Ir ao conteúdo
  • Cadastre-se
Zero_Ball

ANALIZE LOG HijackThis

Recommended Posts

Boa tarde pessoal, sou novo aqui no Clube do Hardware!

Acho bastante interessante essa troca de informções e conhecimento, muito bom mesmo, hoje peço ajuda mas quando puder ajudar tambem estou a disposição!

ENTÃO, estou com um problema, sempre que logo qualquer conta do msn no meu computador ele abre ja de cara 2 vezes esse link

(NÃO CLIQUEM NÃO, É SOB POR EFEITO DE INFORMAÇÃO)

h**p://ad.yieldmanager.com/rw?title=PKR%2Ecom%20%2D%20The%20Ultimate%20in%20Online%20Poker&qs=iframe3%3FhBcAAO00AACqAwcA5wIBAAIAAAAAAP8AAAAEDwICAAJXRgAAATEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgw5313Mg%2EAOAhyWmL0j8AkHgDIrjUPwAg4%2Ela6N4%2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIx7FWXrUWgX0uARsIRBwhv3ff22dlkLtqzvXMwAAAAA%3D%2C%2Chttp%3A%2F%2Fcdn%2Efanatic%2Enet%2Enz%2Fpop%2Ehtml

e ele fica abrindo toda hora quando clico para iniciar uma conversa com algum contato!

estou mandando um log do HJTInstall para analise, espero com isso encontrar alguma ferramente que me ajude a eliminar essa praga virtual, hehehe :eek:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:17:50, on 04/11/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe

C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe

C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe

C:\Windows\SYSTEM32\taskeng.exea

C:\Windows\System32\rundll32.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gruposkynet.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Security Suite 2007\PasswordManagerBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (file missing)

O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Windows\Downloaded Program Files\CONFLICT.6\gbiehscd.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sSS2007 File Redirection Starter] "C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe"

O4 - HKLM\..\Run: [sSS2007 HotKeys] "C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe"

O4 - HKLM\..\Run: [sSS2007 PasswordManagerFFAutoFill] "C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [VimicroMonitorSnapshotVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: SpyCatcher.lnk = C:\Program Files\Tenebril\SpyCatcher\SpyCatcher.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O13 - Gopher Prefix:

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399011} (GbPluginObj Class) - https://si-plg.sicredi.com.br/Cab/GbPluginScd.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O20 - AppInit_DLLs: secuload.dll

O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Protector - Tenebril Inc. - C:\Program Files\Tenebril\SpyCatcher\ProtectorSvc.exe

O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--

End of file - 9751 bytes

AGRADEÇO DESDE já - ABRAÇOS A TODOS

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como sugerido pelo amigo Lusitano, rodei o programa ComboFix, alias ja tinha feito isso mesmo antes de postar no forum, só rodei novamente porque não tinha mais o LOG,

Obs: Meu Sistema Operacional atualmente é Windows Vista™ Ultimate

PROBLEMA AINDA CONTINUA - LOGO ABAIXO LOG DO ComboFix

AGRADEÇO ALGUMA SUGESTÃO!

ComboFix 08-11-05.02 - MarloN 2008-11-06 11:55:15.4 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.920 [GMT -2:00]

Executando de: c:\users\MarloN\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_GbpSv

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-06 to 2008-11-06 ))))))))))))))))))))))))))))

.

2008-11-04 17:16 . 2008-11-04 17:16 <DIR> d-------- c:\program files\Trend Micro

2008-11-04 16:38 . 2008-11-04 16:38 <DIR> d-------- c:\windows\System32\SpycatcherAgentSetupTemp

2008-11-04 16:37 . 2008-11-04 16:37 <DIR> d-------- c:\windows\Downloaded Installations

2008-11-03 11:29 . 2008-11-03 11:29 548 --a------ c:\windows\wininit.ini

2008-11-03 10:41 . 2008-11-03 10:41 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)

2008-11-03 10:41 . 2008-11-03 10:41 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)

2008-11-03 10:33 . 2008-11-04 09:21 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy

2008-11-03 10:33 . 2008-11-04 09:21 <DIR> d-------- c:\programdata\Spybot - Search & Destroy

