Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
mafay

Olá, por favor, me ajudem !!!

Recommended Posts

Olá ! Por favor, me ajudem ! Ontem fui instalar um serial e na verdade era um vírus ! Desde então, a tela do meu desktop ficou branca, aparecem mensagens estranhas e janelas de pop-up que eu nunca vi antes e que não têm nada a ver com nada ! Tenho quase certeza que ainda estou com o vírus, mesmo com o Norton instalado. Obs.:

Apareceu aqui um tal de "Trojan Fakeavalert", entre outros ! Preciso muito da ajuda de vocês ! Como tiro esses vírus todos ???

Obrigado desde já por sua atenção !

A minha configuração é:

Windows Vista Home Premium 32-bits

Intel Core 2 Quad Q6600 @ 2.40 GHZ

2 GB Memória DDR2 667 Kingston

ATI Radeon HD 3870 512MB

HD WD 500 GB (2 partições)

Motherboard Gigabyte GA-X38-DQ6

Obrigado desde já !!!

Ah, fiz um log do Hijack This, tá aqui:

Logfile of HijackThis v1.99.1

Scan saved at 00:58:14, on 16/09/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

C:\Windows\vVX3000.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Exibir Barra de ferramentas do Norton - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sMrhc9f4j0eeeg] C:\Program Files\rhc9f4j0eeeg\rhc9f4j0eeeg.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.1.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SessionLauncher - Unknown owner - C:\Users\Matheus\AppData\Local\Temp\DX9\SessionLau ncher.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Editado por mafay

Compartilhar este post


Link para o post
Compartilhar em outros sites

Apareceu aqui um tal de "Trojan Fakeavalert", entre outros ! Preciso muito da ajuda de vocês ! Como tiro esses vírus todos ???

Obrigado desde já por sua atenção !

Compartilhar este post


Link para o post
Compartilhar em outros sites

Acredito que o meu log do Hijack This seja este :

Logfile of HijackThis v1.99.1

Scan saved at 00:58:14, on 16/09/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

C:\Windows\vVX3000.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Exibir Barra de ferramentas do Norton - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sMrhc9f4j0eeeg] C:\Program Files\rhc9f4j0eeeg\rhc9f4j0eeeg.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SessionLauncher - Unknown owner - C:\Users\Matheus\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Siga as instruções contidas no link abaixo e instale e execute o Combofix:

http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

  • É importante que instale a console de recuperação também.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt).
  • Cole o conteúdo desse arquivo e faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver rodando, isso pode fazer com que o pc pare.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize correctamente poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano, aqui está o log do ComboFix:

ComboFix 08-09-15.02 - Matheus 2008-09-16 9:25:02.2 - NTFSx86

Executando de: C:\Users\Matheus\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\akl

C:\Program Files\akl\akl.dll

C:\Program Files\akl\akl.exe

C:\Program Files\akl\uninstall.exe

C:\Program Files\akl\unsetup.exe

C:\Program Files\Inet Delivery

C:\Program Files\Inet Delivery\inetdl.exe

C:\Program Files\Inet Delivery\intdel.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk

C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Cookies\matheus@clicktorrent[1].txt

C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Cookies\matheus@insightexpressai[2].txt

C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Cookies\matheus@revsci[2].txt

C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Cookies\matheus@web2.checkm8[1].txt

C:\Users\Matheus\AppData\Roaming\rhc9f4j0eeeg

C:\Windows\a.bat

C:\Windows\base64.tmp

C:\Windows\bdn.com

C:\Windows\FVProtect.exe

C:\Windows\iTunesMusic.exe

C:\Windows\mslagent

C:\Windows\mslagent\2_mslagent.dll

C:\Windows\mslagent\mslagent.exe

C:\Windows\mslagent\uninstall.exe

C:\Windows\mssecu.exe

C:\Windows\system32\akttzn.exe

C:\Windows\system32\anticipator.dll

C:\Windows\system32\awtoolb.dll

C:\Windows\system32\bdn.com

C:\Windows\system32\blphccf4j0eeeg.scr

C:\Windows\system32\bsva-egihsg52.exe

C:\Windows\system32\dpcproxy.exe

C:\Windows\system32\emesx.dll

C:\Windows\system32\h@tkeysh@@k.dll

C:\Windows\system32\hoproxy.dll

C:\Windows\system32\hxiwlgpm.dat

C:\Windows\system32\hxiwlgpm.exe

C:\Windows\system32\medup012.dll

C:\Windows\system32\medup020.dll

C:\Windows\system32\msgp.exe

C:\Windows\system32\msnbho.dll

C:\Windows\system32\mssecu.exe

C:\Windows\system32\msvchost.exe

C:\Windows\system32\mtr2.exe

C:\Windows\system32\mwin32.exe

C:\Windows\system32\netode.exe

C:\Windows\system32\newsd32.exe

C:\Windows\system32\prsgrc.dll

C:\Windows\system32\ps1.exe

C:\Windows\system32\psof1.exe

C:\Windows\system32\psoft1.exe

C:\Windows\system32\regc64.dll

C:\Windows\system32\regm64.dll

C:\Windows\system32\Rundl1.exe

C:\Windows\system32\smp

C:\Windows\system32\smp\msrc.exe

C:\Windows\system32\sncntr.exe

C:\Windows\system32\ssprs.dll

C:\Windows\system32\ssurf022.dll

C:\Windows\system32\ssvchost.com

C:\Windows\system32\ssvchost.exe

C:\Windows\system32\sysreq.exe

C:\Windows\system32\taack.dat

C:\Windows\system32\taack.exe

C:\Windows\system32\temp#01.exe

C:\Windows\system32\thun.dll

C:\Windows\system32\thun32.dll

C:\Windows\system32\VBIEWER.OCX

C:\Windows\system32\vbsys2.dll

C:\Windows\system32\vcatchpi.dll

C:\Windows\system32\winlogonpc.exe

C:\Windows\system32\winsystem.exe

C:\Windows\system32\WINWGPX.EXE

C:\Windows\system32\x2oopy3.dll

C:\Windows\userconfig9x.dll

C:\Windows\winsystem.exe

C:\Windows\zip1.tmp

C:\Windows\zip2.tmp

C:\Windows\zip3.tmp

C:\Windows\zipped.tmp

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-16 to 2008-09-16 ))))))))))))))))))))))))))))))))

.

2008-09-16 09:22 . 2008-09-16 09:23 <DIR> d-------- C:\32788R22FWJFW

2008-09-16 09:21 . 2008-09-16 09:21 270,682,267 --a------ C:\Windows\MEMORY.DMP

2008-09-16 00:55 . 2008-09-16 01:05 <DIR> d-------- C:\HijackThis

2008-09-16 00:41 . 2008-09-16 00:42 <DIR> d-------- C:\Program Files\rhc9f4j0eeeg

2008-09-15 03:42 . 2008-09-15 23:32 <DIR> d-------- C:\Users\All Users\ajivstil

2008-09-15 03:42 . 2008-09-15 23:32 <DIR> d-------- C:\ProgramData\ajivstil

2008-09-15 03:41 . 2008-09-15 03:41 <DIR> d-------- C:\Program Files\SAV

2008-09-15 03:07 . 2008-04-07 05:38 22,872 -ra------ C:\Windows\System32\AdobePDFUI.dll

2008-09-15 01:33 . 2008-09-15 01:33 244 --ah----- C:\sqmnoopt04.sqm

2008-09-15 01:33 . 2008-09-15 01:33 232 --ah----- C:\sqmdata04.sqm

2008-09-15 01:10 . 2008-09-15 23:06 603,568 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT

2008-09-10 02:42 . 2008-07-30 22:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-10 02:42 . 2008-07-31 00:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-10 02:41 . 2008-08-01 22:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-10 02:41 . 2008-06-26 00:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-10 02:41 . 2008-06-26 00:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-10 02:41 . 2008-05-08 16:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-10 02:41 . 2008-05-19 23:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-10 02:41 . 2008-06-26 00:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-10 02:41 . 2008-08-02 00:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-10 01:15 . 2008-09-10 01:15 <DIR> d----c--- C:\Windows\System32\DRVSTORE

2008-09-10 01:15 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll

2008-09-10 01:15 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Program Files\iTunes

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Program Files\iPod

2008-09-10 01:12 . 2008-09-10 01:12 <DIR> d-------- C:\Program Files\QuickTime

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts

2008-09-05 22:16 . 2008-09-05 22:16 1,900,544 --a------ C:\Windows\System32\usbaaplrc.dll

2008-09-05 22:16 . 2008-09-05 22:16 36,864 --a------ C:\Windows\System32\drivers\usbaapl.sys

2008-09-04 23:03 . 2008-07-19 02:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-09-04 23:03 . 2008-07-19 00:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-09-04 23:03 . 2008-07-19 02:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-09-04 23:03 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-09-04 23:03 . 2008-07-19 00:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-09-04 23:03 . 2008-07-19 02:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-09-04 23:03 . 2008-07-19 02:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-09-04 23:03 . 2008-07-19 02:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-09-04 23:03 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-09-03 22:58 . 2008-09-03 22:58 <DIR> d-------- C:\Users\All Users\Macrovision

2008-09-03 22:58 . 2008-09-03 22:58 <DIR> d-------- C:\ProgramData\Macrovision

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Users\All Users\Macromedia

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Program Files\Macromedia

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared

2008-08-31 21:33 . 2008-07-31 10:40 509,448 --a------ C:\Windows\System32\XAudio2_2.dll

2008-08-31 21:33 . 2008-07-31 10:41 238,088 --a------ C:\Windows\System32\xactengine3_2.dll

2008-08-31 21:33 . 2008-07-31 10:41 68,616 --a------ C:\Windows\System32\XAPOFX1_1.dll

