSDIR%\nvwddi.dll [NVIDIA Corporation] [NVIDIA nView Display Driver Interface Lib, Version 93.71] MD5=702681735344CD61B99115F30141740B SIZE=81920

%PROGRAMFILES%\WinZip\WZSHLSTB.DLL [WinZip Computing, Inc.] [WinZip] MD5=1332851E6A936F3F186AE631390606F6 SIZE=24644

%PROGRAMFILES%\Unlocker\UnlockerCOM.dll [] MD5=DE1D9412C60FCCBAB699BFF3E58951F5 SIZE=8704

%PROGRAMFILES%\WinRAR\rarext.dll [] MD5=8A22F6B4976053924FE93DEA8218D68A SIZE=128512

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\shellExt.dll [ESET] [ESET Smart Security] MD5=4B6EBD84217FCA70A0356964C614CA4A SIZE=169216

%SYSDIR%\NVRSPTB.DLL [NVIDIA Corporation] [NVIDIA Compatible Windows 2000 Display driver, Version 93.71 ] MD5=767E80CE9A7D03061FAE22D2C2ED5710 SIZE=262144

%SYSDIR%\nvapi.dll [NVIDIA Corporation] [NVIDIA Windows drivers] MD5=A007278EC9D59216274DD0154FF0BBAA SIZE=212992

%SYSDIR%\nvshell.dll [NVIDIA Corporation] [NVIDIA Desktop Explorer, Version 110.60 ] MD5=4450BBAF1B77F2B87AB9C5EE4E69532C SIZE=466944

%SYSDIR%\VM31bPrp.Ax [Vimicro] MD5=A9CDE21399820346C971EB0E36C97E21 SIZE=233539

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrn.exe [ESET] [ESET Smart Security] MD5=D5D4124827086BA54F6BFE75CE330531 SIZE=468224

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrnScan.dll [ESET] [ESET Smart Security] MD5=748C898B132D37187AACE7C19849FC67 SIZE=156928

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrnAmon.dll [ESET] [ESET Smart Security] MD5=B61CF090F99137C761EE81EC07A7086B SIZE=120064

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrnEmon.dll [ESET] [ESET Smart Security] MD5=7F29B4CD000376CCC226F1180BDC1826 SIZE=99584

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll [ESET] [ESET Smart Security] MD5=BBBAB58F30F6634674856085265A4E32 SIZE=251136

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll [ESET] [ESET Smart Security] MD5=591C12301D2A14A7077F5B2BF774949A SIZE=132352

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\updater.dll [ESET] [ESET Smart Security] MD5=5748F6E9A70F8D0740E82AAFFC756E7E SIZE=177408

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll [ESET] [ESET Smart Security] MD5=76D9DA47CFCB8F27BA1F37816B24088A SIZE=99584

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\eguiScan.dll [ESET] [ESET Smart Security] MD5=1F34681C9142A14074DE8D652D4DCA61 SIZE=279808

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\eguiAmon.dll [ESET] [ESET Smart Security] MD5=BD502632EC4614DFEBD897975BA7B651 SIZE=99584

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\eguiEmon.dll [ESET] [ESET Smart Security] MD5=268DFF9F4482F1EE30F9FFABC77AFF4E SIZE=107776

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\eguiEpfw.dll [ESET] [ESET Smart Security] MD5=778F84F111C21BAF767CB72AA6934026 SIZE=771328

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\eguiUpdate.dll [ESET] [ESET Smart Security] MD5=CA7098EF64BC885530DEAEA533D662A1 SIZE=230656

%PROGRAMFILES%\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll [ESET] [ESET Smart Security] MD5=E0B1E342631450BFD1E5860919A9F78C SIZE=87296

%PROGRAMFILES%\Windows Live\Messenger\MSIMG32.dll [Patchou] [Messenger Plus! Live] MD5=5F7A347E9D601E767EC69097C1EECDB2 SIZE=59728

%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLive1.dll [Patchou] [Messenger Plus! Live] MD5=EBAAB228C847F6AFE0FB990514CA2A31 SIZE=3291472

%PROGRAMFILES%\Messenger Plus! Live\Detoured.dll [] MD5=6256684495C499B22DCDBA266E4F2494 SIZE=4096

%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLiveRes1.dll [Patchou] [Messenger Plus! Live] MD5=364A6C6EF147168AB20E7354DAD01041 SIZE=1815376

%PROGRAMFILES%\Messenger Plus! Live\libsndfile.dll [] MD5=00742B11F1492D15A0A8FF25E36AB9BE SIZE=370688

%PROGRAMFILES%\Messenger Plus! Live\lame_enc.dll [] MD5=75430D2F8B2E204814247D62D9445CE4 SIZE=390656

%SYSDIR%\nvsvc32.exe [NVIDIA Corporation] [NVIDIA Driver Helper Service, Version 93.71] MD5=0FEBE37DB6650FAA5965C00545009D1D SIZE=159810

%PROGRAMFILES%\Windows Live\Messenger\usnsvc.exe [Microsoft Corporation] [Messenger] MD5=9D19B042A4FD5C02195071EA2FE0C821 SIZE=98328

%PROGRAMFILES%\Ahead\WMPBurn\NeroBurnPlugin.dll [Ahead Software AG] [Nero Fast CD-Burning Plug-in] MD5=4400C6F12B411727D19B3D00287475D5 SIZE=331776

%SYSDIR%\VagalumePluginWMP.dll [] MD5=006421C5BCA7850909A0F60E91B32463 SIZE=2887680