2008-11-03 10:33 . 2008-11-05 08:56 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-11-03 01:32 . 2008-11-03 01:33 <DIR> d-------- C:\MSNCleaner

2008-11-03 01:14 . 2008-11-04 16:33 <DIR> d-------- C:\LinhaDefensiva

2008-11-02 01:10 . 2008-11-02 01:10 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com

2008-11-02 01:10 . 2008-11-02 01:10 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com

2008-11-02 01:09 . 2008-11-02 23:26 <DIR> d-------- c:\users\MarloN\AppData\Roaming\SUPERAntiSpyware.com

2008-11-02 01:09 . 2008-11-02 23:26 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-10-30 18:59 . 2008-10-30 18:59 <DIR> d-------- c:\users\All Users\sentinel

2008-10-30 18:59 . 2008-10-30 18:59 <DIR> d-------- c:\programdata\sentinel

2008-10-30 15:41 . 2008-10-30 15:41 <DIR> d-------- c:\program files\Panda Security

2008-10-29 18:10 . 1997-03-20 21:01 101,376 --a------ c:\windows\extract.exe

2008-10-29 18:10 . 1997-03-20 21:01 65,536 --a------ c:\windows\CABINET.DLL

2008-10-28 13:53 . 2008-11-04 16:36 <DIR> d-------- C:\Sansoft

2008-10-28 13:53 . 2008-10-28 13:53 290,816 --a------ c:\windows\Setup1.exe

2008-10-28 13:53 . 2008-10-28 13:53 73,216 --a------ c:\windows\ST6UNST.EXE

2008-10-25 10:31 . 2008-10-25 10:31 2,516 --ahs---- c:\users\All Users\KGyGaAvL.sys

2008-10-25 10:31 . 2008-10-25 10:31 2,516 --ahs---- c:\programdata\KGyGaAvL.sys

2008-10-25 10:31 . 2008-10-25 10:31 8 -rahs---- c:\users\All Users\8CA1E24300.sys

2008-10-25 10:31 . 2008-10-25 10:31 8 -rahs---- c:\programdata\8CA1E24300.sys

2008-10-25 10:28 . 2008-10-25 10:39 <DIR> d-------- c:\users\All Users\Corel

2008-10-25 10:28 . 2008-10-25 10:39 <DIR> d-------- c:\programdata\Corel

2008-10-24 09:55 . 2008-10-24 09:55 <DIR> d-------- c:\program files\Java

2008-10-24 09:55 . 2008-10-24 09:55 410,976 --a------ c:\windows\System32\deploytk.dll

2008-10-23 18:10 . 2008-10-30 09:25 <DIR> d-------- c:\program files\mobile PhoneTools

2008-10-20 09:39 . 2008-10-16 20:35 87,352 --a------ c:\windows\System32\LMIinit.dll

2008-10-19 00:40 . 2008-10-19 00:47 <DIR> d--h----- c:\users\TEMP\AppData

2008-10-19 00:40 . 2008-10-19 00:47 <DIR> d-------- c:\users\TEMP

2008-10-14 22:48 . 2008-10-14 22:49 13,030 --a------ C:\PDOXUSRS.NET

2008-10-08 11:59 . 2008-10-08 11:59 <DIR> d--h----- c:\windows\msdownld.tmp

2008-10-08 11:56 . 2008-10-08 11:56 <DIR> d-------- c:\windows\System32\URTTEMP

2008-10-06 19:26 . 2008-10-06 19:42 18,931,940,352 --a------ C:\Gerson.tib

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-06 05:35 --------- d-----w c:\program files\LogMeIn

2008-11-04 15:44 --------- d-----w c:\program files\Ufasoft

2008-11-03 14:44 --------- d-----w c:\users\MarloN\AppData\Roaming\ClonySoft

2008-11-03 13:31 --------- d-----w c:\programdata\GbPlugin

2008-11-03 13:31 --------- d-----w c:\program files\GbPlugin

2008-11-02 05:29 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-30 11:25 --------- d-----w c:\programdata\Avanquest Bluetooth SDK

2008-10-30 11:25 --------- d-----w c:\program files\Corel

2008-10-30 11:03 --------- d-----w c:\program files\Easy Video Downloader

2008-10-25 12:40 --------- d-----w c:\users\MarloN\AppData\Roaming\Corel

2008-10-23 20:12 --------- d-----w c:\programdata\BVRP Software

2008-10-19 02:50 --------- d-----w c:\program files\Windows Mail

2008-10-19 02:30 --------- d-----w c:\programdata\NVIDIA

2008-10-04 19:53 --------- d-----w c:\program files\Vimicro Corporation

2008-09-22 21:11 --------- d-----w c:\program files\CACE Technologies

2008-09-20 14:08 53,312 ----a-w c:\windows\system32\drivers\pssdklbf.sys

2008-09-20 14:08 36,928 ----a-w c:\windows\system32\drivers\pssdk41.sys

2008-09-11 18:22 --------- d-----w c:\program files\AutoGK

2008-09-11 18:21 --------- d-----w c:\program files\Gabest

2008-09-11 18:21 --------- d-----w c:\program files\AviSynth 2.5

2008-09-11 14:11 --------- d-----w c:\program files\Pegasys Inc

2008-09-10 18:39 --------- d-----w c:\users\MarloN\AppData\Roaming\Pegasys Inc

2008-09-10 18:33 33,408 ----a-w c:\windows\system32\drivers\CDRBSDRV.SYS

2008-09-10 17:24 --------- d-----w c:\users\MarloN\AppData\Roaming\Vso

2008-09-10 17:16 --------- d-----w c:\program files\WinAVI Video Converter

2008-09-10 17:16 --------- d-----w c:\program files\Winamp

2008-09-10 11:53 --------- d-----w c:\program files\PeerCast

2008-09-01 22:00 174 --sha-w c:\program files\desktop.ini

2008-08-06 12:08 796,672 ----a-w c:\windows\GPInstall.exe

2008-07-28 20:35 47,360 ----a-w c:\users\MarloN\AppData\Roaming\pcouffin.sys

1999-04-01 15:53 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL

1998-12-09 01:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL

1998-12-09 01:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL

1998-12-09 01:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL

1998-12-09 01:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL

1998-12-09 01:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL

2008-06-21 03:36 56 --sha-r c:\windows\System32\E70F124548.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-12-16 1232896]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"SSS2007 File Redirection Starter"="c:\program files\Steganos Security Suite 2007\fredirstarter.exe" [2007-05-15 53248]

"SSS2007 HotKeys"="c:\program files\Steganos Security Suite 2007\SteganosHotKeyService.exe" [2007-05-21 25088]

"SSS2007 PasswordManagerFFAutoFill"="c:\program files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe" [2007-05-21 21504]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-11 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-11 8530464]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-11 81920]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

"VimicroMonitorSnapshotVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2007-04-13 114688]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-24 136600]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399011}"= "c:\windows\Downloaded Program Files\CONFLICT.6\gbiehscd.dll" [2008-09-22 370112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=secuload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSISERVER]

@="SERVICE"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SpyCatcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SpyCatcher.lnk

backup=c:\windows\pss\SpyCatcher.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

--a------ 2007-10-30 21:07 140568 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]

--a------ 2007-10-30 21:11 909208 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckUpdateGuiaSchnell]

--a------ 2007-03-02 18:04 163328 c:\program files\Schnell\Guia Schnell\checkupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSMS]

--a------ 2007-08-28 17:01 1067520 c:\program files\CoolSMS\CoolSMS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2008-02-28 19:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 17:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 23:55 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2002-04-11 08:36 1458448 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2008-06-05 18:25 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2008-02-18 18:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-12-11 07:06 8530464 c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-12-11 07:06 81920 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]

--a------ 2007-12-11 07:06 86016 c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2006-12-06 19:37 69216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

--a------ 2007-10-30 21:06 2595616 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-989514560-615330407-3225352627-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{0994BDC0-8C7C-46D9-ACFE-6EEBBE01A86D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"UDP Query User{1495BA58-DC81-4FD3-A781-0C2FBBB5D037}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{9C3FE057-53E9-430A-8D57-57FCFB34B61B}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{A5E8B3D6-2B62-46BD-80FE-6F83C95FFB74}c:\\users\\marlon\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:c:\users\marlon\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe

"TCP Query User{5D7DAEBD-331D-47BC-82BD-D849E0A8903E}c:\\users\\marlon\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:c:\users\marlon\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe

"UDP Query User{F1A75007-88D3-454A-AC80-0D092BF37E64}c:\\users\\marlon\\appdata\\local\\temp\\rar$ex00.357\\upg-pap2t-5-1-3-ls.exe"= TCP:c:\users\marlon\appdata\local\temp\rar$ex00.357\upg-pap2t-5-1-3-ls.exe:upg-pap2t-5-1-3-ls.exe

"TCP Query User{CCD8BF26-6A6E-4B15-A247-A65D4005F344}c:\\users\\marlon\\appdata\\local\\temp\\rar$ex00.357\\upg-pap2t-5-1-3-ls.exe"= UDP:c:\users\marlon\appdata\local\temp\rar$ex00.357\upg-pap2t-5-1-3-ls.exe:upg-pap2t-5-1-3-ls.exe

"UDP Query User{30CB0BC6-5F8D-4FF7-B59A-A9AE8E3F1403}c:\\users\\marlon\\desktop\\upg-pap2t-5-1-3-ls.exe"= TCP:c:\users\marlon\desktop\upg-pap2t-5-1-3-ls.exe:upg-pap2t-5-1-3-ls.exe

"TCP Query User{418DFC24-5DA4-4613-96A7-981EA4E70D9C}c:\\users\\marlon\\desktop\\upg-pap2t-5-1-3-ls.exe"= UDP:c:\users\marlon\desktop\upg-pap2t-5-1-3-ls.exe:upg-pap2t-5-1-3-ls.exe

"UDP Query User{82AC860D-DF26-4513-BEAE-9527686803F8}c:\\users\\marlon\\appdata\\local\\temp\\rar$ex00.810\\upg-pap2t-5-1-3-ls.exe"= TCP:c:\users\marlon\appdata\local\temp\rar$ex00.810\upg-pap2t-5-1-3-ls.exe:upg-pap2t-5-1-3-ls.exe

"TCP Query User{03DC5DFA-5D25-4573-953C-A00515CAAF18}c:\\users\\marlon\\appdata\\local\\temp\\rar$ex00.810\\upg-pap2t-5-1-3-ls.exe"= UDP:c:\users\marlon\appdata\local\temp\rar$ex00.810\upg-pap2t-5-1-3-ls.exe:upg-pap2t-5-1-3-ls.exe

"UDP Query User{D74F9612-9FC3-461D-A642-9BC977FB1478}e:\\gamin'g\\counter-strike source\\hl2.exe"= TCP:e:\gamin'g\counter-strike source\hl2.exe:hl2

"TCP Query User{268788CD-994E-40EA-B29D-DE4B425E15EF}e:\\gamin'g\\counter-strike source\\hl2.exe"= UDP:e:\gamin'g\counter-strike source\hl2.exe:hl2

"UDP Query User{4219B306-6FF1-4DA8-9991-788DEBD9938A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{47166FB8-A26C-482F-BE2F-B08513F2A78A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{88CF347B-EEB8-40C4-9F96-05ABABEF297D}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{E141CCBD-AAE2-4636-84B4-66AFA0387F6C}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{E3AD2C79-1AB8-4001-BAF6-7CE6469D8ABF}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever

"TCP Query User{63C97EC7-E575-40F8-9C22-08AC54A53F4E}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{3198DA6B-15AD-421E-99EC-6913B571840C}e:\\gamin'g\\flatout 2\\flatout2.exe"= TCP:e:\gamin'g\flatout 2\flatout2.exe:FlatOut2

"TCP Query User{28582B68-5F8C-4C8F-8D30-ABB159C7EE40}e:\\gamin'g\\flatout 2\\flatout2.exe"= UDP:e:\gamin'g\flatout 2\flatout2.exe:FlatOut2

"UDP Query User{86F58EC6-10F2-4145-B73E-4AD958443CBC}c:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:c:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited

"TCP Query User{CE37A768-0042-4BF2-BC01-EFFC3DBAAD3E}c:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:c:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited

"UDP Query User{26BB9333-E3F1-4915-9797-274C817BA3C0}c:\\users\\marlon\\appdata\\local\\virtualstore\\program files\\ongame\\metin2\\metin2.bin"= TCP:c:\users\marlon\appdata\local\virtualstore\program files\ongame\metin2\metin2.bin:metin2.bin

"TCP Query User{14B1F46E-592D-41AC-8C37-3E6A6C66AEB3}c:\\users\\marlon\\appdata\\local\\virtualstore\\program files\\ongame\\metin2\\metin2.bin"= UDP:c:\users\marlon\appdata\local\virtualstore\program files\ongame\metin2\metin2.bin:metin2.bin

"UDP Query User{A7A70E8E-FBE0-4C81-A1AA-515DCFE6746C}e:\\gamin'g\\flatout 2\\flatout2.exe"= TCP:e:\gamin'g\flatout 2\flatout2.exe:FlatOut2

"TCP Query User{5D88888C-DF82-454F-B742-531A89AD65F4}e:\\gamin'g\\flatout 2\\flatout2.exe"= UDP:e:\gamin'g\flatout 2\flatout2.exe:FlatOut2

"UDP Query User{BA13E3ED-C0FE-466C-8AC3-52DF0DC84195}c:\\program files\\schnell\\guia schnell\\update.exe"= TCP:c:\program files\schnell\guia schnell\update.exe:Atualizador do Guia Schnell

"TCP Query User{0417B095-0620-422A-90E7-7BA10E2C5704}c:\\program files\\schnell\\guia schnell\\update.exe"= UDP:c:\program files\schnell\guia schnell\update.exe:Atualizador do Guia Schnell

"UDP Query User{18EFF00E-8F9B-4A84-9675-057085E28C79}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"TCP Query User{360E68BD-FBE8-4219-9E05-ACFE59F22F36}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"{6F9F107D-EE4D-488D-A8E5-3EB1D4A17A13}"= TCP:c:\program files\RealVNC\VNC4\winvnc4.exe:VNC Server

"{C839BEDC-D23B-4B57-AB64-BC163B44378F}"= UDP:c:\program files\RealVNC\VNC4\winvnc4.exe:VNC Server

"UDP Query User{299A6A10-5929-4CA7-8C8D-E06D10D63138}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"TCP Query User{B9AC7F68-BC05-4F3A-A606-051072BE2B26}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"{52676E37-1207-4984-9A65-515B0F9B6918}"= TCP:c:\vitesoft\Admin\VSCyberAdmin.exe:VSCyberAdmin

"{D19C1C2C-8CB4-4E24-8948-82CEDD1C4061}"= UDP:c:\vitesoft\Admin\VSCyberAdmin.exe:VSCyberAdmin

"{2FF6B427-0563-42D7-8D13-894FDC436DE9}"= UDP:3050:Firebird

"{273EB409-BA77-44E0-8A5F-0C26E23A7210}"= UDP:1155:VSCyber

"UDP Query User{45FEF9F3-0D77-4212-979B-BEA956BDEAF2}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent

"TCP Query User{2C33C628-19CE-4DDF-A699-556621D21FC6}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent

"{2CBC15A3-0443-419F-8EEF-D9B4DB3A8ABD}"= TCP:c:\program files\DNA\btdna.exe:DNA

"{75713042-04A8-48CE-888F-752A680D9C4A}"= UDP:c:\program files\DNA\btdna.exe:DNA

"UDP Query User{9DAFEF29-1FE8-4D26-A6E3-EA351A8F5FE9}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows

"TCP Query User{E7380FB2-4A66-4AB0-B8D8-BDA19B3C258C}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows

"UDP Query User{7EE7CE77-DA5D-4816-AC75-8C118A6469E5}e:\\gamin'g\\counter-strike source\\hl2.exe"= TCP:e:\gamin'g\counter-strike source\hl2.exe:hl2

