*Baixe o USBFix e salve-o no desktop

*Espete o Pendrive no PC

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 1 > [ENTER] e aguarde o término

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

Ok

fiz o procedimento

executei e agora ha um arquivo no c: usbfix.txt

Aqui esta o log gerado pelo Usbfix

############################## | UsbFix V6.099 |

User : Usuario (Administradores) # ACER

Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8

Start at: 09:17:33 | 17/03/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

Mobile AMD Sempron Processor 3500+

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

C:\ -> Disco fixo local # 111,78 Go (49,67 Go free) # NTFS

D:\ -> Disco CD-ROM

E:\ -> Disco removível # 1008,26 Mo (887,93 Mo free) # FAT32

################## | Ficheiros # pastas infeciosos |

C:\DOCUME~1\Usuario\CONFIG~1\Temp\AutoRun.exe

C:\DATA

E:\autorun.inf -> ficheiro chamado : "E:\fk.exe" ( Ausente ! )

E:\autorun.inf

1.

*Espete novamente o Pendrive no PC

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 2 > [ENTER] e aguarde o término

*Remova o Pendrive

*Cole o relatório criado em C:\UsbFix.txt

OBS: é necessário postar em http://chiquitine.chngelog.fr/sample/upload.php o arquivo gerado usbfix_upload_Me_ACER.zip?

Segue o Log criado;

############################## | UsbFix V6.099 |

User : Usuario (Administradores) # ACER

Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8

Start at: 11:05:18 | 17/03/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

Mobile AMD Sempron Processor 3500+

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

C:\ -> Disco fixo local # 111,78 Go (49,63 Go free) # NTFS

D:\ -> Disco CD-ROM

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\DOCUME~1\Usuario\CONFIG~1\Temp\AutoRun.exe

Supprimido ! C:\DATA

Supprimido ! C:\Recycler\S-1-5-21-746137067-823518204-682003330-1003

Supprimido ! C:\Recycler\S-1-5-21-746137067-823518204-682003330-1007

E:\autorun.inf -> ficheiro chamado : "E:\fk.exe" ( Ausente ! )

Supprimido ! E:\autorun.inf

################## | Registro |

Supprimido ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"

Supprimido ! [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableConfig"

Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"

################## | Mountpoints2 |

Supprimido ! HKCU\...\Explorer\MountPoints2\{44ed8af8-b666-11de-85b6-00197e3f60dd}\Shell\AutoRun\Command

Supprimido ! HKCU\...\Explorer\MountPoints2\{8d0cffd0-e8a9-11de-8625-00197e3f60dd}\Shell\AutoRun\Command

################## | Listing |

[08/10/2009 14:44|--a------|0] C:\AUTOEXEC.BAT

[08/10/2009 15:06|-rahs----|223] C:\boot.ini

[14/04/2008 09:00|-rahs----|4952] C:\Bootfont.bin

[08/10/2009 14:44|--a------|0] C:\CONFIG.SYS

[22/01/2009 16:07|---------|466037] C:\desinsta.exe

[08/10/2009 14:44|-rahs----|0] C:\IO.SYS

[08/10/2009 14:44|-rahs----|0] C:\MSDOS.SYS

[14/04/2008 09:00|-rahs----|47564] C:\NTDETECT.COM

[14/04/2008 09:00|-rahs----|251696] C:\ntldr

[?|?|?] C:\pagefile.sys

[11/02/2010 19:55|--a------|15084] C:\PatchLog.txt

[05/03/2010 16:53|--a------|449951] C:\prox.log

[08/10/2009 16:22|--a------|3153920] C:\secsetup.sdb

[17/03/2010 11:13|--a------|2150] C:\UsbFix.txt

[06/03/2010 10:07|--a------|150016] E:\audesp_clientes.xls

[17/02/2010 14:11|--a------|40448] E:\CONTRATO DE LOCAۂO Prefeitura.doc

[05/03/2010 15:50|--a------|18432] E:\amec_calculo_custos.xls

[05/03/2010 13:52|--a------|46080] E:\comunicado Amec.doc

[09/03/2010 08:37|--a------|36864] E:\contrato_locacao_IVA.doc

[10/03/2010 08:26|--a------|39936] E:\ComunicadoSDG.doc

[?|?|?] E:\Åeijo.exe

[16/03/2010 07:43|--a------|33122] E:\Rais2008_backup.bkp

[17/03/2010 08:11|--a------|9728] E:\~WRD2275.tmp

[16/03/2010 18:07|--a------|2992752] E:\DMSetup-Serial.exe

[17/03/2010 08:59|--a------|1775837] E:\UsbFix.exe

[24/02/2010 10:59|--a------|134144] E:\PISO DE HONORARIOS ano de 2.01_.doc

[16/03/2010 22:34|--a------|22528] E:\µREA SEGURAN€A.doc

[16/03/2010 23:14|--a------|10949] E:\hijackthis.log

[09/03/2010 16:40|--a------|24576] E:\CARTA_INSS_JAIR FRANCHINI.doc

[17/03/2010 09:21|--a------|1636] E:\UsbFix.txt

[03/03/2010 09:24|--a------|61952] E:\contrato_locacao_nao_residencial.doc

################## | Vaccinação |

C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

E:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

################## | Upload |

Favor enviar o arquivo : C:\UsbFix_Upload_Me_ACER.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

Não...

O arquivo é para você fazer um upload para o autor da ferramenta. Basta clicar no link e enviar o arquivo.

1.

*Duplo clique em UsbFix

*Tecle P > [ENTER]

*Tecle 6 > [ENTER]

2.

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe

*Clique em [Clean]...aguarde o término

*Cole o relatório criado em C:\Ad-Report-CLEAN.log e novo log do hijack

Log do AD-Report Clean

.

======= RAPPORT D'AD-REMOVER 2.0.0.0,A | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 15/03/10 à 17:00

Contact: AdRemover.contact@gmail.com

Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Started: 15:42:21 le 17/03/2010 | Normal boot | Option: CLEAN

Executed from: C:\Ad-Remover\ADR.exe

Operating systèm: Microsoft® Windows XP™ Service Pack 3

Computer name: ACER | Current user: Usuario (Administrator)

.

============== FIXED ELEMENTS ==============

.

.

C:\Arquivos de programas\Ask Search Assistant

C:\Arquivos de programas\Ask.com

C:\Arquivos de programas\Mozilla FireFox\Components\AskHPRFF.js

C:\Documents and Settings\Suellen\Configurações locais\Dados de aplicativos\AskToolbar

C:\Documents and Settings\Suellen\Configurações locais\Temp\AskSearch

C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Ask Search Assistant

C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

(!) -- Deleted temporary files.

.

HKCU\Software\AskToolbar

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AskSearchAsst.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

.

============== ADDITIONNAL SCAN ==============

.

Mozilla FireFox Version 3.6 (pt-BR)

.

C:\Documents and Settings\Usuario\Dados de aplicativos\mozilla\firefox\profiles\izmfp1am.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Usuario\\Meus documentos\\Minhas imagens

C:\Documents and Settings\Usuario\Dados de aplicativos\mozilla\firefox\profiles\izmfp1am.default\prefs.js - browser.startup.homepage: hxxp://www.plusnetwork.com

C:\Documents and Settings\Usuario\Dados de aplicativos\mozilla\firefox\profiles\izmfp1am.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2

C:\Documents and Settings\Suellen\Dados de aplicativos\Mozilla\Firefox\Profiles\ncg7gp7g.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Suellen\\Meus documentos\\Minhas imagens\\Oun\\Twilight

C:\Documents and Settings\Suellen\Dados de aplicativos\Mozilla\Firefox\Profiles\ncg7gp7g.default\prefs.js - browser.search.defaultenginename: Ask.com

C:\Documents and Settings\Suellen\Dados de aplicativos\Mozilla\Firefox\Profiles\ncg7gp7g.default\prefs.js - browser.search.selectedEngine: Google

C:\Documents and Settings\Suellen\Dados de aplicativos\Mozilla\Firefox\Profiles\ncg7gp7g.default\prefs.js - browser.startup.homepage: hxxp://www.orkut.com.br/Main#Home

C:\Documents and Settings\Suellen\Dados de aplicativos\Mozilla\Firefox\Profiles\ncg7gp7g.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2

C:\Documents and Settings\Suellen\Dados de aplicativos\Mozilla\Firefox\Profiles\ncg7gp7g.default\prefs.js - keyword.URL: hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=

.

.

Internet Explorer Version 8.0.6001.18702

.

[HKCU\Software\Microsoft\Internet Explorer\Main]

.

AutoHide: yes

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Custom Search URL: 1

Use Search Asst: no

.

[HKLM\Software\Microsoft\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

.

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

.

========================================

.

C:\DOCUME~1\Usuario\CONFIG~1\Temp: 12 Files, 131 Folders

C:\WINDOWS\temp: 2 Files, 7 Folders

Temporary Internet Files: 3 Files, 13 Folders

.

C:\Ad-Remover\Quarantine: 2 Files

C:\Ad-Remover\Backup: 14 Files

.

C:\Ad-Report-CLEAN[1].txt - 5984 Byte(s)

.

End at:15:50:51, 17/03/2010

.

============== E.O.F - CLEAN[1] ==============

Novo Log hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 15:52:08, on 17/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Nokia\Nokia Internet Modem\WellPhone2.exe

C:\folhawin\atualizador\atualizador.exe

C:\folhawin\backup\autobkp\autobkp.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\DOCUME~1\Usuario\CONFIG~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msfeedssync.exe

C:\Arquivos de programas\Java\jre6\bin\javaws.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jaucheck.exe

C:\Arquivos de programas\Java\jre6\bin\javaw.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Arquivos de programas\GetRight\xx2gr.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [LManager] C:\ARQUIV~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [iNPROCOMMWireless] C:\Arquivos de programas\Atheros\Wireless\Utility\WlanUtil.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ZTE Wireless Terminal] "C:\Arquivos de programas\AIKO 76E\bin\App.exe"

O4 - HKCU\..\Run: [Nokia Internet Modem] "C:\Arquivos de programas\Nokia\Nokia Internet Modem\WellPhone2.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Atualizador Automatico - Folhamatic.lnk = C:\folhawin\atualizador\atualizador.exe

O4 - Global Startup: Auto Backup - Folhamatic.LNK = C:\folhawin\backup\autobkp\autobkp.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with GetRight - C:\Arquivos de programas\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Arquivos de programas\GetRight\GRbrowse.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255203921203

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{807575EF-C243-4BEE-8569-AC426FF90E70}: NameServer = 192.168.0.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

1.

*Execute novamente o AD-Remover

*Clique em [uninstall]

Informe se já consegue instalar o antivírus.

1.

*Execute novamente o AD-Remover

*Clique em [uninstall]

Informe se já consegue instalar o antivírus.

Não consegui instalar anti-virus, nem o spyboot

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imagehost.org/0741/recovery-console-prompt.jpg&key=e82a02a7669077650b575129b2877919986cc4825b1687eb2ffdb0009aaf6732" alt="recovery-console-prompt.jpg" />

*Após a instalação, clique em [sIM] para continuar.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imagehost.org/0744/recovery-console-installed.jpg&key=ea128ab96f17dd81ce75cb7ce84d8f5e2e8b2b0e5321caf560d0276a9f2199c4" alt="recovery-console-installed.jpg" />

*Aguarde a conclusão de todas as etapas

/applications/core/interface/imageproxy/imageproxy.php?img=http://d.imagehost.org/0428/etapas.jpg&key=250c1a0bc69aad66089043d6d8150402761d8cb6b9d93671998163470db4d210" alt="etapas.jpg" />

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

*O programa será fechado automaticamente

*Cole o relatório criado em C:\combofix.txt

So estou conseguindo acessar a internet, através do mozilla firefox, o Internet Explorer apenas abre uma pagina em branco (com mensagem no canto esquerdo superior da tela "conectando".

Já o Mozilla firefox aparece a mensagem abaixo. Esta mensagem tambem aparece quando vou instalar o antivirus da uol, pois não consigo acessar nenhum site de segurança. Se eu baixar o combofix em outro computador e executar neste o efeito sera o mesmo? Já que se eu abrir o firefox consigo ter acesso a internet?

O Firefox não conseguiu estabelecer uma conexão com o servidor download.bleepingcomputer.com.

* Este site pode estar temporariamente fora do ar ou sobrecarregado. Tente de novo em alguns instantes.

* Se você não consegue carregar nenhuma página, verifique a conexão de rede do computador.

* Se o seu computador ou rede forem protegidos por um firewall ou proxy, certifique-se de que o Firefox esteja autorizado a acessar a web.

*Baixe o Combofix por outro PC.

Depois, copie-o para o desktop deste PC com problema. Siga as orientações conforme indiquei.

Segue Relatorio preparado pelo ComboFix

ComboFix 10-03-17.07 - Usuario 18/03/2010 17:48:00.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.766.438 [GMT -3:00]

Executando de: c:\documents and settings\Usuario\Desktop\ComboFix.exe

* Criado um novo ponto de restauração

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\Gravity\Ragnarok Online\skin\default\basic_interface\_desktop.ini

c:\arquivos de programas\Gravity\Ragnarok Online\skin\Scribbling Kid\_desktop.ini

c:\arquivos de programas\Gravity\Ragnarok Online\skin\Scribbling Kid\basic_interface\_desktop.ini

C:\MessengerPlus

c:\messengerplus\adilson.boleiro@hotmail.com1.log

c:\messengerplus\aformosaconselheira@hotmail.com1.log

c:\messengerplus\alina_romeiro@hotmail.com1.log

c:\messengerplus\aniinha_rodriigues@hotmail.com1.log

c:\messengerplus\anubiarodrigues@hotmail.com1.log

c:\messengerplus\azanormais@hotmail.com1.log

c:\messengerplus\bebella.brito.braune@hotmail.com1.log

c:\messengerplus\camilinhaanalandia@hotmail.com1.log

c:\messengerplus\caprica27@hotmail.com1.log

c:\messengerplus\carol_correa_pink@hotmail.com1.log

c:\messengerplus\carolcorreapink@hotmail.com1.log

c:\messengerplus\carolina_vivaldini@hotmail.com1.log

c:\messengerplus\claudete_37@hotmail.com1.log

c:\messengerplus\danilinho_10@hotmail.com1.log

c:\messengerplus\danlove_10@hotmail.com1.log

c:\messengerplus\deisesl_30@hotmail.com1.log

c:\messengerplus\drikinhamelo@hotmail.com1.log

c:\messengerplus\felipinhodenami@hotmail.com1.log

c:\messengerplus\fgcanello@hotmail.com1.log

c:\messengerplus\flor_deinha@hotmail.com1.log

c:\messengerplus\gabi.r.benites@hotmail.com1.log

c:\messengerplus\iarasara@msn.com1.log

c:\messengerplus\IEBrowserEvents.dll

c:\messengerplus\jujueraf@hotmail.com1.log

c:\messengerplus\keilaerika@hotmail.com1.log

c:\messengerplus\lizinha192@hotmail.com1.log

c:\messengerplus\luana_speedvendas@hotmail.com1.log

c:\messengerplus\luiss.rodrigues@hotmail.com1.log

c:\messengerplus\mah_fagiolli@hotmail.com1.log

c:\messengerplus\mangela-brandao@hotmail.com1.log

c:\messengerplus\nanapopic@hotmail.com1.log

c:\messengerplus\priscilinhaglamurosa@yahoo.com1.log

c:\messengerplus\rafab_sanches@hotmail.com1.log

c:\messengerplus\rafaela.rsantos@hotmail.com1.log

c:\messengerplus\rakire_turismo@hotmail.com1.log

c:\messengerplus\re_fig@hotmail.com1.log

c:\messengerplus\ronildoz@hotmail.com1.log

c:\messengerplus\samantabpb@hotmail.com1.log

c:\messengerplus\shine_g12@hotmail.com1.log

c:\messengerplus\thaisazangrando@hotmail.com1.log

c:\messengerplus\trestamboresebaliza@hotmail.com1.log

c:\messengerplus\vabrito@hotmail.com1.log

c:\messengerplus\vaniosa@hotmail.com1.log

c:\messengerplus\vaz.mari@hotmail.com1.log

c:\windows\system32\kernel.dll

c:\windows\system32\userinit.exe . . . está infectado!!

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-18 to 2010-03-18 ))))))))))))))))))))))))))))

.

2010-03-17 15:02 . 2010-03-17 15:02 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-03-17 14:15 . 2010-03-17 14:15 241775 ----a-w- C:\UsbFix_Upload_Me_ACER.zip

2010-03-17 12:04 . 2010-03-17 14:15 -------- d-----w- C:\UsbFix

2010-03-17 01:28 . 2010-03-17 18:52 -------- d-----w- c:\arquivos de programas\HJT

2010-03-16 22:01 . 2010-03-16 22:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee

2010-03-16 20:35 . 2010-03-16 20:35 -------- d--h--w- c:\windows\system32\GroupPolicy

2010-03-14 14:20 . 2010-03-14 14:20 -------- d-----w- C:\Games

2010-03-04 16:24 . 2008-04-28 09:14 293888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1006S.DLL

2010-02-24 15:46 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2010-02-24 15:46 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-02-24 15:46 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-02-24 15:46 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-13 21:03 . 2010-01-27 23:21 -------- d-----w- c:\arquivos de programas\JDownloader 0.8.821

2010-03-13 18:54 . 2009-10-10 17:23 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\Free Download Manager

2010-03-02 10:39 . 2008-04-14 12:00 80178 ----a-w- c:\windows\system32\perfc016.dat

2010-03-02 10:39 . 2008-04-14 12:00 471260 ----a-w- c:\windows\system32\perfh016.dat

2010-02-21 20:25 . 2009-12-13 05:31 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\Ahead

2010-02-15 20:47 . 2009-10-10 18:55 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-02-15 11:05 . 2010-02-15 10:54 -------- d-----w- c:\arquivos de programas\SEFAZ

2010-02-15 10:54 . 2009-10-08 18:05 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-02-15 10:53 . 2010-02-15 10:49 -------- d-----w- c:\arquivos de programas\SEFAZ JOSI

2010-02-15 10:21 . 2009-10-10 22:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-02-15 10:20 . 2009-10-10 21:31 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-02-12 00:45 . 2009-12-11 12:57 -------- d-----w- c:\arquivos de programas\EA GAMES

2010-02-11 22:02 . 2010-02-11 22:02 -------- d-----w- c:\arquivos de programas\Gravity

2010-02-02 13:16 . 2010-02-01 13:50 -------- d-----w- c:\arquivos de programas\CAIXA

2010-01-29 11:12 . 2010-01-29 11:12 -------- d-----w- c:\arquivos de programas\MSECache

2010-01-28 19:48 . 2010-01-28 19:31 -------- d-----w- c:\arquivos de programas\MCESimplificado

2010-01-28 19:36 . 2009-10-10 23:09 249856 ------w- c:\windows\Setup1.exe

2010-01-27 23:49 . 2009-10-08 18:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-01-27 23:48 . 2009-10-08 18:40 -------- d-----w- c:\arquivos de programas\Java

2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-30 20:30 . 2009-12-30 20:30 2887680 ----a-w- c:\windows\system32\VagalumePluginWMP.dll

2009-12-21 19:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]

"Nokia Internet Modem"="c:\arquivos de programas\Nokia\Nokia Internet Modem\WellPhone2.exe" [2009-07-29 1962648]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]

"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]

"AzMixerSel"="c:\arquivos de programas\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]

"LManager"="c:\arquiv~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-07 479232]

"ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-01-11 246504]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="c:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]

"InCD"="c:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-8 110592]

Atualizador Automatico - Folhamatic.lnk - c:\folhawin\atualizador\atualizador.exe [2009-12-5 1398572]

Auto Backup - Folhamatic.LNK - c:\folhawin\backup\autobkp\autobkp.exe [2009-12-5 85494]

BTTray.lnk - c:\arquivos de programas\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Documents and Settings\\Suellen\\Desktop\\Ares.exe"=

"c:\\folhawin\\atualizador\\atualizador.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

S3 nokiacpo;Nokia Internet Stick Wireless Modem Service Install;c:\windows\system32\drivers\nokiacpo.sys [22/06/2009 13:41 18688]

S3 nokiappo;Nokia Internet Stick Wireless Modem Power Policy Service;c:\windows\system32\drivers\nokiappo.sys [22/06/2009 13:41 27008]

S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [09/10/2009 17:29 98432]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{2DFD6A99-60EB-42AE-BE0E-4865A1A7142D}.job

• c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{A63760CC-2B08-48B6-A9DA-BAA3844E50E8}.job

• c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Download with GetRight - c:\arquivos de programas\GetRight\GRdownload.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Enviar para Dispositivo &Bluetooth... - c:\arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Open with GetRight Browser - c:\arquivos de programas\GetRight\GRbrowse.htm

TCP: {807575EF-C243-4BEE-8569-AC426FF90E70} = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\izmfp1am.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com

FF - prefs.js: network.proxy.http -

FF - prefs.js: network.proxy.http_port - 0

FF - prefs.js: network.proxy.type - 0

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "[http://www.firefox.com"](http://www.firefox.com));

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

• - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-fsm - (no file)

HKCU-Run-ZTE Wireless Terminal - c:\arquivos de programas\AIKO 76E\bin\App.exe

HKLM-Run-INPROCOMMWireless - c:\arquivos de programas\Atheros\Wireless\Utility\WlanUtil.exe

AddRemove-Bem Vindos a BRMU - c:\documents and settings\Usuario\Meus documentos\BRMU\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-18 18:02

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'winlogon.exe'(608)

c:\windows\system32\Ati2evxx.dll

• - - - - - - > 'explorer.exe'(416)

c:\windows\system32\WININET.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\arquivos de programas\Arquivos comuns\SmartCom\DragnDropCopyHook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\RTHDCPL.EXE

c:\arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

c:\arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

c:\docume~1\Usuario\CONFIG~1\Temp\RtkBtMnt.exe

c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-03-18 18:15:52 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-03-18 21:15

Pré-execução: 20 pasta(s) 54.236.389.376 bytes disponíveis

Pós execução: 24 pasta(s) 54.299.099.136 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

• - End Of File - - 44AE9DD9390F289C599CBBC8B7EF8DA4

*Baixe o WinFileReplace e salve-o no desktop

*Selecione e copie (Ctrl+c) o código abaixo:

c:\windows\system32\userinit.exe

*Duplo clique em WinFileReplace

*Tecle 2 > [ENTER]

*O bloco de notas será aberto. Cole (Ctrl+v) o código

*Feche o bloco de notas, será perguntado se desejas salvar

*Clique em [sim]

*Aceite os termos de contrato e confirme a restauração do arquivo

*Ao término tecle Y > [ENTER]

*O PC será reiniciado e surgirá um relatório

*Cole-o na sua próxima resposta

Nao consigo efetuar a colagem do c:\windows\system32\userinit.exe no editor de texto aberto quando dou duplo click no programa WinFileReplace no Desktop, pois é aberto um tela azul com os seguintes dizeres:

checking OS version.

Microsoft Windows XP - OK

Checking OS install language

'end´ não é reconhecido como um comando interno ou externo,

um programa operável ou um arquivo em lotes.

OS install language not supported by this tool.

Press any key to exit.

OK...

1.

*Delete o WinFileReplace.

2.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

/applications/core/interface/imageproxy/imageproxy.php?img=http://h.imagehost.org/0248/92674490.jpg&key=d7625160bdb4f34fddfbe12b72891b63b90fddb13f504a329efcb0a689cdc439" alt="92674490.jpg" />

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

3.

*Clique em [iniciar] > [Executar] > digite: sfc /scannow

/applications/core/interface/imageproxy/imageproxy.php?img=http://f.imagehost.org/0736/sfc.jpg&key=7e58b625716234fccece3957d954bbe25c43a0f4dd8d279fbc7167d64142c7b2" alt="sfc.jpg" />

*Clique OK

*Será solicitado o cd do Windows

*Coloque-o no CD-Rom e aguarde o término

*Retire o CD e reinicie o PC

Ok

já o computador esta funcionando, muito obrigado pela atenção, pode encerrar este Post . Porem informo que estarei abrindo outro Posto e enviando o registro de outras maquinas para desinfecta-las pois como este PC esta em rede acredito que houve outras contaminações.

ou posso utilizar alguns procedimentos de limpeza antes de postar um novo reg.

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.