Logo Hardware.com.br
Responder
bacaio
bacaio Novo Membro Registrado
43 Mensagens 0 Curtidas
#3 Por bacaio
19/04/2010 - 22:54
Fala ai. vê se é isso mesmo. vlw!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:07, on 19/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\avg.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Windows\PixArt\Pac7311\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Lingoes\Translator2\Lingoes.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\cmd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marco\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fornecido por Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Windows\system32\scpsssh2.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: profitizeme browser enhancer - {945F2EC2-89F3-FFEB-F56C-1298BD4483AE} - C:\Windows\system32\byclvewvoansrfeq.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [] C:\Windows\avg.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avvpdbvhegbj] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\byclvewvoansrfeq.dll"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize
O4 - HKCU\..\Run: [winlogon] C:\Windows\scchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [wins.exe] C:\windows\wins.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [wins.exe] C:\windows\wins.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A00FDF87-49AF-4E86-84DF-647E248D39E9}: NameServer = 189.50.192.6 200.252.61.3
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (file missing)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 10999 bytes
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#4 Por Wings
19/04/2010 - 23:02
Dando um auxílio enquanto wolf está off....

*Baixe o MalwareBytes Anti-malware e salve-o no desktop
*Instale o programa
*Se alguma atualização existir,o download será automático. Aguarde...
*O programa será aberto automaticamente.
*Na aba [Verificação], selecione a opção [Verificação completa]
*Clique em [Verificar] e selecione as unidades a serem examinadas
*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [SIM] > [OK] > [Mostrar Resultados]
*Clique em [Remover Selecionados]
*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.
*Cole-o na sua próxima resposta e novo log do hijack
bacaio
bacaio Novo Membro Registrado
43 Mensagens 0 Curtidas
#5 Por bacaio
20/04/2010 - 13:05
Esse é o resultado do Malwarebytes' Anti-Malware 1.45

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Versão da Base de Dados: 4012
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
20/04/2010 13:00:36
mbam-log-2010-04-20 (13-00-36).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Objetos escaneados: 235177
Tempo decorrido: 1 hora(s), 9 minuto(s), 53 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 8
Valores de Registro Infectados: 3
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 21
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Chaves de Registro Infectadas:
HKEY_CLASSES_ROOT\CLSID\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ulpqgplyrommdvo (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\k10 (Trojan.KillAV) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\avg (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{945f2ec2-89f3-ffeb-f56c-1298bd4483ae} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{945f2ec2-89f3-ffeb-f56c-1298bd4483ae} (Adware.AdRotator) -> Quarantined and deleted successfully.
Valores de Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avvpdbvhegbj (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\(default) (Trojan.Banker) -> Quarantined and deleted successfully.
Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)
Pastas Infectadas:
(Não foram detectados ítens maliciosos)
Arquivos Infectados:
C:\Program Files\Alwil Software\Avast4\DATA\moved\svchost.exe.10.vir (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\svchost.exe.11.vir (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\svchost.exe.2.vir (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\svchost.exe.3.vir (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\svchost.exe.4.vir (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\svchost.exe.5.vir (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\svchost.exe.6.vir (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\svchost.exe.7.vir (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\svchost.exe.8.vir (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\svchost.exe.9.vir (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\svchost.exe.vir (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\Users\Marco\AppData\Local\Temp\COM Security Update Level 5 (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Marco\Downloads\Batman.Arkham.Asylum.FullRip-KaOs\d3drm.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\ulpqgplyrommdvo.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\k10.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\Windows\Temp\iowy.tmp\svchost.exe (Trojan.Boaxxe) -> Quarantined and deleted successfully.
C:\Windows\key2010 (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\rssms32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\byclvewvoansrfeq.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\avg.exe (Trojan.Banker) -> Delete on reboot.

Esse é o resultado do hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:03, on 20/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\avg.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PixArt\Pac7311\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Lingoes\Translator2\Lingoes.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\cmd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Users\Marco\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fornecido por Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Windows\system32\scpsssh2.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [wins.exe] C:\windows\wins.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [wins.exe] C:\windows\wins.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A00FDF87-49AF-4E86-84DF-647E248D39E9}: NameServer = 189.50.192.6 200.252.61.3
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (file missing)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 10681 bytes
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#6 Por Espírita
20/04/2010 - 13:23
* Limpe a quarentena do malwarebytes

* Desinstale o Avast 4

* faça o download do wise registry cleaner:
http://majorgeeks.com/Wise_Registry_Cleaner_d5437.html

Instale o aplicativo., ao executá-lo selecione todas as opções a esquerda e clique em verificar. Encontrando erros selecione todos e clique em corrigir.

faça o download do advanced system care:
http://majorgeeks.com/Advanced_SystemCare_3_d5927.html

Instale o aplicativo e efetue uma limpeza e otimização no sistema.