"TCP Query User{1ABA92E1-AE31-4D44-B73C-0776A1EB745A}e:\\gamin'g\\counter-strike source\\hl2.exe"= UDP:e:\gamin'g\counter-strike source\hl2.exe:hl2

"UDP Query User{157BE5AC-84FA-4288-9AC1-834273F9B74D}c:\\users\\marlon\\desktop\\update.exe"= TCP:c:\users\marlon\desktop\update.exe:update.exe

"TCP Query User{EA8AD41C-1F95-43D2-9767-CA0A737140EE}c:\\users\\marlon\\desktop\\update.exe"= UDP:c:\users\marlon\desktop\update.exe:update.exe

"UDP Query User{9AC3FA9B-025C-4A6B-BE68-9994F79860E3}c:\\program files\\schnell\\guia schnell\\update.exe"= TCP:c:\program files\schnell\guia schnell\update.exe:Atualizador do Guia Schnell

"TCP Query User{472E0D8A-F2B6-4E15-BD9F-8E5F04069839}c:\\program files\\schnell\\guia schnell\\update.exe"= UDP:c:\program files\schnell\guia schnell\update.exe:Atualizador do Guia Schnell

"UDP Query User{A0BA5791-2A70-4DC8-9C6D-0DA12ABB6237}c:\\cs1.6 pod-bot\\hl.exe"= TCP:c:\cs1.6 pod-bot\hl.exe:Half-Life Launcher

"TCP Query User{4F8D34C2-E415-4CB2-B6E6-BD870A324EF0}c:\\cs1.6 pod-bot\\hl.exe"= UDP:c:\cs1.6 pod-bot\hl.exe:Half-Life Launcher

"{2B68DE20-F437-49CA-8CE4-BAC52C19FEA9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{FC017C0C-B4B7-405C-845B-74FCEFF454DF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{3E5A3691-89D6-4D58-A410-C85005A7D79A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{2ADC86A8-69DF-46F7-ADBF-460E636A450B}c:\\program files\\peercast\\peercast.exe"= UDP:c:\program files\peercast\peercast.exe:PeerCast

"UDP Query User{65850806-9D30-4BF0-A90E-C0F2BAB08E1C}c:\\program files\\peercast\\peercast.exe"= TCP:c:\program files\peercast\peercast.exe:PeerCast

"TCP Query User{18EFBA57-918C-4FAA-97A6-92928BBC3CD4}c:\\program files\\winamp\\winamp.exe"= UDP:c:\program files\winamp\winamp.exe:Winamp

"UDP Query User{2FB5BAE6-E16A-4C02-81DF-A7EB8A273941}c:\\program files\\winamp\\winamp.exe"= TCP:c:\program files\winamp\winamp.exe:Winamp

"TCP Query User{095B4475-F3A9-4B5B-AF46-3A3A7BBDDC9D}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"UDP Query User{0D813C91-DD0A-4951-985D-B26EA41C247C}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"TCP Query User{170B3985-0CE4-483D-AA7D-50CCE4DAAA40}c:\\users\\marlon\\desktop\\file_117.exe"= UDP:c:\users\marlon\desktop\file_117.exe:file_117.exe

"UDP Query User{F7D7D550-71E5-42D2-B763-58FABD68C06D}c:\\users\\marlon\\desktop\\file_117.exe"= TCP:c:\users\marlon\desktop\file_117.exe:file_117.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R0 tdrpman;Acronis Try&Decide and Restore Points filter;c:\windows\system32\DRIVERS\tdrpman.sys [2008-06-23 368544]

R1 SLEE_15_DRIVER;Steganos Live Encryption Engine 15 [Driver];c:\windows\system32\drivers\Sleen15.sys [2007-02-21 09:33 80232]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51 13560]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [2007-12-12 65536]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640]

R2 TryAndDecideService;Acronis Try And Decide Service;c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 492720]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [2007-12-12 1531989]

R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2007-09-29 249984]

R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2007-06-13 476032]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2008-08-29 240128]

S3 glauiad;D-Link DSL-502G Router;c:\windows\system32\DRIVERS\glauiad.sys [2004-04-11 29074]

S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-05-11 329728]

S3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2008-09-20 36928]

S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\Drivers\pssdklbf.sys [2008-09-20 53312]

S3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-03-13 216064]

S3 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-03-09 15360]

Start Pending2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0139dd47-913d-11dd-8e9e-000272b00026}]

\shell\AutoRun\command - I:\kn6jhgc.cmd

\shell\explore\Command - I:\kn6jhgc.cmd

\shell\open\Command - I:\kn6jhgc.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5deac7b9-8ee6-11dd-ad43-000272b00026}]

\shell\AutoRun\command - I:\1rfw8hjr.com

\shell\explore\Command - I:\1rfw8hjr.com

\shell\open\Command - I:\1rfw8hjr.com

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-06-25 c:\windows\Tasks\RtlVistaStart.job

- c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-03-13 12:16]

2008-08-30 c:\windows\Tasks\Update for Windows Vista (KB940510).job

- c:\windows\system32\wgaer_m.exe [2008-04-18 21:06]

2008-06-03 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

.

.

------- Scan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.gruposkynet.com.br/

O8 -: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

O8 -: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

O8 -: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 -: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

O8 -: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

O8 -: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

c:\windows\Downloaded Program Files\gbpdist.inf

c:\windows\Downloaded Program Files\gbpdist.dll

O16 -: {E37CB5F0-51F5-4395-A808-5FA49E399011} - hxxps://si-plg.sicredi.com.br/Cab/GbPluginScd.cab

c:\windows\Downloaded Program Files\CONFLICT.6\GbPluginScd.inf

c:\windows\Downloaded Program Files\CONFLICT.6\gbiehscd.dll

c:\windows\Downloaded Program Files\CONFLICT.6\scd.gpc

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-06 12:02:41

Windows 6.0.6000 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\LogMeIn\x86\ramaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\LogMeIn\x86\LMIGuardian.exe

c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\System32\IoctlSvc.exe

c:\windows\System32\SatSrv.exe

c:\program files\RealVNC\VNC4\winvnc4.exe

c:\program files\RealVNC\VNC4\winvnc4.exe

c:\program files\LogMeIn\x86\LMIGuardian.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\wbem\WMIADAP.exe

c:\windows\System32\LogonUI.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-06 12:08:19 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-11-06 14:08:01

Pré-execução: 205.885.722.624 bytes disponíveis

Pós execução: 206,250,446,848 bytes disponíveis

326 --- E O F --- 2008-09-05 12:27:24

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue abaixo o LOG do Malwarebytes' Anti-Malware - Que mandou para quarentena dois itens da Chaves do Registro e tambem um LOG do HijackThis agora após a remoção!

______________________________________________________________

LOG do Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1370

Windows 6.0.6000

06/11/2008 15:22:18

mbam-log-2008-11-06 (15-22-12).txt

Tipo de Verificação: Rápida

Objetos verificados: 46922

Tempo decorrido: 2 minute(s), 22 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

______________________________________________________________

LOG do HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:17:50, on 04/11/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe

C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe

C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gruposkynet.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Security Suite 2007\PasswordManagerBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (file missing)

O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Windows\Downloaded Program Files\CONFLICT.6\gbiehscd.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sSS2007 File Redirection Starter] "C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe"

O4 - HKLM\..\Run: [sSS2007 HotKeys] "C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe"

O4 - HKLM\..\Run: [sSS2007 PasswordManagerFFAutoFill] "C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [VimicroMonitorSnapshotVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: SpyCatcher.lnk = C:\Program Files\Tenebril\SpyCatcher\SpyCatcher.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O13 - Gopher Prefix:

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399011} (GbPluginObj Class) - https://si-plg.sicredi.com.br/Cab/GbPluginScd.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O20 - AppInit_DLLs: secuload.dll

O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Protector - Tenebril Inc. - C:\Program Files\Tenebril\SpyCatcher\ProtectorSvc.exe

O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--

End of file - 9751 bytes

******************************************************

AGRADECIMENTOS ESPECIAIS AO AMIGO LUSITANO - QUE FOI ATENCIOSO E PACIENTE NO AUXILIO

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, volto a postar novamente um LOG do HijackThis, não acho que tenha avido alguma mudança desde o meu ultimo post, mas o problema persistiu, ja fiz os mesmos procedimentos de ontem com o COMBOFIX e com o Malwarebytes' Anti-Malware mas dessa vez sem encontrar nada de ameaças!

Não baixei nenhum arquivo ou programa, não acessei paginas não confiaveis, não entendo como isso pode estar acontecendo. MAIS ALGUMA SUGESTÃO :eek:

_________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:17:50, on 04/11/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe

C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe

C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\SYSTEM32\taskeng.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gruposkynet.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Security Suite 2007\PasswordManagerBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (file missing)

O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Windows\Downloaded Program Files\CONFLICT.6\gbiehscd.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sSS2007 File Redirection Starter] "C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe"

O4 - HKLM\..\Run: [sSS2007 HotKeys] "C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe"

O4 - HKLM\..\Run: [sSS2007 PasswordManagerFFAutoFill] "C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [VimicroMonitorSnapshotVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: SpyCatcher.lnk = C:\Program Files\Tenebril\SpyCatcher\SpyCatcher.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O13 - Gopher Prefix:

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399011} (GbPluginObj Class) - https://si-plg.sicredi.com.br/Cab/GbPluginScd.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O20 - AppInit_DLLs: secuload.dll

O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Protector - Tenebril Inc. - C:\Program Files\Tenebril\SpyCatcher\ProtectorSvc.exe

O23 - Service: Steganos AntiTheft (SatSrv) - Unknown owner - C:\Windows\system32\\SatSrv.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--

End of file - 9751 bytes

_________________________________________________________________

o link que fica abrindo é esse, se alguem quiser arriscar clicar pra contaminar o pc descobrir como remover e depois me dizer como corrigir!

Não é uma proposta boa, acho que é mais um desafio...

http://ad.yieldmanager.com/rw?title=PKR%2Ecom%20%2D%20The%20Ultimate%20in%20Online%20Poker&qs=iframe3%3FhBcAAO00AACqAwcA5wIBAAIAAAAAAP8AAAAGCwICAAJXRgAAATEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBNB38Y%2EAADsfPDR0D8AADjlYA%2ETPwAANNCQCNw%2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj9LXzbhIXQX1fEARAS%2DAt5heNy2%2DgCqWg7OAZQAAAAA%3D%2C%2Chttp%3A%2F%2Fcdn%2Efanatic%2Enet%2Enz%2Fpop%2Ehtml

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Baixe o ATF-Cleaner.

  • Clique em ATF-Cleaner.exe .
  • Em "Select Files To Delete", marque Select All.
  • Clique em Empty Selected.
  • Na janela Done Cleaning dê o OK e Exit.

Atenção: Se utiliza o Firefox:

  • No topo clique em Firefox e escolha: Select All
  • Depois, clique em Empty Selected.

Atenção: Se utiliza o Opera:

  • No topo clique em Opera e escolha: Select All
  • Depois, clique em Empty Selected.

Temporariamente desactive o seu anti-virus!

Faça um Online Scan em 66wcidf.png

  • Nota: Apenas compatível com o Internet Explorer
  • Aceite a instalação do ActiveX.
  • Aguarde a instalação e a actualização e depois efectue o scan.
  • No final, salve o log com os resultados e cole-o na sua próxima resposta.
  • Gere e cole também um novo log do HijackThis.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Então, passei o BitDefender mas ele não encontrou nada!

Ai resolvi desinstalar o msn e tambem o MessPatch que é um programa que habilita a opção de poligamia no msn, pra logar mais de uma conta simultaneamente no mesmo computador!

instalei só o msn e ficou tudo certo, então instalei o Messenger Plus! Live pra voltar a logar 2 msn's e agora ficou tudo resolvido!

OBRIGADO NOVAMENTE PELA AJUDA, FOI MUITO UTIL ATE MESMO POR EXPERIENCIA!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×