%PROGRAMFILES%\Real\RealPlayer\lang\rpbrp_br.dll [RealNetworks, Inc.] [RealOne Player] MD5=EAB0E682B34EF46597AE2FC506FA5B4C SIZE=184320

deskpan.dll []

%PROGRAMFILES%\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=F8C799BB63C6020BE54E4132E1866BE0 SIZE=63040

%PROGRAMFILES%\Windows Live\Messenger\fsshext.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=8BDE1F61DFBAAE7A2916170E8B75FE0F SIZE=329240

%SYSDIR%\svchost.exe -k netsvcs []

%SYSDIR%\svchost -k DcomLaunch []

%SYSDIR%\svchost.exe -k NetworkService []

%SYSDIR%\DRIVERS\eamon.sys [ESET] [ESET Smart Security] MD5=7A25AD652A3003B8854E873A3324E672 SIZE=39944

%SYSDIR%\DRIVERS\easdrv.sys [ESET] [ESET Smart Security] MD5=C7C17BC80B7264322207ABC31F20EA84 SIZE=30216

%SYSDIR%\DRIVERS\epfwtdir.sys [] MD5=74051DA749E5E89A14DDAB5BA4A03A7F SIZE=33800

%SYSDIR%\DRIVERS\KS-959.sys [Kingsun Corporation] [KSC Infrared Driver.] MD5=2AE47A0B7E05E9695F8C19B7D4E3F4C0 SIZE=19034

%SYSDIR%\svchost.exe -k LocalService []

%SYSDIR%\svchost -k rpcss []

%SYSDIR%\drivers\smwdm.sys [Analog Devices, Inc.] [soundMAX Digital Audio Driver] MD5=1D381A07361E4D6A8BE95026B3EBA47A SIZE=578368

%SYSDIR%\Drivers\sptd.sys [] SIZE=685816

%SYSDIR%\svchost.exe -k imgsvc []

%SYSDIR%\DRIVERS\viasraid.sys [VIA Technologies inc,.ltd] [Raid controller 6420 driver] MD5=EBE101C01D80A42868F57B327BE1B564 SIZE=77312

%SYSDIR%\svchost.exe -k WudfServiceGroup []

%SYSDIR%\Drivers\usbVM31b.sys [VM] MD5=F34E79AE663BFB36284CF2B4FA20B6F3 SIZE=90568

%PROGRAMFILES%\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=56319E6B4D190A2DEB4463A9CE4D4F74 SIZE=66072

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do HijackThis

  • Coloque o arquivo numa pasta própria em C:\;
  • Dê um duplo clique no HijackThis e clique em Do a system scan and save a logfile;
  • Copie o conteúdo do bloco de notas cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Josemelo!!

Desculpa a demora!

Segue baixo o log do Hijackthis

Agradeço a atenção!!!

Logfile of HijackThis v1.99.1

Scan saved at 16:03:15, on 9/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Tech\Wheel Mouse\5.3\MOUSE32A.EXE

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

C:\Arquivos de programas\Windows Media Player\setup_wm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60337

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Arquivos de programas\Tech\Wheel Mouse\5.3\MOUSE32A.EXE

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/light/UOLActiveInstall.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5216/mcfscan.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{12CAD2EF-7484-4006-93AF-D3740B8F14F1}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{12CAD2EF-7484-4006-93AF-D3740B8F14F1}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS2\Services\Tcpip\..\{12CAD2EF-7484-4006-93AF-D3740B8F14F1}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: McAfee Application Installer Cleanup (0265481187795469) (0265481187795469mcinstcleanup) - - (no file)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Josémaria!Abaixo Log do Combofix, valeu a atenção!!

ComboFix 08-04-09.9 - Deny 2008-04-10 16:10:39.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.654 [GMT -3:00]

Executando de: C:\Documents and Settings\Deny\Configurações locais\Temporary Internet Files\Content.IE5\HLCSW39E\ComboFix[1].exe

* Criado um novo ponto de restauro

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))

.

2008-04-05 21:14 . 2008-04-09 21:51 <DIR> d-------- C:\LinhaDefensiva

2008-04-04 18:21 . 2008-04-04 18:21 8,294,454 --a------ C:\WINDOWS\startup.bmp

2008-04-04 18:21 . 2004-08-04 09:00 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup

2008-04-04 18:02 . 2008-04-04 18:22 <DIR> d-------- C:\WINDOWS\VistaMizer

2008-03-23 16:47 . 2008-03-23 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Gabaritos

2008-03-22 16:53 . 2008-03-22 17:08 <DIR> d-------- C:\Documents and Settings\Deny\Dados de aplicativos\MyProxy

2008-03-22 14:23 . 2008-04-06 14:25 <DIR> d-------- C:\Documents and Settings\Deny\Phone Browser

2008-03-21 23:25 . 2008-03-21 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2008-03-21 23:24 . 2008-03-21 23:47 <DIR> d-------- C:\Arquivos de programas\NCH Swift Sound

2008-03-20 22:36 . 2008-03-20 22:36 <DIR> d-------- C:\Arquivos de programas\ESET

2008-03-20 19:10 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg

2008-03-20 19:10 . 2008-01-07 14:29 366 --ah----- C:\WINDOWS\nod32fixtemdono.reg

2008-03-19 17:20 . 2008-03-19 17:20 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Spyware Terminator

2008-03-19 17:01 . 2008-04-10 11:00 <DIR> d-------- C:\Documents and Settings\Deny\Dados de aplicativos\Spyware Terminator