* acesse o site descrito abaixo e efetue uma verificação online:
http://www.eset.com/online-scanner

** http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html **

-- Faça o download e instale o Avast 5:
http://files.avast.com/iavs5x/setup_av_free.exe

** http://dicasetutoriaisparapc.blogspot.com/2010/01/tutorial-do-avast-5-edicao-gratuita.html **
brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#7 Por brando lee
20/04/2010 - 15:35
wolf09 disse:
* Limpe a quarentena do malwarebytes

* Desinstale o Avast 4

* faça o download do wise registry cleaner:
http://majorgeeks.com/Wise_Registry_Cleaner_d5437.html

Instale o aplicativo., ao executá-lo selecione todas as opções a esquerda e clique em verificar. Encontrando erros selecione todos e clique em corrigir.

faça o download do advanced system care:
http://majorgeeks.com/Advanced_SystemCare_3_d5927.html

Instale o aplicativo e efetue uma limpeza e otimização no sistema.

* acesse o site descrito abaixo e efetue uma verificação online:
http://www.eset.com/online-scanner

** http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html **

-- Faça o download e instale o Avast 5:
http://files.avast.com/iavs5x/setup_av_free.exe

** http://dicasetutoriaisparapc.blogspot.com/2010/01/tutorial-do-avast-5-edicao-gratuita.html **


Wolf09!, esse vírus
C:\Windows\avg.exe
Ainda permanese em execução, O Malwarebytes não conseguiu remover.
bacaio
bacaio Novo Membro Registrado
43 Mensagens 0 Curtidas
#10 Por bacaio
26/04/2010 - 23:40
Fala ai Wolf09. segui todos os procedimentos que vc falou e também baixei o Avast 5. Segue o resultado da verificação online feita pelo ESET:

[EMAIL="ESETSmartInstaller@High"]ESETSmartInstaller@High[/EMAIL] as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c037a4cacb2ab04fb02b6fcb71c54cb7
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-26 11:05:30
# local_time=2010-04-26 08:05:30 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16774142 0 3 0 0 0 0
# compatibility_mode=5892 16776573 100 100 12244591 108928460 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=28465
# found=0
# cleaned=0
# scan_time=2242
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c037a4cacb2ab04fb02b6fcb71c54cb7
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-27 02:28:52
# local_time=2010-04-26 11:28:52 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16774142 0 3 0 0 0 0
# compatibility_mode=5892 16776573 100 100 12250889 108934758 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=127273
# found=6
# cleaned=6
# scan_time=8145
C:\Windows\winl.exe Win32/Spy.Banker.TMB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\wins.exe Win32/Spy.Banker.THU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\winx.exe Win32/Spy.Banker.TKA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\fglvskh.dll Win32/TrojanClicker.Delf.NJE trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Windows\Temp\dpip.tmp\svchost.exe Win32/TrojanClicker.Delf.NJE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} Win32/TrojanClicker.Delf.NJE trojan (contained infected files) 00000000000000000000000000000000 C

Pelo que entendi o pc continua infectado. O que devo fazer?
Abraço.
bacaio
bacaio Novo Membro Registrado
43 Mensagens 0 Curtidas
#12 Por bacaio
03/05/2010 - 11:06
Fala ai Wolf09. Segue o log do hijackthis. Um detale, o avast 5 na proteção residente fica o tempo todo abrindo um tela com a seguinte informação:
Malware Bloqueado
objeto: C:\windows\system32\fglvskh.dll
infecção: Win32:Malware-gen
processo: c:\windows\system32\svchost.exe


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:06, on 03/05/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Windows\PixArt\Pac7311\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Lingoes\Translator2\Lingoes.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\wscript.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Marco\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fornecido por Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)
O2 - BHO: (no name) - {5BB24EFA-45F5-42BD-84F6-1A272456F17D} - c:\windows\system32\fglvskh.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [wins.exe] C:\windows\wins.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [wins.exe] C:\windows\wins.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A00FDF87-49AF-4E86-84DF-647E248D39E9}: NameServer = 189.50.192.6 200.252.61.3
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 10625 bytes
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#13 Por Espírita
03/05/2010 - 13:22
Execute o hijackthis e escolha a opção do a system scan only. Selecione os itens:

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file)

O2 - BHO: (no name) - {5BB24EFA-45F5-42BD-84F6-1A272456F17D} - c:\windows\system32\fglvskh.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe

O4 - HKUS\S-1-5-18\..\Run: [wins.exe] C:\windows\wins.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [wins.exe] C:\windows\wins.exe (User 'Default user')

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

Clique em fix checked.
------------------------------------//------------------------------------
Execute o Avast.... vá em Escaneamento->Escaneamento ao Reiniciar.... selecione os itens a serem verificados clique em agendar e para finalizar clique em Reiniciar o Computador. Aguarde.
-------------------------------------//-----------------------------------
* faça o download do ComboFix., salve-o no desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
*Desative temporariamente o seu Antivirus.
* Execute-o - Aceite o contrato.

* Caso o console de recuperação já esteja instalado o ComboFix irá continuar o processo automaticamente.
* Caso não esteja, uma janela, será exibida solicitando a instalação. Clique em [SIM] para aceitá-la.

– Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

– O programa será fechado automaticamente. --

* Cole o relatório criado em C:\combofix.txt juntamente com um novo Log do hijackthis.
bacaio
bacaio Novo Membro Registrado
43 Mensagens 0 Curtidas
#14 Por bacaio
17/05/2010 - 12:15
Fala Wolf09, desculpe a demora. Segue as informações que você pediu.

Relatório criado do combofix:

ComboFix 10-05-09.06 - Marco 17/05/2010 10:59:06.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.55.1046.18.2036.1292 [GMT -3:00]
Executando de: c:\users\Marco\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Marco\AppData\Roaming\inst.exe
c:\users\Marco\ComboFix.exe
c:\users\Marco\DivXLand_MediaSub_205.exe
c:\users\Marco\kmp.exe
c:\users\Marco\mp3gain-win-1_2_5.exe
c:\users\Marco\mp3splt-gtk_0.5.2_i386.exe
c:\users\Marco\PowerISO42.exe
c:\users\Marco\tuner.exe
c:\users\Marco\wrar380br.exe
c:\windows\system32\DROPPEDFILEOK1.tmp
A cópia de c:\windows\system32\drivers\atapi.sys foi encontrada e desinfectada
Cópia restaurada de - Kitty had a snack stick_out_tongue.png
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_K10