2008-08-31 21:32 . 2008-07-12 08:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll

2008-08-31 21:32 . 2008-07-12 08:18 1,493,528 --a------ C:\Windows\System32\D3DCompiler_39.dll

2008-08-31 21:32 . 2008-07-12 08:18 467,984 --a------ C:\Windows\System32\d3dx10_39.dll

2008-08-31 21:08 . 2008-08-31 21:08 244 --ah----- C:\sqmnoopt03.sqm

2008-08-31 21:08 . 2008-08-31 21:08 232 --ah----- C:\sqmdata03.sqm

2008-08-31 16:32 . 2008-08-31 16:32 <DIR> d-------- C:\Users\All Users\ATI

2008-08-31 16:32 . 2008-08-31 16:32 <DIR> d-------- C:\ProgramData\ATI

2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\Windows\System32\dns-sd.exe

2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\Windows\System32\dnssd.dll

2008-08-24 10:04 . 2008-08-24 10:04 1,409 --a------ C:\Windows\System32\tmp8D3DC.FOT

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-16 12:21 24,684 ----a-w C:\Windows\system32\drivers\stwrte.log

2008-09-16 02:23 --------- d-----w C:\ProgramData\Symantec

2008-09-16 02:10 --------- d-----w C:\Program Files\PicLensIE

2008-09-15 05:36 --------- d-----w C:\Program Files\Soulseek

2008-09-15 05:09 --------- d-----w C:\Users\Matheus\AppData\Roaming\uTorrent

2008-09-15 04:19 --------- d-----w C:\ProgramData\Microsoft Help

2008-09-10 04:13 --------- d-----w C:\Program Files\Bonjour

2008-09-10 04:12 --------- d-----w C:\Program Files\Common Files\Apple

2008-09-04 01:57 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-04 01:57 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-02 12:54 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-09-01 09:45 --------- d-----w C:\Program Files\Maxtor

2008-08-31 19:32 --------- d-----w C:\Program Files\ATI Technologies

2008-08-23 21:17 --------- d-----w C:\ProgramData\Roxio

2008-08-14 15:55 --------- d-----w C:\ProgramData\Soulseek

2008-08-13 20:01 --------- d-----w C:\Program Files\Windows Mail

2008-08-11 14:42 --------- d-----w C:\Program Files\Apple Software Update

2008-08-10 20:38 --------- d-----w C:\Program Files\Winamp

2008-08-10 20:11 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-07 16:09 --------- d-----w C:\Program Files\Google

2008-08-03 02:29 --------- d-----w C:\Program Files\ConvertHelper

2008-08-03 01:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-08-03 00:45 --------- d-----w C:\Users\Matheus\AppData\Roaming\Download Manager

2008-08-01 06:40 3,894,272 ----a-w C:\Windows\system32\drivers\atikmdag.sys

2008-08-01 04:47 425,984 ----a-w C:\Windows\System32\ATIDEMGX.dll

2008-08-01 04:47 327,680 ----a-w C:\Windows\System32\atipdlxx.dll

2008-08-01 04:47 258,048 ----a-w C:\Windows\System32\Oemdspif.dll

2008-08-01 04:47 159,744 ----a-w C:\Windows\System32\atitmmxx.dll

2008-08-01 04:46 43,520 ----a-w C:\Windows\System32\ati2edxx.dll

2008-08-01 04:46 270,336 ----a-w C:\Windows\System32\Ati2evxx.dll

2008-08-01 04:45 700,416 ----a-w C:\Windows\System32\Ati2evxx.exe

2008-08-01 04:37 1,717,248 ----a-w C:\Windows\System32\atidxx32.dll

2008-08-01 04:32 3,823,616 ----a-w C:\Windows\System32\atiumdag.dll

2008-08-01 04:15 4,463,104 ----a-w C:\Windows\System32\atiumdva.dll

2008-08-01 04:10 9,687,040 ----a-w C:\Windows\System32\atioglxx.dll

2008-08-01 04:04 50,688 ----a-w C:\Windows\System32\amdpcom32.dll

2008-08-01 04:03 45,568 ----a-w C:\Windows\System32\atiadlxx.dll

2008-08-01 03:51 53,248 ----a-w C:\Windows\system32\drivers\ati2erec.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-30 20:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-07-30 20:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-07-30 20:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat

2008-07-24 11:42 --------- d-----w C:\Program Files\Java

2008-07-23 16:04 --------- d-----w C:\Users\Matheus\AppData\Roaming\Nik Software

2008-07-22 00:19 --------- d-----w C:\ProgramData\WindowsSearch

2008-07-21 00:24 --------- d-----w C:\ProgramData\NOS

2008-07-21 00:24 --------- d-----w C:\Program Files\NOS

2008-07-20 01:58 --------- d-----w C:\Program Files\Common Files\Adobe AIR

2008-07-20 01:58 --------- d-----w C:\Program Files\Common Files\Adobe

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-07-09 08:05 129,520 ------w C:\Windows\System32\pxafs.dll

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-04-28 14:41 174 --sha-w C:\Program Files\desktop.ini

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]

"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]

"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX3000"="C:\Windows\vVX3000.exe" [2007-04-10 709992]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]

"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]

"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]

"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"SMrhc9f4j0eeeg"="C:\Program Files\rhc9f4j0eeeg\rhc9f4j0eeeg.exe" [2008-09-15 831488]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]

C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2159802879-3563328857-1018818435-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{826618AF-05A3-4EB9-BDAF-E1072EFDF5CC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{27FEBE45-007A-44A6-8006-04DDFC21A599}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{AFF59B68-5798-401E-AF8D-A5419AF4758E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{D7A8F939-FF70-4EBF-8158-7BB7869DA278}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{66C7DBB5-0DD1-45CF-972B-8C7A8B0BF1DD}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{C0CAD877-92DB-449E-AD94-01022DE80A03}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{798E16B4-BD00-46F3-AF92-60EECBFFEB06}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{16CEF735-5B0C-4FA6-A685-AED6243AB0A2}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{D17B833C-663A-4B62-BB8F-8CD8D342CBDB}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{026B18CE-B847-46F9-BB63-E00F8579FB2F}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0

"{39D3D7D6-EE78-4798-B057-4DE8B3D16E6A}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{0AC70683-4233-460D-8BB1-CB04537D7DAC}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{922B1A4F-7397-4039-9045-4FB30649DEF7}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{7279235B-BB2D-40D7-83D6-1AA5AD36DC68}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{098DCA32-D1A7-4936-8C64-40ACA437822D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{8BA9B463-5DC0-4248-9493-AF0CF6E03BF3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 1 (0x1)

R1 c2scsi;c2scsi;C:\Windows\system32\DRIVERS\c2scsi.sys [2007-08-18 252152]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080911.003\IDSvix86.sys [2008-03-20 261680]

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]

R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-01 3894272]

R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [ ]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]

S2 SessionLauncher;SessionLauncher;C:\Users\Matheus\AppData\Local\Temp\DX9\SessionLauncher.exe [ ]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e483931f-15e6-11dd-9296-001a4d5716d2}]

\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - COMHOST

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe

HKU-Default-RunOnce-<NO NAME> - (no file)

MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Users\Matheus\AppData\Roaming\Mozilla\Firefox\Profiles\5efngm1a.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.terra.com.br/

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll

FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll

FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll

.

.

------- File Associations -------

.

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-16 09:30:42

Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-16 9:32:35

ComboFix-quarantined-files.txt 2008-09-16 12:31:53

Pre-Run: 111,682,719,744 bytes disponíveis

Post-Run: 112,087,465,984 bytes disponíveis

344 --- E O F --- 2008-09-15 04:22:18

E o novo log do HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 09:36:28, on 16/09/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Windows\system32\conime.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Exibir Barra de ferramentas do Norton - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sMrhc9f4j0eeeg] C:\Program Files\rhc9f4j0eeeg\rhc9f4j0eeeg.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SessionLauncher - Unknown owner - C:\Users\Matheus\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

E agora, o que faço ? Ainda estou com os vírus, né ?

Obs.: Quando o meu Windows inicia, ele roda um tal de Windows XP Antivirus 2008 que eu nunca vi antes e nunca instalei. Ainda acho que isso é coisa que o vírus deixou em algum registro.

O que fazer ?

Abraços e muito obrigado !

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Preciso que envie uns arquivos para estudo. Para fazer isso, zip os arquivos e não se esqueça de colocar password (clique aqui e veja como fazer) e os envie para este meu mail.

Arquivos a enviar:

  • C:\Program Files\rhc9f4j0eeeg\rhc9f4j0eeeg.exe

Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMrhc9f4j0eeeg"=-
Folder::
C:\Program Files\rhc9f4j0eeeg
C:\Users\All Users\ajivstil
C:\ProgramData\ajivstil
C:\Program Files\SAV


  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Anexe esse arquivo C:\ComboFix.txt de acordo com estas instruções.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

[]'s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Lusitano ! Já mandei um e-mail para você com o arquivo zipado. Não consegui desativar o antivirus, mas rodei o combofix e foi gerado um log. Aqui está ele:

ComboFix 08-09-15.02 - Matheus 2008-09-16 15:49:27.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1046.18.1238 [GMT -3:00]

Executando de: C:\Users\Matheus\Desktop\ComboFix.exe

Command switches used :: C:\Users\Matheus\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Users\Matheus\AppData\Roaming\rhc9f4j0eeeg

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-16 to 2008-09-16 ))))))))))))))))))))))))))))))))

.

2008-09-16 09:21 . 2008-09-16 09:21 270,682,267 --a------ C:\Windows\MEMORY.DMP

2008-09-16 00:55 . 2008-09-16 09:36 <DIR> d-------- C:\HijackThis

2008-09-16 00:41 . 2008-09-16 15:44 <DIR> d-------- C:\Program Files\rhc9f4j0eeeg

2008-09-15 03:42 . 2008-09-15 23:32 <DIR> d-------- C:\Users\All Users\ajivstil

2008-09-15 03:42 . 2008-09-15 23:32 <DIR> d-------- C:\ProgramData\ajivstil

2008-09-15 03:41 . 2008-09-15 03:41 <DIR> d-------- C:\Program Files\SAV

2008-09-15 03:07 . 2008-04-07 05:38 22,872 -ra------ C:\Windows\System32\AdobePDFUI.dll

2008-09-15 01:33 . 2008-09-15 01:33 244 --ah----- C:\sqmnoopt04.sqm

2008-09-15 01:33 . 2008-09-15 01:33 232 --ah----- C:\sqmdata04.sqm

2008-09-15 01:10 . 2008-09-15 23:06 603,568 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT

2008-09-10 02:42 . 2008-07-30 22:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-10 02:42 . 2008-07-31 00:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-10 02:41 . 2008-08-01 22:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-10 02:41 . 2008-06-26 00:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-10 02:41 . 2008-06-26 00:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-10 02:41 . 2008-05-08 16:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-10 02:41 . 2008-05-19 23:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-10 02:41 . 2008-06-26 00:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-10 02:41 . 2008-08-02 00:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-10 01:15 . 2008-09-10 01:15 <DIR> d----c--- C:\Windows\System32\DRVSTORE

2008-09-10 01:15 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll

2008-09-10 01:15 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Program Files\iTunes

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Program Files\iPod

2008-09-10 01:12 . 2008-09-10 01:12 <DIR> d-------- C:\Program Files\QuickTime

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts

2008-09-05 22:16 . 2008-09-05 22:16 1,900,544 --a------ C:\Windows\System32\usbaaplrc.dll

2008-09-05 22:16 . 2008-09-05 22:16 36,864 --a------ C:\Windows\System32\drivers\usbaapl.sys

2008-09-04 23:03 . 2008-07-19 02:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-09-04 23:03 . 2008-07-19 00:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-09-04 23:03 . 2008-07-19 02:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-09-04 23:03 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-09-04 23:03 . 2008-07-19 00:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-09-04 23:03 . 2008-07-19 02:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-09-04 23:03 . 2008-07-19 02:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-09-04 23:03 . 2008-07-19 02:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-09-04 23:03 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-09-03 22:58 . 2008-09-03 22:58 <DIR> d-------- C:\Users\All Users\Macrovision

2008-09-03 22:58 . 2008-09-03 22:58 <DIR> d-------- C:\ProgramData\Macrovision

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Users\All Users\Macromedia

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Program Files\Macromedia

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared

2008-08-31 21:33 . 2008-07-31 10:40 509,448 --a------ C:\Windows\System32\XAudio2_2.dll

2008-08-31 21:33 . 2008-07-31 10:41 238,088 --a------ C:\Windows\System32\xactengine3_2.dll

2008-08-31 21:33 . 2008-07-31 10:41 68,616 --a------ C:\Windows\System32\XAPOFX1_1.dll

2008-08-31 21:32 . 2008-07-12 08:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll

2008-08-31 21:32 . 2008-07-12 08:18 1,493,528 --a------ C:\Windows\System32\D3DCompiler_39.dll

2008-08-31 21:32 . 2008-07-12 08:18 467,984 --a------ C:\Windows\System32\d3dx10_39.dll

2008-08-31 21:08 . 2008-08-31 21:08 244 --ah----- C:\sqmnoopt03.sqm

2008-08-31 21:08 . 2008-08-31 21:08 232 --ah----- C:\sqmdata03.sqm

2008-08-31 16:32 . 2008-08-31 16:32 <DIR> d-------- C:\Users\All Users\ATI

2008-08-31 16:32 . 2008-08-31 16:32 <DIR> d-------- C:\ProgramData\ATI

2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\Windows\System32\dns-sd.exe

2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\Windows\System32\dnssd.dll

2008-08-24 10:04 . 2008-08-24 10:04 1,409 --a------ C:\Windows\System32\tmp8D3DC.FOT

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-16 18:36 25,058 ----a-w C:\Windows\system32\drivers\stwrte.log

2008-09-16 02:23 --------- d-----w C:\ProgramData\Symantec

2008-09-16 02:10 --------- d-----w C:\Program Files\PicLensIE

2008-09-15 05:36 --------- d-----w C:\Program Files\Soulseek

2008-09-15 05:09 --------- d-----w C:\Users\Matheus\AppData\Roaming\uTorrent

2008-09-15 04:19 --------- d-----w C:\ProgramData\Microsoft Help

2008-09-10 04:13 --------- d-----w C:\Program Files\Bonjour

2008-09-10 04:12 --------- d-----w C:\Program Files\Common Files\Apple

2008-09-04 01:57 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-04 01:57 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-02 12:54 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-09-01 09:45 --------- d-----w C:\Program Files\Maxtor

2008-08-31 19:32 --------- d-----w C:\Program Files\ATI Technologies

2008-08-23 21:17 --------- d-----w C:\ProgramData\Roxio

2008-08-14 15:55 --------- d-----w C:\ProgramData\Soulseek

2008-08-13 20:01 --------- d-----w C:\Program Files\Windows Mail

2008-08-11 14:42 --------- d-----w C:\Program Files\Apple Software Update

2008-08-10 20:38 --------- d-----w C:\Program Files\Winamp

2008-08-10 20:11 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-07 16:09 --------- d-----w C:\Program Files\Google

2008-08-03 02:29 --------- d-----w C:\Program Files\ConvertHelper

2008-08-03 01:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-08-03 00:45 --------- d-----w C:\Users\Matheus\AppData\Roaming\Download Manager

2008-08-01 06:40 3,894,272 ----a-w C:\Windows\system32\drivers\atikmdag.sys

2008-08-01 04:47 425,984 ----a-w C:\Windows\System32\ATIDEMGX.dll

2008-08-01 04:47 327,680 ----a-w C:\Windows\System32\atipdlxx.dll

2008-08-01 04:47 258,048 ----a-w C:\Windows\System32\Oemdspif.dll

2008-08-01 04:47 159,744 ----a-w C:\Windows\System32\atitmmxx.dll

2008-08-01 04:46 43,520 ----a-w C:\Windows\System32\ati2edxx.dll

2008-08-01 04:46 270,336 ----a-w C:\Windows\System32\Ati2evxx.dll

2008-08-01 04:45 700,416 ----a-w C:\Windows\System32\Ati2evxx.exe

2008-08-01 04:37 1,717,248 ----a-w C:\Windows\System32\atidxx32.dll

2008-08-01 04:32 3,823,616 ----a-w C:\Windows\System32\atiumdag.dll

2008-08-01 04:15 4,463,104 ----a-w C:\Windows\System32\atiumdva.dll

2008-08-01 04:10 9,687,040 ----a-w C:\Windows\System32\atioglxx.dll

2008-08-01 04:04 50,688 ----a-w C:\Windows\System32\amdpcom32.dll

2008-08-01 04:03 45,568 ----a-w C:\Windows\System32\atiadlxx.dll

2008-08-01 03:51 53,248 ----a-w C:\Windows\system32\drivers\ati2erec.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-30 20:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-07-30 20:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-07-30 20:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat

2008-07-24 11:42 --------- d-----w C:\Program Files\Java

2008-07-23 16:04 --------- d-----w C:\Users\Matheus\AppData\Roaming\Nik Software

2008-07-22 00:19 --------- d-----w C:\ProgramData\WindowsSearch

2008-07-21 00:24 --------- d-----w C:\ProgramData\NOS

2008-07-21 00:24 --------- d-----w C:\Program Files\NOS

2008-07-20 01:58 --------- d-----w C:\Program Files\Common Files\Adobe AIR

2008-07-20 01:58 --------- d-----w C:\Program Files\Common Files\Adobe

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-07-09 08:05 129,520 ------w C:\Windows\System32\pxafs.dll

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-04-28 14:41 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((( snapshot@2008-09-16_ 9.31.07.80 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-16 12:21:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-09-16 18:36:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-09-16 12:21:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-09-16 18:36:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-09-16 12:24:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-16 18:39:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2008-09-16 12:24:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-16 18:39:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-16 18:39:42 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-09-16 03:59:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-16 18:36:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-09-16 03:59:34 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-16 18:36:55 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-16 03:59:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-16 18:36:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-16 12:25:27 8,800 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2159802879-3563328857-1018818435-1000_UserData.bin

+ 2008-09-16 18:39:57 8,800 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2159802879-3563328857-1018818435-1000_UserData.bin

- 2008-09-16 12:25:26 70,024 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-16 18:39:56 70,118 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-09-16 12:07:52 41,620 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-09-16 18:39:53 41,792 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]

"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]

"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX3000"="C:\Windows\vVX3000.exe" [2007-04-10 709992]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]

"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]

"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]

"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"SMrhc9f4j0eeeg"="C:\Program Files\rhc9f4j0eeeg\rhc9f4j0eeeg.exe" [2008-09-15 831488]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]

C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2159802879-3563328857-1018818435-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{826618AF-05A3-4EB9-BDAF-E1072EFDF5CC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{27FEBE45-007A-44A6-8006-04DDFC21A599}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{AFF59B68-5798-401E-AF8D-A5419AF4758E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{D7A8F939-FF70-4EBF-8158-7BB7869DA278}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{66C7DBB5-0DD1-45CF-972B-8C7A8B0BF1DD}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{C0CAD877-92DB-449E-AD94-01022DE80A03}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{798E16B4-BD00-46F3-AF92-60EECBFFEB06}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{16CEF735-5B0C-4FA6-A685-AED6243AB0A2}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{D17B833C-663A-4B62-BB8F-8CD8D342CBDB}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{026B18CE-B847-46F9-BB63-E00F8579FB2F}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0

"{39D3D7D6-EE78-4798-B057-4DE8B3D16E6A}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{0AC70683-4233-460D-8BB1-CB04537D7DAC}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{922B1A4F-7397-4039-9045-4FB30649DEF7}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{7279235B-BB2D-40D7-83D6-1AA5AD36DC68}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{098DCA32-D1A7-4936-8C64-40ACA437822D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{8BA9B463-5DC0-4248-9493-AF0CF6E03BF3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 1 (0x1)

R1 c2scsi;c2scsi;C:\Windows\system32\DRIVERS\c2scsi.sys [2007-08-18 252152]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080911.003\IDSvix86.sys [2008-03-20 261680]

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]

R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-01 3894272]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [ ]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]

S2 SessionLauncher;SessionLauncher;C:\Users\Matheus\AppData\Local\Temp\DX9\SessionLauncher.exe [ ]

S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e483931f-15e6-11dd-9296-001a4d5716d2}]

\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

*Newly Created Service* - COMHOST

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

HKU-Default-RunOnce-<NO NAME> - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-16 15:51:43

Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-16 15:53:33

ComboFix-quarantined-files.txt 2008-09-16 18:52:54

ComboFix2.txt 2008-09-16 12:32:36

Pre-Run: 111,661,813,760 bytes disponíveis

Post-Run: 111,633,563,648 bytes disponíveis

269 --- E O F --- 2008-09-15 04:22:18

O novo log do HijackThis é este:

Logfile of HijackThis v1.99.1

Scan saved at 15:57:38, on 16/09/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Exibir Barra de ferramentas do Norton - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sMrhc9f4j0eeeg] C:\Program Files\rhc9f4j0eeeg\rhc9f4j0eeeg.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SessionLauncher - Unknown owner - C:\Users\Matheus\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Muito obrigado por sua atenção ! Aguardo a sua resposta !

[]'s

Editado por mafay

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano, não consegui desativar meu antivirus, mas gerei um log atualizado do Combofix:

ComboFix 08-09-15.02 - Matheus 2008-09-16 16:09:02.4 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1046.18.1256 [GMT -3:00]

Executando de: C:\Users\Matheus\Desktop\ComboFix.exe

Command switches used :: C:\Users\Matheus\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Users\Matheus\AppData\Roaming\rhc9f4j0eeeg

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-16 to 2008-09-16 ))))))))))))))))))))))))))))))))

.

2008-09-16 09:21 . 2008-09-16 09:21 270,682,267 --a------ C:\Windows\MEMORY.DMP

2008-09-16 00:55 . 2008-09-16 15:57 <DIR> d-------- C:\HijackThis

2008-09-16 00:41 . 2008-09-16 15:44 <DIR> d-------- C:\Program Files\rhc9f4j0eeeg

2008-09-15 03:42 . 2008-09-15 23:32 <DIR> d-------- C:\Users\All Users\ajivstil

2008-09-15 03:42 . 2008-09-15 23:32 <DIR> d-------- C:\ProgramData\ajivstil

2008-09-15 03:41 . 2008-09-15 03:41 <DIR> d-------- C:\Program Files\SAV

2008-09-15 03:07 . 2008-04-07 05:38 22,872 -ra------ C:\Windows\System32\AdobePDFUI.dll

2008-09-15 01:33 . 2008-09-15 01:33 244 --ah----- C:\sqmnoopt04.sqm

2008-09-15 01:33 . 2008-09-15 01:33 232 --ah----- C:\sqmdata04.sqm

2008-09-15 01:10 . 2008-09-15 23:06 603,568 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT

2008-09-10 02:42 . 2008-07-30 22:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-10 02:42 . 2008-07-31 00:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-10 02:41 . 2008-08-01 22:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-10 02:41 . 2008-06-26 00:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-10 02:41 . 2008-06-26 00:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-10 02:41 . 2008-05-08 16:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-10 02:41 . 2008-05-19 23:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-10 02:41 . 2008-06-26 00:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-10 02:41 . 2008-08-02 00:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-10 01:15 . 2008-09-10 01:15 <DIR> d----c--- C:\Windows\System32\DRVSTORE

2008-09-10 01:15 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll

2008-09-10 01:15 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Program Files\iTunes

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Program Files\iPod

2008-09-10 01:12 . 2008-09-10 01:12 <DIR> d-------- C:\Program Files\QuickTime

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts

2008-09-05 22:16 . 2008-09-05 22:16 1,900,544 --a------ C:\Windows\System32\usbaaplrc.dll

2008-09-05 22:16 . 2008-09-05 22:16 36,864 --a------ C:\Windows\System32\drivers\usbaapl.sys

2008-09-04 23:03 . 2008-07-19 02:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-09-04 23:03 . 2008-07-19 00:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-09-04 23:03 . 2008-07-19 02:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-09-04 23:03 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-09-04 23:03 . 2008-07-19 00:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-09-04 23:03 . 2008-07-19 02:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-09-04 23:03 . 2008-07-19 02:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-09-04 23:03 . 2008-07-19 02:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-09-04 23:03 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-09-03 22:58 . 2008-09-03 22:58 <DIR> d-------- C:\Users\All Users\Macrovision

2008-09-03 22:58 . 2008-09-03 22:58 <DIR> d-------- C:\ProgramData\Macrovision

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Users\All Users\Macromedia

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Program Files\Macromedia

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared

2008-08-31 21:33 . 2008-07-31 10:40 509,448 --a------ C:\Windows\System32\XAudio2_2.dll

2008-08-31 21:33 . 2008-07-31 10:41 238,088 --a------ C:\Windows\System32\xactengine3_2.dll

2008-08-31 21:33 . 2008-07-31 10:41 68,616 --a------ C:\Windows\System32\XAPOFX1_1.dll

2008-08-31 21:32 . 2008-07-12 08:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll

2008-08-31 21:32 . 2008-07-12 08:18 1,493,528 --a------ C:\Windows\System32\D3DCompiler_39.dll

2008-08-31 21:32 . 2008-07-12 08:18 467,984 --a------ C:\Windows\System32\d3dx10_39.dll

2008-08-31 21:08 . 2008-08-31 21:08 244 --ah----- C:\sqmnoopt03.sqm

2008-08-31 21:08 . 2008-08-31 21:08 232 --ah----- C:\sqmdata03.sqm

2008-08-31 16:32 . 2008-08-31 16:32 <DIR> d-------- C:\Users\All Users\ATI

2008-08-31 16:32 . 2008-08-31 16:32 <DIR> d-------- C:\ProgramData\ATI

2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\Windows\System32\dns-sd.exe

2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\Windows\System32\dnssd.dll

2008-08-24 10:04 . 2008-08-24 10:04 1,409 --a------ C:\Windows\System32\tmp8D3DC.FOT

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-16 19:02 25,245 ----a-w C:\Windows\system32\drivers\stwrte.log

2008-09-16 18:56 --------- d-----w C:\ProgramData\Symantec

2008-09-16 02:10 --------- d-----w C:\Program Files\PicLensIE

2008-09-15 05:36 --------- d-----w C:\Program Files\Soulseek

2008-09-15 05:09 --------- d-----w C:\Users\Matheus\AppData\Roaming\uTorrent

2008-09-15 04:19 --------- d-----w C:\ProgramData\Microsoft Help

2008-09-10 04:13 --------- d-----w C:\Program Files\Bonjour

2008-09-10 04:12 --------- d-----w C:\Program Files\Common Files\Apple

2008-09-04 01:57 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-04 01:57 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-02 12:54 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-09-01 09:45 --------- d-----w C:\Program Files\Maxtor

2008-08-31 19:32 --------- d-----w C:\Program Files\ATI Technologies

2008-08-23 21:17 --------- d-----w C:\ProgramData\Roxio

2008-08-14 15:55 --------- d-----w C:\ProgramData\Soulseek

2008-08-13 20:01 --------- d-----w C:\Program Files\Windows Mail

2008-08-11 14:42 --------- d-----w C:\Program Files\Apple Software Update

2008-08-10 20:38 --------- d-----w C:\Program Files\Winamp

2008-08-10 20:11 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-07 16:09 --------- d-----w C:\Program Files\Google

2008-08-03 02:29 --------- d-----w C:\Program Files\ConvertHelper

2008-08-03 01:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-08-03 00:45 --------- d-----w C:\Users\Matheus\AppData\Roaming\Download Manager

2008-08-01 06:40 3,894,272 ----a-w C:\Windows\system32\drivers\atikmdag.sys

2008-08-01 04:47 425,984 ----a-w C:\Windows\System32\ATIDEMGX.dll

2008-08-01 04:47 327,680 ----a-w C:\Windows\System32\atipdlxx.dll

2008-08-01 04:47 258,048 ----a-w C:\Windows\System32\Oemdspif.dll

2008-08-01 04:47 159,744 ----a-w C:\Windows\System32\atitmmxx.dll

2008-08-01 04:46 43,520 ----a-w C:\Windows\System32\ati2edxx.dll

2008-08-01 04:46 270,336 ----a-w C:\Windows\System32\Ati2evxx.dll

2008-08-01 04:45 700,416 ----a-w C:\Windows\System32\Ati2evxx.exe

2008-08-01 04:37 1,717,248 ----a-w C:\Windows\System32\atidxx32.dll

2008-08-01 04:32 3,823,616 ----a-w C:\Windows\System32\atiumdag.dll

2008-08-01 04:15 4,463,104 ----a-w C:\Windows\System32\atiumdva.dll

2008-08-01 04:10 9,687,040 ----a-w C:\Windows\System32\atioglxx.dll

2008-08-01 04:04 50,688 ----a-w C:\Windows\System32\amdpcom32.dll

2008-08-01 04:03 45,568 ----a-w C:\Windows\System32\atiadlxx.dll

2008-08-01 03:51 53,248 ----a-w C:\Windows\system32\drivers\ati2erec.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-30 20:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-07-30 20:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-07-30 20:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat

2008-07-24 11:42 --------- d-----w C:\Program Files\Java

2008-07-23 16:04 --------- d-----w C:\Users\Matheus\AppData\Roaming\Nik Software

2008-07-22 00:19 --------- d-----w C:\ProgramData\WindowsSearch

2008-07-21 00:24 --------- d-----w C:\ProgramData\NOS

2008-07-21 00:24 --------- d-----w C:\Program Files\NOS

2008-07-20 01:58 --------- d-----w C:\Program Files\Common Files\Adobe AIR

2008-07-20 01:58 --------- d-----w C:\Program Files\Common Files\Adobe

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-07-09 08:05 129,520 ------w C:\Windows\System32\pxafs.dll

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-04-28 14:41 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((( snapshot@2008-09-16_ 9.31.07.80 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-16 12:21:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-09-16 19:03:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-09-16 12:21:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-09-16 19:03:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-09-16 12:24:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-16 19:05:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-16 19:05:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-09-16 12:24:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-16 19:04:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-16 19:04:58 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-09-16 03:59:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-16 18:55:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-09-16 03:59:34 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-16 18:55:21 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-16 03:59:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-16 18:55:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-16 12:25:27 8,800 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2159802879-3563328857-1018818435-1000_UserData.bin

+ 2008-09-16 19:05:21 8,800 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2159802879-3563328857-1018818435-1000_UserData.bin

- 2008-09-16 12:25:26 70,024 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-16 19:05:21 70,134 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-09-16 12:07:52 41,620 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-09-16 19:05:17 41,792 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]

"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]

"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX3000"="C:\Windows\vVX3000.exe" [2007-04-10 709992]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]

"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]

"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]

"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"SMrhc9f4j0eeeg"="C:\Program Files\rhc9f4j0eeeg\rhc9f4j0eeeg.exe" [2008-09-15 831488]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]

C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2159802879-3563328857-1018818435-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{826618AF-05A3-4EB9-BDAF-E1072EFDF5CC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{27FEBE45-007A-44A6-8006-04DDFC21A599}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{AFF59B68-5798-401E-AF8D-A5419AF4758E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{D7A8F939-FF70-4EBF-8158-7BB7869DA278}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{66C7DBB5-0DD1-45CF-972B-8C7A8B0BF1DD}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{C0CAD877-92DB-449E-AD94-01022DE80A03}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{798E16B4-BD00-46F3-AF92-60EECBFFEB06}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{16CEF735-5B0C-4FA6-A685-AED6243AB0A2}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{D17B833C-663A-4B62-BB8F-8CD8D342CBDB}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{026B18CE-B847-46F9-BB63-E00F8579FB2F}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0

"{39D3D7D6-EE78-4798-B057-4DE8B3D16E6A}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{0AC70683-4233-460D-8BB1-CB04537D7DAC}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{922B1A4F-7397-4039-9045-4FB30649DEF7}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{7279235B-BB2D-40D7-83D6-1AA5AD36DC68}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{098DCA32-D1A7-4936-8C64-40ACA437822D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{8BA9B463-5DC0-4248-9493-AF0CF6E03BF3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 1 (0x1)

R1 c2scsi;c2scsi;C:\Windows\system32\DRIVERS\c2scsi.sys [2007-08-18 252152]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080911.003\IDSvix86.sys [2008-03-20 261680]

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]

R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-01 3894272]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [ ]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]

S2 SessionLauncher;SessionLauncher;C:\Users\Matheus\AppData\Local\Temp\DX9\SessionLauncher.exe [ ]

S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e483931f-15e6-11dd-9296-001a4d5716d2}]

\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

*Newly Created Service* - COMHOST

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

HKU-Default-RunOnce-<NO NAME> - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-16 16:11:56

Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-16 16:13:59

ComboFix-quarantined-files.txt 2008-09-16 19:13:04

ComboFix2.txt 2008-09-16 18:53:33

ComboFix3.txt 2008-09-16 12:32:36

Pre-Run: 111,192,170,496 bytes disponíveis

Post-Run: 111,155,318,784 bytes disponíveis

271 --- E O F --- 2008-09-15 04:22:18

E gerei também um relatório atualizado do Hijack This:

Logfile of HijackThis v1.99.1

Scan saved at 16:16:26, on 16/09/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Exibir Barra de ferramentas do Norton - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sMrhc9f4j0eeeg] C:\Program Files\rhc9f4j0eeeg\rhc9f4j0eeeg.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SessionLauncher - Unknown owner - C:\Users\Matheus\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O que devo fazer agora ?

Muito obrigado !

Abraços !

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ainda não consegui tirar o vírus...to pensando em formatar e instalar o Windows de novo...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Obrigado pelo envio. Relaxe, não é necessário formatar por cause deste malware. Embora ele seja meio complicado de remover, ele está identificado e vamos o remover. :)

( 1 ) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

( 2 ) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMrhc9f4j0eeeg"=-
Folder::
C:\Program Files\rhc9f4j0eeeg
C:\Users\All Users\ajivstil
C:\ProgramData\ajivstil
C:\Program Files\SAV

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Anexe esse arquivo C:\ComboFix.txt de acordo com estas instruções.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

( 3 )

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

( 4 )

Na sua próxima resposta, cole:

- Resultado do ComboFix.

- Resultado do Malwarebytes Anti-Malware

- Gere e cole um novo log do HijackThis.

[]'s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Resultado do Combofix:

ComboFix 08-09-16.05 - Matheus 2008-09-17 9:41:44.5 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1046.18.1181 [GMT -3:00]

Executando de: C:\Users\Matheus\Desktop\ComboFix.exe

Command switches used :: C:\Users\Matheus\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Users\Matheus\AppData\Roaming\rhc9f4j0eeeg

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-17 to 2008-09-17 ))))))))))))))))))))))))))))))))

.

2008-09-17 09:32 . 2008-09-17 09:40 <DIR> d-------- C:\32788R22FWJFW

2008-09-16 09:21 . 2008-09-16 09:21 270,682,267 --a------ C:\Windows\MEMORY.DMP

2008-09-16 00:55 . 2008-09-16 16:16 <DIR> d-------- C:\HijackThis

2008-09-16 00:41 . 2008-09-16 15:44 <DIR> d-------- C:\Program Files\rhc9f4j0eeeg

2008-09-15 03:42 . 2008-09-15 23:32 <DIR> d-------- C:\Users\All Users\ajivstil

2008-09-15 03:42 . 2008-09-15 23:32 <DIR> d-------- C:\ProgramData\ajivstil

2008-09-15 03:41 . 2008-09-15 03:41 <DIR> d-------- C:\Program Files\SAV

2008-09-15 03:07 . 2008-04-07 05:38 22,872 -ra------ C:\Windows\System32\AdobePDFUI.dll

2008-09-15 01:33 . 2008-09-15 01:33 244 --ah----- C:\sqmnoopt04.sqm

2008-09-15 01:33 . 2008-09-15 01:33 232 --ah----- C:\sqmdata04.sqm

2008-09-15 01:10 . 2008-09-15 23:06 603,568 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT

2008-09-10 02:42 . 2008-07-30 22:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-10 02:42 . 2008-07-31 00:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-10 02:41 . 2008-08-01 22:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-10 02:41 . 2008-06-26 00:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-10 02:41 . 2008-06-26 00:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-10 02:41 . 2008-05-08 16:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-10 02:41 . 2008-05-19 23:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-10 02:41 . 2008-06-26 00:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-10 02:41 . 2008-08-02 00:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-10 01:15 . 2008-09-10 01:15 <DIR> d----c--- C:\Windows\System32\DRVSTORE

2008-09-10 01:15 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll

2008-09-10 01:15 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Program Files\iTunes

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Program Files\iPod

2008-09-10 01:12 . 2008-09-10 01:12 <DIR> d-------- C:\Program Files\QuickTime

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts

2008-09-05 22:16 . 2008-09-05 22:16 1,900,544 --a------ C:\Windows\System32\usbaaplrc.dll

2008-09-05 22:16 . 2008-09-05 22:16 36,864 --a------ C:\Windows\System32\drivers\usbaapl.sys

2008-09-04 23:03 . 2008-07-19 02:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-09-04 23:03 . 2008-07-19 00:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-09-04 23:03 . 2008-07-19 02:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-09-04 23:03 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-09-04 23:03 . 2008-07-19 00:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-09-04 23:03 . 2008-07-19 02:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-09-04 23:03 . 2008-07-19 02:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-09-04 23:03 . 2008-07-19 02:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-09-04 23:03 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-09-03 22:58 . 2008-09-03 22:58 <DIR> d-------- C:\Users\All Users\Macrovision

2008-09-03 22:58 . 2008-09-03 22:58 <DIR> d-------- C:\ProgramData\Macrovision

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Users\All Users\Macromedia

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Program Files\Macromedia

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared

2008-08-31 21:33 . 2008-07-31 10:40 509,448 --a------ C:\Windows\System32\XAudio2_2.dll

2008-08-31 21:33 . 2008-07-31 10:41 238,088 --a------ C:\Windows\System32\xactengine3_2.dll

2008-08-31 21:33 . 2008-07-31 10:41 68,616 --a------ C:\Windows\System32\XAPOFX1_1.dll

2008-08-31 21:32 . 2008-07-12 08:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll

2008-08-31 21:32 . 2008-07-12 08:18 1,493,528 --a------ C:\Windows\System32\D3DCompiler_39.dll

2008-08-31 21:32 . 2008-07-12 08:18 467,984 --a------ C:\Windows\System32\d3dx10_39.dll

2008-08-31 21:08 . 2008-08-31 21:08 244 --ah----- C:\sqmnoopt03.sqm

2008-08-31 21:08 . 2008-08-31 21:08 232 --ah----- C:\sqmdata03.sqm

2008-08-31 16:32 . 2008-08-31 16:32 <DIR> d-------- C:\Users\All Users\ATI

2008-08-31 16:32 . 2008-08-31 16:32 <DIR> d-------- C:\ProgramData\ATI

2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\Windows\System32\dns-sd.exe

2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\Windows\System32\dnssd.dll

2008-08-24 10:04 . 2008-08-24 10:04 1,409 --a------ C:\Windows\System32\tmp8D3DC.FOT

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-17 12:37 25,806 ----a-w C:\Windows\system32\drivers\stwrte.log

2008-09-17 04:16 --------- d-----w C:\Program Files\Soulseek

2008-09-17 03:04 --------- d-----w C:\ProgramData\Symantec

2008-09-16 02:10 --------- d-----w C:\Program Files\PicLensIE

2008-09-15 05:09 --------- d-----w C:\Users\Matheus\AppData\Roaming\uTorrent

2008-09-15 04:19 --------- d-----w C:\ProgramData\Microsoft Help

2008-09-10 04:13 --------- d-----w C:\Program Files\Bonjour

2008-09-10 04:12 --------- d-----w C:\Program Files\Common Files\Apple

2008-09-04 01:57 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-04 01:57 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-02 12:54 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-09-01 09:45 --------- d-----w C:\Program Files\Maxtor

2008-08-31 19:32 --------- d-----w C:\Program Files\ATI Technologies

2008-08-23 21:17 --------- d-----w C:\ProgramData\Roxio

2008-08-14 15:55 --------- d-----w C:\ProgramData\Soulseek

2008-08-13 20:01 --------- d-----w C:\Program Files\Windows Mail

2008-08-11 14:42 --------- d-----w C:\Program Files\Apple Software Update

2008-08-10 20:38 --------- d-----w C:\Program Files\Winamp

2008-08-10 20:11 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-07 16:09 --------- d-----w C:\Program Files\Google

2008-08-03 02:29 --------- d-----w C:\Program Files\ConvertHelper

2008-08-03 01:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-08-03 00:45 --------- d-----w C:\Users\Matheus\AppData\Roaming\Download Manager

2008-08-01 06:40 3,894,272 ----a-w C:\Windows\system32\drivers\atikmdag.sys

2008-08-01 04:47 425,984 ----a-w C:\Windows\System32\ATIDEMGX.dll

2008-08-01 04:47 327,680 ----a-w C:\Windows\System32\atipdlxx.dll

2008-08-01 04:47 258,048 ----a-w C:\Windows\System32\Oemdspif.dll

2008-08-01 04:47 159,744 ----a-w C:\Windows\System32\atitmmxx.dll

2008-08-01 04:46 43,520 ----a-w C:\Windows\System32\ati2edxx.dll

2008-08-01 04:46 270,336 ----a-w C:\Windows\System32\Ati2evxx.dll

2008-08-01 04:45 700,416 ----a-w C:\Windows\System32\Ati2evxx.exe

2008-08-01 04:37 1,717,248 ----a-w C:\Windows\System32\atidxx32.dll

2008-08-01 04:32 3,823,616 ----a-w C:\Windows\System32\atiumdag.dll

2008-08-01 04:15 4,463,104 ----a-w C:\Windows\System32\atiumdva.dll

2008-08-01 04:10 9,687,040 ----a-w C:\Windows\System32\atioglxx.dll

2008-08-01 04:04 50,688 ----a-w C:\Windows\System32\amdpcom32.dll

2008-08-01 04:03 45,568 ----a-w C:\Windows\System32\atiadlxx.dll

2008-08-01 03:51 53,248 ----a-w C:\Windows\system32\drivers\ati2erec.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-30 20:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-07-30 20:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-07-30 20:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat

2008-07-24 11:42 --------- d-----w C:\Program Files\Java

2008-07-23 16:04 --------- d-----w C:\Users\Matheus\AppData\Roaming\Nik Software

2008-07-22 00:19 --------- d-----w C:\ProgramData\WindowsSearch

2008-07-21 00:24 --------- d-----w C:\ProgramData\NOS

2008-07-21 00:24 --------- d-----w C:\Program Files\NOS

2008-07-20 01:58 --------- d-----w C:\Program Files\Common Files\Adobe AIR

2008-07-20 01:58 --------- d-----w C:\Program Files\Common Files\Adobe

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-07-09 08:05 129,520 ------w C:\Windows\System32\pxafs.dll

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-04-28 14:41 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((( snapshot@2008-09-16_ 9.31.07.80 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-16 12:21:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-09-17 12:37:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-09-16 12:21:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-09-17 12:37:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-09-16 12:24:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-17 12:39:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-17 12:39:39 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-09-16 12:24:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-17 12:39:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-17 12:39:44 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-09-16 03:59:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-17 11:27:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-09-16 03:59:34 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-17 11:27:26 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-16 03:59:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-17 11:27:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-16 12:19:42 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-09-17 12:41:37 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-09-17 12:41:37 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-09-16 12:25:27 8,800 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2159802879-3563328857-1018818435-1000_UserData.bin

+ 2008-09-17 12:40:03 8,824 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2159802879-3563328857-1018818435-1000_UserData.bin

- 2008-09-16 12:25:26 70,024 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-17 12:40:03 70,190 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-09-16 12:07:52 41,620 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-09-17 12:39:58 41,952 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]

"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]

"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX3000"="C:\Windows\vVX3000.exe" [2007-04-10 709992]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]

"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]

"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]

"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"SMrhc9f4j0eeeg"="C:\Program Files\rhc9f4j0eeeg\rhc9f4j0eeeg.exe" [2008-09-15 831488]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]

C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2159802879-3563328857-1018818435-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{826618AF-05A3-4EB9-BDAF-E1072EFDF5CC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{27FEBE45-007A-44A6-8006-04DDFC21A599}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{AFF59B68-5798-401E-AF8D-A5419AF4758E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{D7A8F939-FF70-4EBF-8158-7BB7869DA278}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{66C7DBB5-0DD1-45CF-972B-8C7A8B0BF1DD}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{C0CAD877-92DB-449E-AD94-01022DE80A03}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{798E16B4-BD00-46F3-AF92-60EECBFFEB06}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{16CEF735-5B0C-4FA6-A685-AED6243AB0A2}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{D17B833C-663A-4B62-BB8F-8CD8D342CBDB}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{026B18CE-B847-46F9-BB63-E00F8579FB2F}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0

"{39D3D7D6-EE78-4798-B057-4DE8B3D16E6A}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{0AC70683-4233-460D-8BB1-CB04537D7DAC}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{922B1A4F-7397-4039-9045-4FB30649DEF7}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{7279235B-BB2D-40D7-83D6-1AA5AD36DC68}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{098DCA32-D1A7-4936-8C64-40ACA437822D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{8BA9B463-5DC0-4248-9493-AF0CF6E03BF3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 1 (0x1)

R1 c2scsi;c2scsi;C:\Windows\system32\DRIVERS\c2scsi.sys [2007-08-18 252152]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080913.002\IDSvix86.sys [2008-03-20 261680]

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]

R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-01 3894272]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [ ]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]

S2 SessionLauncher;SessionLauncher;C:\Users\Matheus\AppData\Local\Temp\DX9\SessionLauncher.exe [ ]

S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e483931f-15e6-11dd-9296-001a4d5716d2}]

\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

*Newly Created Service* - COMHOST

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

HKU-Default-RunOnce-<NO NAME> - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-17 09:44:57

Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-17 9:46:54

ComboFix-quarantined-files.txt 2008-09-17 12:46:10

ComboFix2.txt 2008-09-16 19:14:00

ComboFix3.txt 2008-09-16 18:53:33

ComboFix4.txt 2008-09-16 12:32:36

Pre-Run: 116,538,650,624 bytes disponíveis

Post-Run: 116,504,887,296 bytes disponíveis

276 --- E O F --- 2008-09-15 04:22:18

Log do Malwarebytes:

Malwarebytes' Anti-Malware 1.28

Versão do banco de dados: 1163

Windows 6.0.6001 Service Pack 1

17/09/2008 09:57:09

mbam-log-2008-09-17 (09-57-09).txt

Tipo de Verificação: Rápida

Objetos verificados: 51021

Tempo decorrido: 3 minute(s), 16 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 3

Ítens do Registro infectados: 0

Pastas infectadas: 1

Arquivos infectados: 12

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc9f4j0eeeg (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

C:\Program Files\rhc9f4j0eeeg (Rogue.Multiple) -> Quarantined and deleted successfully.

Arquivos infectados:

C:\Program Files\rhc9f4j0eeeg\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhc9f4j0eeeg\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhc9f4j0eeeg\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhc9f4j0eeeg\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhc9f4j0eeeg\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhc9f4j0eeeg\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhc9f4j0eeeg\rhc9f4j0eeeg.exe (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhc9f4j0eeeg\rhc9f4j0eeeg.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhc9f4j0eeeg\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\SAV\sav0.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.

C:\Program Files\SAV\sav1.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.

C:\Program Files\SAV\sav.ooo (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.

Editado por mafay

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Lusitano.Fiz um novo log do Hijack This, mas acho que ainda estou com os vírus, pois eu apago o ícone do Internet Explorer no desktop (o item mesmo, não o atalho) e depois que reinicio ele aparece de novo, como se eu não tivesse apagado. Acho estranho.

De qualquer modo, aqui está o novo log do Hijack This. Veja pra mim se ainda estou com os vírus, por favor:

Logfile of HijackThis v1.99.1

Scan saved at 23:08:36, on 17/09/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

C:\Windows\vVX3000.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\conime.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Exibir Barra de ferramentas do Norton - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SessionLauncher - Unknown owner - C:\Users\Matheus\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Basta clicar duas vezes no ícone para executá-lo ou preciso arrastar algum arquivo para dentro dele de novo ?

Abraços !

Compartilhar este post


Link para o post
Compartilhar em outros sites

Lusitano, cliquei duas vezes e gerei um novo log do Combo Fix. Só tem uma coisa, esqueci de desativar o Norton Antivirus, tem problema ou o log continua valendo ?

Aqui está o log :

ComboFix 08-09-16.05 - Matheus 2008-09-18 16:07:56.6 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1046.18.1109 [GMT -3:00]

Executando de: C:\Users\Matheus\Desktop\ComboFix.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-08-18 to 2008-09-18 ))))))))))))))))))))))))))))))))

.

2008-09-17 09:49 . 2008-09-17 09:49 <DIR> d-------- C:\Users\Matheus\AppData\Roaming\Malwarebytes

2008-09-17 09:49 . 2008-09-17 09:49 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-09-17 09:49 . 2008-09-17 09:49 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-09-17 09:49 . 2008-09-17 09:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-17 09:49 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-09-17 09:49 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-09-16 09:21 . 2008-09-16 09:21 270,682,267 --a------ C:\Windows\MEMORY.DMP

2008-09-16 00:55 . 2008-09-17 23:08 <DIR> d-------- C:\HijackThis

2008-09-15 03:42 . 2008-09-15 23:32 <DIR> d-------- C:\Users\All Users\ajivstil

2008-09-15 03:42 . 2008-09-15 23:32 <DIR> d-------- C:\ProgramData\ajivstil

2008-09-15 03:41 . 2008-09-17 09:57 <DIR> d-------- C:\Program Files\SAV

2008-09-15 03:07 . 2008-04-07 05:38 22,872 -ra------ C:\Windows\System32\AdobePDFUI.dll

2008-09-15 01:33 . 2008-09-15 01:33 244 --ah----- C:\sqmnoopt04.sqm

2008-09-15 01:33 . 2008-09-15 01:33 232 --ah----- C:\sqmdata04.sqm

2008-09-15 01:10 . 2008-09-18 07:35 642,184 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT

2008-09-10 02:42 . 2008-07-30 22:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-10 02:42 . 2008-07-31 00:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-10 02:41 . 2008-08-01 22:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-10 02:41 . 2008-06-26 00:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-10 02:41 . 2008-06-26 00:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-10 02:41 . 2008-05-08 16:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-10 02:41 . 2008-05-19 23:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-10 02:41 . 2008-06-26 00:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-10 02:41 . 2008-08-02 00:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-10 01:15 . 2008-09-10 01:15 <DIR> d----c--- C:\Windows\System32\DRVSTORE

2008-09-10 01:15 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll

2008-09-10 01:15 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Program Files\iTunes

2008-09-10 01:14 . 2008-09-10 01:14 <DIR> d-------- C:\Program Files\iPod

2008-09-10 01:12 . 2008-09-10 01:12 <DIR> d-------- C:\Program Files\QuickTime

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts

2008-09-05 22:16 . 2008-09-05 22:16 1,900,544 --a------ C:\Windows\System32\usbaaplrc.dll

2008-09-05 22:16 . 2008-09-05 22:16 36,864 --a------ C:\Windows\System32\drivers\usbaapl.sys

2008-09-04 23:03 . 2008-07-19 02:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-09-04 23:03 . 2008-07-19 00:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-09-04 23:03 . 2008-07-19 02:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-09-04 23:03 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-09-04 23:03 . 2008-07-19 00:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-09-04 23:03 . 2008-07-19 02:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-09-04 23:03 . 2008-07-19 02:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-09-04 23:03 . 2008-07-19 02:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-09-04 23:03 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-09-03 22:58 . 2008-09-03 22:58 <DIR> d-------- C:\Users\All Users\Macrovision

2008-09-03 22:58 . 2008-09-03 22:58 <DIR> d-------- C:\ProgramData\Macrovision

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Users\All Users\Macromedia

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Program Files\Macromedia

2008-09-03 22:57 . 2008-09-03 22:57 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared

2008-08-31 21:33 . 2008-07-31 10:40 509,448 --a------ C:\Windows\System32\XAudio2_2.dll

2008-08-31 21:33 . 2008-07-31 10:41 238,088 --a------ C:\Windows\System32\xactengine3_2.dll

2008-08-31 21:33 . 2008-07-31 10:41 68,616 --a------ C:\Windows\System32\XAPOFX1_1.dll

2008-08-31 21:32 . 2008-07-12 08:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll

2008-08-31 21:32 . 2008-07-12 08:18 1,493,528 --a------ C:\Windows\System32\D3DCompiler_39.dll

2008-08-31 21:32 . 2008-07-12 08:18 467,984 --a------ C:\Windows\System32\d3dx10_39.dll

2008-08-31 21:08 . 2008-08-31 21:08 244 --ah----- C:\sqmnoopt03.sqm

2008-08-31 21:08 . 2008-08-31 21:08 232 --ah----- C:\sqmdata03.sqm

2008-08-31 16:32 . 2008-08-31 16:32 <DIR> d-------- C:\Users\All Users\ATI

2008-08-31 16:32 . 2008-08-31 16:32 <DIR> d-------- C:\ProgramData\ATI

2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\Windows\System32\dns-sd.exe

2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\Windows\System32\dnssd.dll

2008-08-24 10:04 . 2008-08-24 10:04 1,409 --a------ C:\Windows\System32\tmp8D3DC.FOT

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-18 17:56 --------- d-----w C:\ProgramData\Symantec

2008-09-18 02:20 26,367 ----a-w C:\Windows\system32\drivers\stwrte.log

2008-09-17 04:16 --------- d-----w C:\Program Files\Soulseek

2008-09-16 02:10 --------- d-----w C:\Program Files\PicLensIE

2008-09-15 05:09 --------- d-----w C:\Users\Matheus\AppData\Roaming\uTorrent

2008-09-15 04:19 --------- d-----w C:\ProgramData\Microsoft Help

2008-09-10 04:13 --------- d-----w C:\Program Files\Bonjour

2008-09-10 04:12 --------- d-----w C:\Program Files\Common Files\Apple

2008-09-04 01:57 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-04 01:57 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-02 12:54 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-09-01 09:45 --------- d-----w C:\Program Files\Maxtor

2008-08-31 19:32 --------- d-----w C:\Program Files\ATI Technologies

2008-08-23 21:17 --------- d-----w C:\ProgramData\Roxio

2008-08-14 15:55 --------- d-----w C:\ProgramData\Soulseek

2008-08-13 20:01 --------- d-----w C:\Program Files\Windows Mail

2008-08-11 14:42 --------- d-----w C:\Program Files\Apple Software Update

2008-08-10 20:38 --------- d-----w C:\Program Files\Winamp

2008-08-10 20:11 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-07 16:09 --------- d-----w C:\Program Files\Google

2008-08-03 02:29 --------- d-----w C:\Program Files\ConvertHelper

2008-08-03 01:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-08-03 00:45 --------- d-----w C:\Users\Matheus\AppData\Roaming\Download Manager

2008-08-01 06:40 3,894,272 ----a-w C:\Windows\system32\drivers\atikmdag.sys

2008-08-01 04:47 425,984 ----a-w C:\Windows\System32\ATIDEMGX.dll

2008-08-01 04:47 327,680 ----a-w C:\Windows\System32\atipdlxx.dll

2008-08-01 04:47 258,048 ----a-w C:\Windows\System32\Oemdspif.dll

2008-08-01 04:47 159,744 ----a-w C:\Windows\System32\atitmmxx.dll

2008-08-01 04:46 43,520 ----a-w C:\Windows\System32\ati2edxx.dll

2008-08-01 04:46 270,336 ----a-w C:\Windows\System32\Ati2evxx.dll

2008-08-01 04:45 700,416 ----a-w C:\Windows\System32\Ati2evxx.exe

2008-08-01 04:37 1,717,248 ----a-w C:\Windows\System32\atidxx32.dll

2008-08-01 04:32 3,823,616 ----a-w C:\Windows\System32\atiumdag.dll

2008-08-01 04:15 4,463,104 ----a-w C:\Windows\System32\atiumdva.dll

2008-08-01 04:10 9,687,040 ----a-w C:\Windows\System32\atioglxx.dll

2008-08-01 04:04 50,688 ----a-w C:\Windows\System32\amdpcom32.dll

2008-08-01 04:03 45,568 ----a-w C:\Windows\System32\atiadlxx.dll

2008-08-01 03:51 53,248 ----a-w C:\Windows\system32\drivers\ati2erec.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-30 20:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-07-30 20:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-07-30 20:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat

2008-07-24 11:42 --------- d-----w C:\Program Files\Java

2008-07-23 16:04 --------- d-----w C:\Users\Matheus\AppData\Roaming\Nik Software

2008-07-22 00:19 --------- d-----w C:\ProgramData\WindowsSearch

2008-07-21 00:24 --------- d-----w C:\ProgramData\NOS

2008-07-21 00:24 --------- d-----w C:\Program Files\NOS

2008-07-20 01:58 --------- d-----w C:\Program Files\Common Files\Adobe AIR

2008-07-20 01:58 --------- d-----w C:\Program Files\Common Files\Adobe

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-07-09 08:05 129,520 ------w C:\Windows\System32\pxafs.dll

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-04-28 14:41 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((( snapshot@2008-09-16_ 9.31.07.80 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-16 12:21:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-09-18 02:20:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-09-16 12:21:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-09-18 02:20:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-09-16 12:24:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-18 02:22:40 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-18 02:22:40 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-09-16 12:24:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-18 02:22:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2008-09-16 03:59:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-18 18:49:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-09-16 03:59:34 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-18 18:49:21 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-16 03:59:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-18 18:49:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-16 12:19:42 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-09-17 12:41:37 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-09-17 12:41:37 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-09-16 12:25:27 8,800 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2159802879-3563328857-1018818435-1000_UserData.bin

+ 2008-09-18 02:22:55 8,824 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2159802879-3563328857-1018818435-1000_UserData.bin

- 2008-09-16 12:25:26 70,024 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-18 02:22:55 70,206 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-09-16 12:07:52 41,620 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-09-18 02:22:54 42,036 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 125952]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]

"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]

"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"VX3000"="C:\Windows\vVX3000.exe" [2007-04-10 709992]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]

"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]

"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]

"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]

C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2159802879-3563328857-1018818435-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{826618AF-05A3-4EB9-BDAF-E1072EFDF5CC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{27FEBE45-007A-44A6-8006-04DDFC21A599}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{AFF59B68-5798-401E-AF8D-A5419AF4758E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{D7A8F939-FF70-4EBF-8158-7BB7869DA278}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{66C7DBB5-0DD1-45CF-972B-8C7A8B0BF1DD}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

"{C0CAD877-92DB-449E-AD94-01022DE80A03}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{798E16B4-BD00-46F3-AF92-60EECBFFEB06}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

"{16CEF735-5B0C-4FA6-A685-AED6243AB0A2}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{D17B833C-663A-4B62-BB8F-8CD8D342CBDB}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{026B18CE-B847-46F9-BB63-E00F8579FB2F}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0

"{39D3D7D6-EE78-4798-B057-4DE8B3D16E6A}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{0AC70683-4233-460D-8BB1-CB04537D7DAC}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{922B1A4F-7397-4039-9045-4FB30649DEF7}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{7279235B-BB2D-40D7-83D6-1AA5AD36DC68}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{098DCA32-D1A7-4936-8C64-40ACA437822D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{8BA9B463-5DC0-4248-9493-AF0CF6E03BF3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 1 (0x1)

R1 c2scsi;c2scsi;C:\Windows\system32\DRIVERS\c2scsi.sys [2007-08-18 252152]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080916.005\IDSvix86.sys [2008-09-12 270384]

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]

R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]

R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-01 3894272]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [ ]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]

S2 SessionLauncher;SessionLauncher;C:\Users\Matheus\AppData\Local\Temp\DX9\SessionLauncher.exe [ ]

S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e483931f-15e6-11dd-9296-001a4d5716d2}]

\shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

*Newly Created Service* - COMHOST

.

Conteúdo da pasta 'Tarefas Agendadas'

.

- - - - ORFAOS REMOVIDOS - - - -

HKU-Default-RunOnce-<NO NAME> - (no file)

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Users\Matheus\AppData\Roaming\Mozilla\Firefox\Profiles\5efngm1a.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.terra.com.br/

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll

FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll

FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll

.

.

------- File Associations -------

.

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-18 16:10:33

Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-09-18 16:12:16

ComboFix-quarantined-files.txt 2008-09-18 19:11:53

ComboFix2.txt 2008-09-17 12:46:55

ComboFix3.txt 2008-09-16 19:14:00

ComboFix4.txt 2008-09-16 18:53:33

ComboFix5.txt 2008-09-18 19:07:32

Pre-Run: 113,695,932,416 bytes disponíveis

Post-Run: 113,719,889,920 bytes disponíveis

288 --- E O F --- 2008-09-15 04:22:18

Compartilhar este post


Link para o post
Compartilhar em outros sites

E eu queria saber também porque o ícone (repito, o ícone, NÃO um atalho) do Internet Explorer reaparece no meu Desktop ? Será que é um resquício do vírus ou será que ainda estou com vírus no computador ? Será que é uma espécie de Internet Explorer que o vírus criou no Desktop ? Eu sempre apago o ícone, mas quando reinicio a máquina, ele reaparece.

Preciso saber, caso contrário, vou comprar o Windows original no sábado e formatar a partição C.

Abraços e grato pela ajuda !

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Isso do icone do IE não tem a ver com o virus. Porque você quer apagar o IE?

Faça o download de OTMoveIt2 by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique em OTMoveIt2.exe, para rodar a ferramenta.
  • Agora selecione a lista em azul negrito abaixo e clique em Editar > Copiar (ou pressione CTRL+C).


  • C:\Users\All Users\ajivstil
    C:\ProgramData\ajivstil
    C:\Program Files\SAV

  • Volte ao OTMoveIt2, clique direito do mouse em "Paste List of Files/Folders to be moved" e escolha Colar.
  • Clique no botão 87aqpe8.gif
  • Se possível, copie todo o conteúdo da janela dos resultados que está debaixo da janela da barra verde (Após ter selecionado todo o conteúdo copie (CTRL + C), ou clique direito do mouse e escolha copiar), e cole (CTRL + V) num novo documento do bloco de notas. Salve esse documento do bloco de notas no seu desktop e cole o conteúdo na sua póxima resposta.
  • Feche o OTMoveIt2.

Nota: Se um arquivo ou pasta não poderem ser movidos imediatamente, ser-lhe-à pedido para reiniciar o PC para que o processo seja terminado. Se assim for, por favor escolha Yes.

O log também pode ser encontrado em C:\_OTMoveIt\MovedFiles\********_******.log (onde "********_******" é "data_hora")

Na sua próxima resposta, gere e cole um novo log do HijackThis e junte o resultado do OTMoveIt.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Lusitano, aqui estão os novos logs do Hijack This e do OTMoveIt2 :

Logfile of HijackThis v1.99.1

Scan saved at 15:49:14, on 19/09/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

C:\Windows\vVX3000.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\conime.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Exibir Barra de ferramentas do Norton - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SessionLauncher - Unknown owner - C:\Users\Matheus\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

C:\Users\All Users\ajivstil moved successfully.

File/Folder C:\ProgramData\ajivstil not found.

C:\Program Files\SAV moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09192008_154617

E aí, agora tá tudo bem ? O que preciso fazer mais ?

Ele não achou o diretório "C:\ProgramData", será que o nome tá errado ? Será que é "C:\Program Data", com espaço ? O que eu faço ?

Muito obrigado por sua atenção !

Abraços !

P.S.: Só me explica uma coisa, o que é este ajivstil ? E o SAV ? Isto interfere no Norton Antivirus ?

Editado por mafay

Compartilhar este post


Link para o post
Compartilhar em outros sites
Ele não achou o diretório "C:\ProgramData", será que o nome tá errado ? Será que é "C:\Program Data", com espaço ? O que eu faço ?

Se não achou é porque já não deve existir.

P.S.: Só me explica uma coisa, o que é este ajivstil ? E o SAV ? Isto interfere no Norton Antivirus ?

Seu computador estava infectado pelo malware vundo que é um malware que utiliza técnicas sofisticadas e é um pouco mais complicado e trabalhoso de remover. O ajivstil é randômico e foi criado pelo malware.

O SAV é criado pelo System Antivirus 2008 que é um rogue anti-spyware, um falso anti-spyware.

O seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

  • Duplo-clique em OTMoveIt.exe
  • Clique no botão 8gehxg0.gif
  • o OTMoveIt irá agora fazer o download duma lista, caso a sua firewall ou outro programa defensivo o alerte disso, permita o acesso.
  • Receberá a pergunta para o processo de limpeza ser iniciado, clique Yes
  • Quando terminar, saia do OTMoveIt
  • Agora elimine o OTMoveIt.exe
  • Elmine também a pasta C:\_OTMoveIt

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito obrigado, Lusitano !

Só umas últimas dúvidas:

Posso desinstalar o Malware Bytes Anti-Malware ? É recomendável ?

No meu diretório raiz, C, estão as seguintes pastas e arquivos:

C:\Arquivos de Programas

C:\ATI

C:\Hijack This

C:\Intel

C:\PerfLogs

C:\RaidTool

C:\Usuários

C:\Windows

e os arquivos:

BOOTSECT.BAK

csb.log

hpfr3600.log

RHDSetup.log

Devo apagar algum destes ?

Muito obrigado por sua ajuda ! De verdade !!! :)

Um grande abraço !!!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Posso desinstalar o Malware Bytes Anti-Malware ? É recomendável ?

Pode desinstalar sem problemas :)

No meu diretório raiz, C, estão as seguintes pastas e arquivos:

C:\Arquivos de Programas

C:\ATI

C:\Hijack This

C:\Intel

C:\PerfLogs

C:\RaidTool

C:\Usuários

C:\Windows

e os arquivos:

BOOTSECT.BAK

csb.log

hpfr3600.log

RHDSetup.log

Devo apagar algum destes ?

Apenas a pasta C:\Hijack This deverá ser apagada, tudo o resto não apague.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Onde será que eu consigo o serial do Adobe Acrobat 9 Pro ? :unsure:

Muito obrigado, Lusitano !!! Tudo resolvido ! :)

Obrigado mesmo !!!

Um grande abraço !!!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×