2008-03-19 17:01 . 2008-04-06 11:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-03-19 17:01 . 2008-04-06 11:16 <DIR> d-------- C:\Arquivos de programas\Spyware Terminator

2008-03-19 17:01 . 2008-03-19 17:01 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2008-03-16 20:25 . 2008-03-16 20:25 <DIR> dr------- C:\Documents and Settings\Administrador\Meus documentos

2008-03-16 20:19 . 2007-07-11 10:42 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-03-16 20:19 . 2007-07-11 07:30 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-03-16 20:19 . 2008-03-16 20:19 <DIR> dr------- C:\Documents and Settings\Administrador\Favoritos

2008-03-16 20:19 . 2007-07-11 07:30 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-03-16 20:19 . 2008-03-16 20:19 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-03-14 17:16 . 2008-03-14 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-03-12 22:44 . 2008-03-19 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Link Axis Bat Wave

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-10 07:35 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-04-08 17:58 --------- d-----w C:\Documents and Settings\Deny\Dados de aplicativos\LimeWire

2008-04-06 17:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2008-04-06 14:56 --------- d-----w C:\Arquivos de programas\UOL

2008-04-04 21:21 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-04-01 14:51 2,887,680 ----a-w C:\WINDOWS\system32\VagalumePluginWMP.dll

2008-03-22 02:25 --------- d-----w C:\Documents and Settings\Deny\Dados de aplicativos\NCH Swift Sound

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 02:25 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-03-15 02:06 --------- d-----w C:\Arquivos de programas\AntiSpam UOL

2008-03-08 14:34 --------- d-----w C:\Arquivos de programas\EjoyStudio

2008-03-03 00:14 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-25 19:02 --------- d-----w C:\Arquivos de programas\Unlocker

2008-02-24 17:53 30,601 ----a-w C:\WINDOWS\java\x.exe

2008-02-22 19:31 --------- d-----w C:\Arquivos de programas\Tech

2008-02-22 16:48 --------- d-----w C:\Arquivos de programas\LimeWire

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

------- Sigcheck -------

2004-08-04 09:00 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\winlogon.exe

2004-08-04 09:00 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 09:00 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-02 15:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2004-08-04 09:00 2019328 31dfe96b6b6fa4c9ca098ceaf21b29a5 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-02 15:08 2019328 98c8c29bb2bd2427819674062604668c C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

2007-02-28 13:02 2276864 7872ca54be9c292bb5c90acd31c6e389 C:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 13:02 2276864 7872ca54be9c292bb5c90acd31c6e389 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 13:02 2019840 1f433c0f544a74459f035b71121a4569 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 15:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2004-08-04 09:00 2152448 91448d27f6dfaf50dd1d5fd3d8c1f3bd C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-02 15:08 2139648 7c9e84463bf6228660898395851464e0 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2007-02-28 13:02 2397184 0ab1dbe470bc386feee7747be4178091 C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 13:02 2397184 0ab1dbe470bc386feee7747be4178091 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-02-28 13:02 2140160 7aacd829f2a9bb4dace70cbfc6046934 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2007-06-13 10:21 1553920 980f587f1f99b324775ff56e2196f24a C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 09:00 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 10:21 1553920 980f587f1f99b324775ff56e2196f24a C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\VistaMizer\old\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 25088]

"FreeRAM XP"="C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]

"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2005-04-27 04:12 40960]

"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"LWBMOUSE"="C:\Arquivos de programas\Tech\Wheel Mouse\5.3\MOUSE32A.EXE" [2002-05-24 09:54 357376]

"UnlockerAssistant"="C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]

"SpywareTerminator"="C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-03-19 17:01 2957824]

"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-07-17 16:51 128512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-07-17 16:51 128512]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^VIA RAID TOOL.lnk]

backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Deny^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-05-11 03:06 40048 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atualizador - Puxa Rápido]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logo Site]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 10:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]

--a------ 2007-06-19 10:17 1241088 C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a------ 2007-06-18 15:10 271360 C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

--------- 2004-04-21 10:26 86016 C:\Arquivos de programas\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-03-14 03:43 83608 C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tspuf]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-19 17:01]

R3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-09 00:26]

R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2005-04-27 04:12]

S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-04 09:00]

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-07 12:55:00 C:\WINDOWS\Tasks\NOD32 Control Center.job"

- C:\ARQUIV~1\ESET\nod32kui.exe

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-10 16:15:42

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\nview.dll

-> C:\Arquivos de programas\Unlocker\UnlockerHook.dll

.

Tempo para conclusão: 2008-04-10 16:18:23

ComboFix-quarantined-files.txt 2008-04-10 19:18:03

Pre-Run: 26,453,270,528 bytes disponíveis

Post-Run: 26,449,756,160 bytes disponíveis

.

2008-04-10 07:33:23 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Lop S&D:

http://eric.71.mespages.googlepages.com/LopSD.exe

Para instalá-lo, na primeira tela escolha a opção "Je suis d'accord avec..." e clique em Suivant, depois em Quitter.

Na sua área de trabalho irá aparecer o ícone do Lop S&D. Clique sobre ele.

Na janela que abrir, na primeira tela pressione P de Português e aperte enter.

Na próxima tela pressione o numero 1 e enter.

Sua tela irá piscar. Isso é normal. Aguarde até que seja gerado um relatório.

Na sua próxima resposta, poste o relatório gerado pela ferramenta e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde! Abaixo o Log do Lop S&D e do Hijack This.Grato pela paciência!!

-----------------------[ Lop S&D 4.1.0-9 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Deny ] [ "C:\Lop SD" ]

[ sex 11/04/2008 | 17:24:09,70 ] [ PC : MAQ01 ]

[ MAJ : 08-04-2008 | 23:37 ]

-------------[ Lista de pastas em Application Data ]------------

[11/07/2007|07:30] C:\DOCUME~1\ADMINI~1\DADOSD~1\.

[11/07/2007|07:30] C:\DOCUME~1\ADMINI~1\DADOSD~1\..

[11/07/2007|07:30] C:\DOCUME~1\ADMINI~1\DADOSD~1\desktop.ini

[27/08/2007|11:57] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft

[19/03/2008|17:20] C:\DOCUME~1\ADMINI~1\DADOSD~1\Spyware Terminator

[21/03/2008|23:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\.

[21/03/2008|23:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\..

[13/08/2007|13:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[02/08/2007|04:03] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe Systems

[14/03/2008|23:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avira

[14/08/2007|12:50] C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

[11/07/2007|22:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink

[11/07/2007|07:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\desktop.ini

[09/02/2008|15:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\ESET

[13/07/2007|10:31] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[12/07/2007|12:57] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Grisoft

[12/07/2007|19:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Installations

[19/03/2008|23:21] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Link Axis Bat Wave

[22/08/2007|20:04] C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee

[11/07/2007|22:42] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[02/03/2008|21:16] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[21/03/2008|23:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NCH Swift Sound

[08/12/2007|00:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[30/07/2007|20:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NVIDIA

[10/11/2007|22:01] C:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles

[06/04/2008|14:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\PC Suite

[18/11/2007|01:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[06/04/2008|11:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spyware Terminator

[18/11/2007|01:37] C:\DOCUME~1\ALLUSE~1\DADOSD~1\SUPERAntiSpyware.com

[02/03/2008|21:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[30/07/2007|20:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\UOL

[11/07/2007|11:20] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[18/10/2007|05:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Live Toolbar

[10/11/2007|13:19] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

[09/08/2007|00:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Yahoo!

[11/07/2007|07:30] C:\DOCUME~1\DEFAUL~1\DADOSD~1\.

[11/07/2007|07:30] C:\DOCUME~1\DEFAUL~1\DADOSD~1\..

[11/07/2007|07:30] C:\DOCUME~1\DEFAUL~1\DADOSD~1\desktop.ini

[27/08/2007|11:57] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

[19/03/2008|23:22] C:\DOCUME~1\Deny\DADOSD~1\.

[19/03/2008|23:22] C:\DOCUME~1\Deny\DADOSD~1\..

[23/07/2007|15:46] C:\DOCUME~1\Deny\DADOSD~1\.googlewebacchosts

[10/09/2007|19:43] C:\DOCUME~1\Deny\DADOSD~1\Adobe

[18/11/2007|00:40] C:\DOCUME~1\Deny\DADOSD~1\CyberLink

[11/07/2007|07:30] C:\DOCUME~1\Deny\DADOSD~1\desktop.ini

[11/11/2007|19:24] C:\DOCUME~1\Deny\DADOSD~1\GetRight

[24/10/2007|23:58] C:\DOCUME~1\Deny\DADOSD~1\Google

[26/11/2007|07:43] C:\DOCUME~1\Deny\DADOSD~1\Help

[11/04/2008|16:37] C:\DOCUME~1\Deny\DADOSD~1\LimeWire

[13/07/2007|16:49] C:\DOCUME~1\Deny\DADOSD~1\Macromedia

[08/03/2008|11:35] C:\DOCUME~1\Deny\DADOSD~1\Microsoft

[22/03/2008|17:08] C:\DOCUME~1\Deny\DADOSD~1\MyProxy

[21/03/2008|23:25] C:\DOCUME~1\Deny\DADOSD~1\NCH Swift Sound

[14/11/2007|15:16] C:\DOCUME~1\Deny\DADOSD~1\Nero

[15/08/2007|16:21] C:\DOCUME~1\Deny\DADOSD~1\NMM-MetaData.db

[26/01/2008|18:21] C:\DOCUME~1\Deny\DADOSD~1\Nokia

[15/08/2007|16:19] C:\DOCUME~1\Deny\DADOSD~1\Nokia Multimedia Player

[12/07/2007|19:28] C:\DOCUME~1\Deny\DADOSD~1\PC Suite

[04/02/2008|23:14] C:\DOCUME~1\Deny\DADOSD~1\Real

[08/12/2007|18:01] C:\DOCUME~1\Deny\DADOSD~1\SecuROM

[18/12/2007|19:34] C:\DOCUME~1\Deny\DADOSD~1\Sony Ericsson

[11/04/2008|11:00] C:\DOCUME~1\Deny\DADOSD~1\Spyware Terminator

[13/07/2007|11:48] C:\DOCUME~1\Deny\DADOSD~1\Sun

[18/11/2007|01:37] C:\DOCUME~1\Deny\DADOSD~1\SUPERAntiSpyware.com

[18/12/2007|19:35] C:\DOCUME~1\Deny\DADOSD~1\Teleca

[13/11/2007|10:36] C:\DOCUME~1\Deny\DADOSD~1\Ti Software

[28/07/2007|19:48] C:\DOCUME~1\Deny\DADOSD~1\UOL

[31/08/2007|01:34] C:\DOCUME~1\Deny\DADOSD~1\WinRAR

[12/07/2007|12:57] C:\DOCUME~1\LOCALS~1\DADOSD~1\.

[12/07/2007|12:57] C:\DOCUME~1\LOCALS~1\DADOSD~1\..

[08/10/2007|19:36] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

[27/08/2007|14:48] C:\DOCUME~1\NETWOR~1\DADOSD~1\.

[27/08/2007|14:48] C:\DOCUME~1\NETWOR~1\DADOSD~1\..

[27/08/2007|14:48] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

----------------[ Tarefas Agendadas na pasta C:\WINDOWS\Tasks ]---------------

[07/04/2008 09:55][--a------] C:\WINDOWS\tasks\NOD32 Control Center.job

[10/04/2008 17:43][--ah-----] C:\WINDOWS\tasks\SA.DAT

[04/08/2004 09:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Lista de pastas em C:\Arquivos de programas ]--------------

[06/04/2008|10:43] C:\Arquivos de programas\.

[06/04/2008|10:43] C:\Arquivos de programas\..

[13/08/2007|13:35] C:\Arquivos de programas\Adobe

[31/01/2008|16:23] C:\Arquivos de programas\Ahead

[11/07/2007|11:24] C:\Arquivos de programas\Analog Devices

[14/03/2008|23:06] C:\Arquivos de programas\AntiSpam UOL

[14/03/2008|16:28] C:\Arquivos de programas\Arquivos comuns

[13/12/2007|20:53] C:\Arquivos de programas\CyberLink DVD Solution

[12/07/2007|19:25] C:\Arquivos de programas\DIFX

[08/03/2008|11:34] C:\Arquivos de programas\EjoyStudio

[20/03/2008|22:36] C:\Arquivos de programas\ESET

[08/12/2007|17:52] C:\Arquivos de programas\InstallShield Installation Information

[10/04/2008|04:31] C:\Arquivos de programas\Internet Explorer

[12/07/2007|21:11] C:\Arquivos de programas\Java

[22/02/2008|13:48] C:\Arquivos de programas\LimeWire

[02/08/2007|16:06] C:\Arquivos de programas\Marcos Velasco Security

[10/04/2008|04:35] C:\Arquivos de programas\Messenger Plus! Live

[11/07/2007|10:47] C:\Arquivos de programas\microsoft frontpage

[11/07/2007|18:03] C:\Arquivos de programas\Microsoft Office

[11/07/2007|18:03] C:\Arquivos de programas\Microsoft Visual Studio

[11/07/2007|18:03] C:\Arquivos de programas\Microsoft Works

[11/07/2007|18:04] C:\Arquivos de programas\Microsoft.NET

[11/07/2007|13:23] C:\Arquivos de programas\mm

[04/04/2008|18:25] C:\Arquivos de programas\Movie Maker

[15/07/2007|12:53] C:\Arquivos de programas\mp3DirectCut

[11/07/2007|10:42] C:\Arquivos de programas\MSN Gaming Zone

[15/09/2007|10:52] C:\Arquivos de programas\NCH Software

[21/03/2008|23:47] C:\Arquivos de programas\NCH Swift Sound

[04/04/2008|18:25] C:\Arquivos de programas\NetMeeting

[12/07/2007|19:26] C:\Arquivos de programas\Nokia

[04/04/2008|18:25] C:\Arquivos de programas\Outlook Express

[12/07/2007|19:24] C:\Arquivos de programas\PC Connectivity Solution

[04/02/2008|22:59] C:\Arquivos de programas\Real

[31/08/2007|12:11] C:\Arquivos de programas\RkSoft

[17/07/2007|16:51] C:\Arquivos de programas\Scpad

[11/07/2007|10:44] C:\Arquivos de programas\Servi‡os on-line

[06/04/2008|11:16] C:\Arquivos de programas\Spyware Terminator

[31/08/2007|01:45] C:\Arquivos de programas\Syncsoft

[22/02/2008|16:31] C:\Arquivos de programas\Tech

[01/10/2004|15:00] C:\Arquivos de programas\Uninstall_CDS.exe

[25/02/2008|16:02] C:\Arquivos de programas\Unlocker

[06/04/2008|11:56] C:\Arquivos de programas\UOL

[11/07/2007|11:23] C:\Arquivos de programas\VIA

[06/02/2008|07:41] C:\Arquivos de programas\Windows Live

[19/03/2008|23:25] C:\Arquivos de programas\Windows Live Toolbar

[11/07/2007|11:24] C:\Arquivos de programas\Windows Media Connect 2

[04/04/2008|18:25] C:\Arquivos de programas\Windows Media Player

[04/04/2008|18:25] C:\Arquivos de programas\Windows NT

[26/07/2007|17:13] C:\Arquivos de programas\WinRAR

[02/02/2008|19:53] C:\Arquivos de programas\WinZip

[11/07/2007|10:47] C:\Arquivos de programas\xerox

[30/07/2007|16:53] C:\Arquivos de programas\YourWare Solutions

------[ Lista de pastas em C:\Arquivos de programas\Arquivos comuns ]------

[14/03/2008|16:28] C:\Arquivos de programas\Arquivos comuns\.

[14/03/2008|16:28] C:\Arquivos de programas\Arquivos comuns\..

[13/08/2007|13:36] C:\Arquivos de programas\Arquivos comuns\Adobe

[02/08/2007|03:33] C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

[24/12/2007|20:51] C:\Arquivos de programas\Arquivos comuns\Ahead

[16/08/2007|16:06] C:\Arquivos de programas\Arquivos comuns\Cisco Systems

[11/07/2007|18:03] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[11/07/2007|21:10] C:\Arquivos de programas\Arquivos comuns\InstallShield

[12/07/2007|20:57] C:\Arquivos de programas\Arquivos comuns\Java

[18/08/2007|18:29] C:\Arquivos de programas\Arquivos comuns\LogoManager

[08/12/2007|18:00] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[11/07/2007|10:44] C:\Arquivos de programas\Arquivos comuns\MSSoap

[12/07/2007|19:26] C:\Arquivos de programas\Arquivos comuns\Nokia

[12/07/2007|19:26] C:\Arquivos de programas\Arquivos comuns\PCSuite

[04/02/2008|23:00] C:\Arquivos de programas\Arquivos comuns\Real

[11/07/2007|10:44] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[11/07/2007|07:30] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[04/04/2008|18:25] C:\Arquivos de programas\Arquivos comuns\System

[10/11/2007|14:15] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

[04/02/2008|23:00] C:\Arquivos de programas\Arquivos comuns\xing shared

----------------------[ Procura pelo S_Lop ]---------------------

Não foram encontradas pastas com o Lop!

-----------------[ Procura por Arquivos/Ficheiros e pastas do Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\DADOSD~1\Link Axis Bat Wave

----------------------[ Procura no Registro ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------[ Verificando o Arquivos/Ficheiros Hosts ]---------------------

Arquivos/Ficheiros Hosts LIMPO

----------------[ Procurando Arquivos/Ficheiros ocultos com o Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-11 17:25:03

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------[ Procurando por outras infecções ]---------------------

Não foram encontradas outras infecções.

/!\ [Fich:172][Doss:3] C:\DOCUME~1\Deny\CONFIG~1\Temp

/!\ [Fich:47][Doss:0] C:\DOCUME~1\Deny\Cookies

/!\ [Fich:495][Doss:9] C:\DOCUME~1\Deny\CONFIG~1\TEMPOR~1\content.IE5

--------------------[ Verificação completa em 17:28:01,82 ]----------------------

Logfile of HijackThis v1.99.1

Scan saved at 17:38:57, on 11/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Tech\Wheel Mouse\5.3\MOUSE32A.EXE

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\LimeWire\LimeWire.exe

C:\WINDOWS\system32\rsvp.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Arquivos de programas\Tech\Wheel Mouse\5.3\MOUSE32A.EXE

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/light/UOLActiveInstall.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5216/mcfscan.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{12CAD2EF-7484-4006-93AF-D3740B8F14F1}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{12CAD2EF-7484-4006-93AF-D3740B8F14F1}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: McAfee Application Installer Cleanup (0265481187795469) (0265481187795469mcinstcleanup) - - (no file)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Dê um duplo clique no Lop SSD, tecle "P", digite 2 e pressione "enter".

Poste o log aqui, juntamente com um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

-----------------------[ Lop S&D 4.1.0-9 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Deny ] [ "C:\Lop SD" ]

[ s*b 12/04/2008 | 13:27:03,43 ] [ PC : MAQ01 ]

[ MAJ : 08-04-2008 | 23:37 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS ////////////////////////////////

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Link Axis Bat Wave

Arquivos/Ficheiros Hosts RESTAURADO

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Lista de pastas em Application Data ]------------

[11/07/2007|07:30] C:\DOCUME~1\ADMINI~1\DADOSD~1\.

[11/07/2007|07:30] C:\DOCUME~1\ADMINI~1\DADOSD~1\..

[11/07/2007|07:30] C:\DOCUME~1\ADMINI~1\DADOSD~1\desktop.ini

[27/08/2007|11:57] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft

[19/03/2008|17:20] C:\DOCUME~1\ADMINI~1\DADOSD~1\Spyware Terminator

[12/04/2008|13:27] C:\DOCUME~1\ALLUSE~1\DADOSD~1\.

[12/04/2008|13:27] C:\DOCUME~1\ALLUSE~1\DADOSD~1\..

[13/08/2007|13:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[02/08/2007|04:03] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe Systems

[14/03/2008|23:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avira

[14/08/2007|12:50] C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

[11/07/2007|22:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink

[11/07/2007|07:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\desktop.ini

[09/02/2008|15:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\ESET

[13/07/2007|10:31] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[12/07/2007|12:57] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Grisoft

[12/07/2007|19:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Installations

[22/08/2007|20:04] C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee

[11/07/2007|22:42] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[02/03/2008|21:16] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[21/03/2008|23:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NCH Swift Sound

[08/12/2007|00:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[30/07/2007|20:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NVIDIA

[10/11/2007|22:01] C:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles

[06/04/2008|14:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\PC Suite

[18/11/2007|01:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[12/04/2008|12:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spyware Terminator

[18/11/2007|01:37] C:\DOCUME~1\ALLUSE~1\DADOSD~1\SUPERAntiSpyware.com

[02/03/2008|21:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[30/07/2007|20:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\UOL

[11/07/2007|11:20] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[18/10/2007|05:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Live Toolbar

[10/11/2007|13:19] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

[09/08/2007|00:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Yahoo!

[11/07/2007|07:30] C:\DOCUME~1\DEFAUL~1\DADOSD~1\.

[11/07/2007|07:30] C:\DOCUME~1\DEFAUL~1\DADOSD~1\..

[11/07/2007|07:30] C:\DOCUME~1\DEFAUL~1\DADOSD~1\desktop.ini

[27/08/2007|11:57] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

[19/03/2008|23:22] C:\DOCUME~1\Deny\DADOSD~1\.

[19/03/2008|23:22] C:\DOCUME~1\Deny\DADOSD~1\..

[23/07/2007|15:46] C:\DOCUME~1\Deny\DADOSD~1\.googlewebacchosts

[10/09/2007|19:43] C:\DOCUME~1\Deny\DADOSD~1\Adobe

[18/11/2007|00:40] C:\DOCUME~1\Deny\DADOSD~1\CyberLink

[11/07/2007|07:30] C:\DOCUME~1\Deny\DADOSD~1\desktop.ini

[11/11/2007|19:24] C:\DOCUME~1\Deny\DADOSD~1\GetRight

[24/10/2007|23:58] C:\DOCUME~1\Deny\DADOSD~1\Google

[26/11/2007|07:43] C:\DOCUME~1\Deny\DADOSD~1\Help

[11/04/2008|16:37] C:\DOCUME~1\Deny\DADOSD~1\LimeWire

[13/07/2007|16:49] C:\DOCUME~1\Deny\DADOSD~1\Macromedia

[08/03/2008|11:35] C:\DOCUME~1\Deny\DADOSD~1\Microsoft

[22/03/2008|17:08] C:\DOCUME~1\Deny\DADOSD~1\MyProxy

[21/03/2008|23:25] C:\DOCUME~1\Deny\DADOSD~1\NCH Swift Sound

[14/11/2007|15:16] C:\DOCUME~1\Deny\DADOSD~1\Nero

[15/08/2007|16:21] C:\DOCUME~1\Deny\DADOSD~1\NMM-MetaData.db

[26/01/2008|18:21] C:\DOCUME~1\Deny\DADOSD~1\Nokia

[15/08/2007|16:19] C:\DOCUME~1\Deny\DADOSD~1\Nokia Multimedia Player

[12/07/2007|19:28] C:\DOCUME~1\Deny\DADOSD~1\PC Suite

[04/02/2008|23:14] C:\DOCUME~1\Deny\DADOSD~1\Real

[08/12/2007|18:01] C:\DOCUME~1\Deny\DADOSD~1\SecuROM

[18/12/2007|19:34] C:\DOCUME~1\Deny\DADOSD~1\Sony Ericsson

[12/04/2008|11:00] C:\DOCUME~1\Deny\DADOSD~1\Spyware Terminator

[13/07/2007|11:48] C:\DOCUME~1\Deny\DADOSD~1\Sun

[18/11/2007|01:37] C:\DOCUME~1\Deny\DADOSD~1\SUPERAntiSpyware.com

[18/12/2007|19:35] C:\DOCUME~1\Deny\DADOSD~1\Teleca

[13/11/2007|10:36] C:\DOCUME~1\Deny\DADOSD~1\Ti Software

[28/07/2007|19:48] C:\DOCUME~1\Deny\DADOSD~1\UOL

[31/08/2007|01:34] C:\DOCUME~1\Deny\DADOSD~1\WinRAR

[12/07/2007|12:57] C:\DOCUME~1\LOCALS~1\DADOSD~1\.

[12/07/2007|12:57] C:\DOCUME~1\LOCALS~1\DADOSD~1\..

[08/10/2007|19:36] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

[27/08/2007|14:48] C:\DOCUME~1\NETWOR~1\DADOSD~1\.

[27/08/2007|14:48] C:\DOCUME~1\NETWOR~1\DADOSD~1\..

[27/08/2007|14:48] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

----------------[ Tarefas Agendadas na pasta C:\WINDOWS\Tasks ]---------------

[07/04/2008 09:55][--a------] C:\WINDOWS\tasks\NOD32 Control Center.job

[11/04/2008 20:41][--ah-----] C:\WINDOWS\tasks\SA.DAT

[04/08/2004 09:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Lista de pastas em C:\Arquivos de programas ]--------------

[06/04/2008|10:43] C:\Arquivos de programas\.

[06/04/2008|10:43] C:\Arquivos de programas\..

[13/08/2007|13:35] C:\Arquivos de programas\Adobe

[31/01/2008|16:23] C:\Arquivos de programas\Ahead

[11/07/2007|11:24] C:\Arquivos de programas\Analog Devices

[14/03/2008|23:06] C:\Arquivos de programas\AntiSpam UOL

[14/03/2008|16:28] C:\Arquivos de programas\Arquivos comuns

[13/12/2007|20:53] C:\Arquivos de programas\CyberLink DVD Solution

[12/07/2007|19:25] C:\Arquivos de programas\DIFX

[08/03/2008|11:34] C:\Arquivos de programas\EjoyStudio

[20/03/2008|22:36] C:\Arquivos de programas\ESET

[08/12/2007|17:52] C:\Arquivos de programas\InstallShield Installation Information

[10/04/2008|04:31] C:\Arquivos de programas\Internet Explorer

[12/07/2007|21:11] C:\Arquivos de programas\Java

[22/02/2008|13:48] C:\Arquivos de programas\LimeWire

[02/08/2007|16:06] C:\Arquivos de programas\Marcos Velasco Security

[10/04/2008|04:35] C:\Arquivos de programas\Messenger Plus! Live

[11/07/2007|10:47] C:\Arquivos de programas\microsoft frontpage

[11/07/2007|18:03] C:\Arquivos de programas\Microsoft Office

[11/07/2007|18:03] C:\Arquivos de programas\Microsoft Visual Studio

[11/07/2007|18:03] C:\Arquivos de programas\Microsoft Works

[11/07/2007|18:04] C:\Arquivos de programas\Microsoft.NET

[11/07/2007|13:23] C:\Arquivos de programas\mm

[04/04/2008|18:25] C:\Arquivos de programas\Movie Maker

[15/07/2007|12:53] C:\Arquivos de programas\mp3DirectCut

[11/07/2007|10:42] C:\Arquivos de programas\MSN Gaming Zone

[15/09/2007|10:52] C:\Arquivos de programas\NCH Software

[21/03/2008|23:47] C:\Arquivos de programas\NCH Swift Sound

[04/04/2008|18:25] C:\Arquivos de programas\NetMeeting

[12/07/2007|19:26] C:\Arquivos de programas\Nokia

[04/04/2008|18:25] C:\Arquivos de programas\Outlook Express

[12/07/2007|19:24] C:\Arquivos de programas\PC Connectivity Solution

[04/02/2008|22:59] C:\Arquivos de programas\Real

[31/08/2007|12:11] C:\Arquivos de programas\RkSoft

[17/07/2007|16:51] C:\Arquivos de programas\Scpad

[11/07/2007|10:44] C:\Arquivos de programas\Servi‡os on-line

[12/04/2008|12:00] C:\Arquivos de programas\Spyware Terminator

[31/08/2007|01:45] C:\Arquivos de programas\Syncsoft

[22/02/2008|16:31] C:\Arquivos de programas\Tech

[01/10/2004|15:00] C:\Arquivos de programas\Uninstall_CDS.exe

[25/02/2008|16:02] C:\Arquivos de programas\Unlocker

[06/04/2008|11:56] C:\Arquivos de programas\UOL

[11/07/2007|11:23] C:\Arquivos de programas\VIA

[06/02/2008|07:41] C:\Arquivos de programas\Windows Live

[19/03/2008|23:25] C:\Arquivos de programas\Windows Live Toolbar

[11/07/2007|11:24] C:\Arquivos de programas\Windows Media Connect 2

[04/04/2008|18:25] C:\Arquivos de programas\Windows Media Player

[04/04/2008|18:25] C:\Arquivos de programas\Windows NT

[26/07/2007|17:13] C:\Arquivos de programas\WinRAR

[02/02/2008|19:53] C:\Arquivos de programas\WinZip

[11/07/2007|10:47] C:\Arquivos de programas\xerox

[30/07/2007|16:53] C:\Arquivos de programas\YourWare Solutions

------[ Lista de pastas em C:\Arquivos de programas\Arquivos comuns ]------

[14/03/2008|16:28] C:\Arquivos de programas\Arquivos comuns\.

[14/03/2008|16:28] C:\Arquivos de programas\Arquivos comuns\..

[13/08/2007|13:36] C:\Arquivos de programas\Arquivos comuns\Adobe

[02/08/2007|03:33] C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

[24/12/2007|20:51] C:\Arquivos de programas\Arquivos comuns\Ahead

[16/08/2007|16:06] C:\Arquivos de programas\Arquivos comuns\Cisco Systems

[11/07/2007|18:03] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[11/07/2007|21:10] C:\Arquivos de programas\Arquivos comuns\InstallShield

[12/07/2007|20:57] C:\Arquivos de programas\Arquivos comuns\Java

[18/08/2007|18:29] C:\Arquivos de programas\Arquivos comuns\LogoManager

[08/12/2007|18:00] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[11/07/2007|10:44] C:\Arquivos de programas\Arquivos comuns\MSSoap

[12/07/2007|19:26] C:\Arquivos de programas\Arquivos comuns\Nokia

[12/07/2007|19:26] C:\Arquivos de programas\Arquivos comuns\PCSuite

[04/02/2008|23:00] C:\Arquivos de programas\Arquivos comuns\Real

[11/07/2007|10:44] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[11/07/2007|07:30] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[04/04/2008|18:25] C:\Arquivos de programas\Arquivos comuns\System

[10/11/2007|14:15] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

[04/02/2008|23:00] C:\Arquivos de programas\Arquivos comuns\xing shared

----------------------[ Procura pelo S_Lop ]---------------------

Não foram encontradas pastas com o Lop!

-----------------[ Procura por Arquivos/Ficheiros e pastas do Lop ]-----------------

Não foram encontradas pastas com o Lop!

----------------------[ Procura no Registro ]----------------------

..... OK !

--------------------[ Verificando o Arquivos/Ficheiros Hosts ]---------------------

Arquivos/Ficheiros Hosts LIMPO

----------------[ Procurando Arquivos/Ficheiros ocultos com o Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-12 13:27:57

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

--------------------[ Procurando por outras infecções ]---------------------

Não foram encontradas outras infecções.

/!\ [Fich:254][Doss:3] C:\DOCUME~1\Deny\CONFIG~1\Temp

/!\ [Fich:27][Doss:0] C:\DOCUME~1\Deny\Cookies

/!\ [Fich:598][Doss:4] C:\DOCUME~1\Deny\CONFIG~1\TEMPOR~1\content.IE5

--------------------[ Verificação completa em 13:31:11,65 ]----------------------

Logfile of HijackThis v1.99.1

Scan saved at 13:34:06, on 12/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\VM_STI.EXE

C:\Arquivos de programas\Tech\Wheel Mouse\5.3\MOUSE32A.EXE

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\rsvp.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Arquivos de programas\Tech\Wheel Mouse\5.3\MOUSE32A.EXE

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [spywareTerminator] "C:\ARQUIV~1\SPYWAR~1\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Arquivos de programas\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorUOL/light/UOLActiveInstall.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5216/mcfscan.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{12CAD2EF-7484-4006-93AF-D3740B8F14F1}: NameServer = 200.204.0.10 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{12CAD2EF-7484-4006-93AF-D3740B8F14F1}: NameServer = 200.204.0.10 200.204.0.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: McAfee Application Installer Cleanup (0265481187795469) (0265481187795469mcinstcleanup) - - (no file)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×