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-17 to 2010-05-17 ))))))))))))))))))))))))))))
.
2010-05-17 14:06 . 2010-05-17 14:08 -------- d-----w- c:\users\Marco\AppData\Local\temp
2010-05-17 14:06 . 2010-05-17 14:06 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-05-17 14:06 . 2010-05-17 14:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-27 02:47 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-27 02:47 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-27 02:47 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-27 02:47 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-27 02:47 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-04-27 02:46 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-27 02:46 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-27 02:46 . 2010-04-27 02:46 -------- d-----w- c:\programdata\Alwil Software
2010-04-27 00:11 . 2010-04-27 00:11 48417032 ----a-w- c:\users\Marco\setup_av_free.exe
2010-04-26 20:33 . 2010-04-26 20:33 -------- d-----w- c:\program files\ESET
2010-04-26 20:12 . 2010-04-26 20:12 -------- d-----w- c:\users\Marco\AppData\Roaming\IObit
2010-04-26 20:12 . 2010-04-26 20:12 -------- d-----w- c:\program files\IObit
2010-04-26 19:41 . 2010-04-26 20:04 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-04-26 19:41 . 2010-04-26 19:41 2283966 ----a-w- c:\users\Marco\WRCFree.exe
2010-04-20 13:28 . 2010-04-20 13:28 -------- d-----w- c:\users\Marco\AppData\Roaming\Malwarebytes
2010-04-20 13:28 . 2010-03-30 03:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-20 13:28 . 2010-04-20 13:28 -------- d-----w- c:\programdata\Malwarebytes
2010-04-20 13:28 . 2010-03-30 03:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 13:28 . 2010-04-20 13:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-20 13:26 . 2010-04-20 13:26 5918776 ----a-w- c:\users\Marco\mbam-setup.exe
2010-04-19 23:52 . 2010-04-19 23:52 -------- d-----w- c:\program files\CCleaner
2010-04-19 23:52 . 2010-04-19 23:52 1134624 ----a-w- c:\users\Marco\ccsetup230_slim.exe
2010-04-19 18:46 . 2010-04-19 18:46 -------- d-----w- c:\windows\system32\AGEIA
2010-04-19 18:46 . 2010-04-19 18:46 -------- d-----w- c:\program files\AGEIA Technologies
2010-04-19 18:46 . 2010-04-19 18:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-19 18:46 . 2010-02-04 13:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-19 18:46 . 2010-02-04 13:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-19 18:46 . 2010-02-04 13:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-19 18:46 . 2010-02-04 13:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-19 18:23 . 2010-04-19 18:23 -------- d-----w- C:\Games
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 14:07 . 2008-08-11 23:42 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-17 14:04 . 2006-11-06 01:23 636924 ----a-w- c:\windows\system32\prfh0416.dat
2010-05-17 14:04 . 2006-11-06 01:23 122534 ----a-w- c:\windows\system32\prfc0416.dat
2010-04-27 10:55 . 2008-09-15 02:02 -------- d-----w- c:\users\Marco\AppData\Roaming\uTorrent
2010-04-27 10:47 . 2008-08-09 15:10 -------- d-----w- c:\program files\Zoom Player
2010-04-27 02:46 . 2008-08-08 02:29 -------- d-----w- c:\program files\Alwil Software
2010-04-26 22:36 . 2008-08-07 18:37 100544 ----a-w- c:\users\Marco\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-19 17:44 . 2008-08-07 18:41 -------- d-----w- c:\programdata\Roxio
2010-04-19 14:45 . 2009-01-26 20:06 -------- d-----w- c:\users\Marco\AppData\Roaming\Vso
2010-04-19 13:58 . 2008-11-09 19:34 -------- d-----w- c:\program files\Scpad
2010-04-14 20:39 . 2008-08-08 03:04 -------- d-----w- c:\program files\eMule
2010-04-08 17:06 . 2008-08-15 00:13 -------- d-----w- c:\program files\DreaMule
2010-04-07 18:36 . 2010-04-07 16:25 -------- d-----w- c:\users\Marco\AppData\Roaming\FreeFLVConverter
2010-04-07 16:29 . 2008-10-16 22:46 -------- d-----w- c:\program files\Free FLV Converter
2010-04-07 16:25 . 2008-09-03 11:39 6270847 ----a-w- c:\users\Marco\Setup_FreeFlvConverter.exe
2010-03-31 22:53 . 2008-11-05 23:18 -------- d-----w- c:\programdata\Microsoft Help
2010-03-30 16:35 . 2008-09-03 11:40 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-03-25 23:58 . 2008-07-31 19:00 -------- d-----w- c:\program files\Microsoft Works
2010-03-25 23:58 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2010-03-25 22:56 . 2008-07-31 18:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\3528\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\3528\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\3528\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\3528\AcrobatUpdater.exe
2010-03-18 21:51 . 2010-03-18 21:51 817058 ----a-w- c:\users\Marco\neotrc212a.exe
2008-08-01 02:28 . 2008-08-01 02:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]
"Lingoes"="c:\program files\Lingoes\Translator2\Lingoes.exe" [2009-07-17 2191360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-24 185872]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-12-11 25214]
Digimax Viewer 2.1.lnk - c:\program files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2009-11-10 626688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-31 19:05 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 hphmqghf;Microsoft USB 2.0 Enhanced Host Controller Miniport Controller;c:\windows\System32\svchost.exe [2008-01-19 21504]
R2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2009-07-10 136496]
R3 PAC7311;Dlink DSB-C320;c:\windows\system32\DRIVERS\PA707UCM.SYS [2006-11-08 530304]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-10-09 716272]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hphmqghf
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-05-17 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-04-26 17:54]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.yahoo.com.br/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 11:11
Windows 6.0.6001 Service Pack 1 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'Explorer.exe'(1600)
c:\program files\Lingoes\Translator2\opentext2.dll
c:\program files\ArcSoft\WebCam Companion\PhotoImpression 5\share\pihook.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\conime.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\System32\wscript.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-05-17 11:14:49 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-05-17 14:14
Pré-execução: 59.469.258.752 bytes disponíveis
Pós execução: 59.278.073.856 bytes disponíveis
- - End Of File - - A59DF996F78E7933D7325CD7E0A7B187


Relatorio do hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:44, on 17/05/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Lingoes\Translator2\Lingoes.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marco\Downloads\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A00FDF87-49AF-4E86-84DF-647E248D39E9}: NameServer = 189.50.192.6 200.252.61.3
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 8952 bytes


Vlw! Abraço,
Marco Aurelio.
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal