Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Bom,
To precisando que analisem o log retirado hoje via HijackThis, meu computador ta meio lerdo e quando abro o Internet Explorer abre duas vezes o processo e a mesma coisa anda acontecendo com o Chrome (só o Firefox que to usando).
Estou usando o Kaspersky PURE 9.1.0.124 e não esta adiantando...
Segue Log:
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:17:27, on 19/2/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe
C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 109.123.70.47:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Adicionar ao Antibanner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://C:\Arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O9 - Extra button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286333767890
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 8290 bytes
Opa...obrigado pela resposta brother...segue o DDS.txt:
>
DDS (Ver_10-12-12.02) - NTFSx86
Run by Roseli Mareti at 14:13:21,04 on s b 19/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1918.1196 [GMT -2:00]
AV: avast! Antivirus Enabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky PURE Disabled/Updated {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE Disabled
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe
C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Outlook Express\msimn.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Roseli Mareti\Meus documentos\Lucas\Nova pasta\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.orkut.com/
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 109.123.70.47:80
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HDAudDeck] c:\arquivos de programas\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Lexmark X1100 Series] "c:\arquivos de programas\lexmark x1100 series\lxbkbmgr.exe"
mRun: [AVP] "c:\arquivos de programas\kaspersky lab\kaspersky pure\avp.exe"
mRun: [AdobeCS5ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS4ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [avast5] "c:\arquivos de programas\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [<NO NAME>]
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: Advanced Email Extractor - c:\arquivos%20de%20programas\advanced%20email%20extractor%20pro\AeePMsie.dll/page.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Scan link with AEE - c:\arquivos%20de%20programas\advanced%20email%20extractor%20pro\AeePMsie.dll/link.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286333767890
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\arquiv~1\kasper~1\kasper~1\kloehk.dll
Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\roseli~1\dadosd~1\mozilla\firefox\profiles\x2ihzpvd.default\
FF - prefs.js: network.proxy.type - 1
FF - component: c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\arquivos de programas\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\documents and settings\all users\dados de aplicativos\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
============= SERVICES / DRIVERS ===============
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2009-12-14 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-19 294608]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2009-12-14 39352]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-2-15 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-19 141312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-19 17744]
R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2011-2-19 40384]
R2 CSObjectsSrv;CryptoStorage control service;c:\arquivos de programas\arquivos comuns\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-5 279680]
S2 AVP;Kaspersky PURE;c:\arquivos de programas\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-10-13 136176]
S3 ivuozfi;ivuozfi;\??\c:\windows\system32\08.tmp --> c:\windows\system32\08.tmp [?]
S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\arquivos comuns\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 tvsnaeniw;tvsnaeniw;\??\c:\windows\system32\055.tmp --> c:\windows\system32\055.tmp [?]
S3 zruasdppp;zruasdppp;\??\c:\windows\system32\09.tmp --> c:\windows\system32\09.tmp [?]
S4 MySQL51;MySQL51;"c:\arquivos de programas\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\arquivos de programas\mysql\mysql server 5.1\my.ini" mysql51 --> c:\arquivos de programas\mysql\mysql server 5.1\bin\mysqld [?]
=============== Created Last 30 ================
2011-02-19 06:49:33 38848 ----a-w- c:\windows\avastSS.scr
2011-02-19 06:49:22 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Alwil Software
2011-02-19 05:54:19 -------- d-----w- c:\arquivos de programas\WebExtractor
2011-02-19 01:53:28 -------- d-----w- C:\UsbFix
2011-02-19 01:52:59 1220299 ----a-w- C:\UsbFix.exe
2011-02-16 00:19:31 162392 ----a-w- c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-02-16 00:19:14 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-16 00:19:14 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-16 00:17:07 -------- d-----w- c:\arquivos de programas\arquivos comuns\InfoWatch
2011-02-16 00:17:04 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab
2011-02-16 00:17:04 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2011-02-16 00:10:42 -------- d-----w- c:\arquivos de programas\Microsoft Bootvis
2011-02-16 00:00:46 -------- d-----w- c:\docume~1\roseli~1\dadosd~1\Registry Mechanic
2011-02-15 23:58:23 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files
2011-02-15 23:56:59 -------- d-----w- c:\arquivos de programas\arquivos comuns\PC Tools
2011-02-15 23:45:57 -------- d-----w- C:\CARROS
2011-02-15 23:29:26 -------- dc-h--w- c:\windows\ie8
2011-02-14 08:43:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-14 08:43:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-13 06:05:49 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\XoftSpySE
2011-02-13 05:52:56 -------- d-----w- C:\_OTL
2011-02-13 05:41:36 -------- d-----w- C:\Program Files
2011-02-12 08:41:46 149504 ----a-w- c:\windows\UNWISE.EXE
2011-02-12 08:41:46 -------- d-----w- c:\arquivos de programas\arquivos comuns\TweakMarketing
2011-02-12 08:41:46 -------- d-----w- c:\arquivos de programas\Advanced Email Extractor PRO
2011-02-12 08:39:03 -------- d-----w- C:\extractor
2011-02-12 08:38:42 -------- d-----w- c:\arquivos de programas\JC-Email Segmenter Plus
2011-02-12 08:37:25 -------- d-----w- c:\arquivos de programas\FindEmail
2011-02-12 08:26:26 -------- d-----w- c:\arquivos de programas\Web Data Extractor 3.7
2011-02-11 10:17:38 43008 ----a-w- c:\windows\system32\MSMAPI32.oca
2011-02-11 10:17:38 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca
2011-02-11 10:11:24 1652736 ----a-w- c:\windows\system32\mshtml.oca
2011-02-11 10:11:22 64000 ----a-w- c:\windows\system32\ieframe.oca
2011-02-11 10:11:22 29184 ----a-w- c:\windows\system32\MSINET.oca
2011-02-11 10:11:22 135168 ----a-w- c:\windows\system32\MSCOMCT2.oca
2011-02-11 10:09:57 -------- d-----w- c:\arquivos de programas\Web Publish
2011-02-11 09:19:53 -------- d-----w- c:\arquivos de programas\Resource Hacker
2011-02-11 04:38:45 -------- d-----w- c:\arquivos de programas\Service-Desk-Crm
2011-02-11 04:38:41 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-02-11 04:38:41 249856 ------w- c:\windows\Setup1.exe
2011-02-10 18:33:09 -------- d-----w- c:\windows\system32\F6DAA0
2011-01-31 02:35:48 -------- d-----w- C:\AudacityPortable
2011-01-31 02:28:17 -------- d-----w- c:\arquivos de programas\AnalogX
2011-01-25 14:48:49 -------- d-----w- C:\DPEC
2011-01-25 14:48:33 -------- d-----w- C:\database
==================== Find3M ====================
2011-01-13 03:33:41 0 ----a-w- c:\documents and settings\roseli mareti\m.tmp
2010-12-03 00:03:25 796672 ----a-w- c:\windows\GPInstall.exe
============= FINISH: 14:13:54,34 ===============
Agora, o Attach.txt:
>
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/10/2010 20:44:03
System Uptime: 18/2/2011 19:01:24 (19 hours ago)
Motherboard: FOXCONN | | M61PMV
Processor: AMD Athlon 7750 Dual-Core Processor | AMD Athlon 7750 Dual-Core Processor | 2712/200mhz
Processor: AMD Athlon 7750 Dual-Core Processor | AMD Athlon 7750 Dual-Core Processor | 2712/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 0,695 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP4: 18/2/2011 07:45:27 - Ponto de verificação do sistema
RP5: 19/2/2011 04:49:22 - avast! Free Antivirus Setup
==== Installed Programs ======================
7-Zip 4.57
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Advanced Archive Password Recovery
Advanced Email Extractor PRO
Agere Systems PCI Soft Modem
AnalogX Vocal Remover
Apple Application Support
Apple Software Update
Arquivo do WinRAR
Assistente de Conexão do Windows Live
µTorrent
avast! Free Antivirus
C-Media WDM Audio Driver
CCleaner
Cheat Engine 5.5
Cheat Engine 5.6.1
Compatibility Pack for the 2007 Office system
Connect
Emissor de Nota Fiscal Eletronica (NF-e)
Ferramenta de Carregamento do Windows Live
FindEmail 2.2.8
Foxit Reader
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
JC-Email Segmenter Plus
K-Lite Mega Codec Pack 4.2.5
Kaspersky PURE
kuler
Lexmark X1100 Series
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Bootvis
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edição 2003
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.13)
MSVCRT
MySQL Server 5.1
NVIDIA Drivers
PDF Settings CS5
Photoshop Camera Raw
Platform
QuickTime
Real Alternative 1.9.0
Resource Hacker Version 3.5.2
Segoe UI
SiS VGA Utilities
SiSAGP driver
Skype™ 5.1
Spyware Terminator
Suite Shared Configuration CS4
UltraISO Premium V8.63
UsbFix By El Desaparecido & C_XX
VIA Gerenciador de dispositivo de plataforma
VobSub v2.23 (Remove Only)
Web Data Extractor 3.7
Web Data Extractor 8.1
WebFldrs XP
WinAVI Video Converter
WinAVI Video Converter 9.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Player Firefox Plugin
Windows XP Service Pack 2
XP Codec Pack
==== End Of File ===========================
Olá!
Por favor, siga as instruções abaixo:
<< 1 >>
Faça o download do HostsXpert e salve em uma pasta própria (como C:\HostsXpert)
-
OBSERVAÇÃO: Caso o HostsXpert reportar algum erro, clique em Make Writeable? e, após isso, clique em Restore MS Hosts File.
<< 2 >>
Siga as instruções do tutorial abaixo e execute o Ad-Remover. Utilize a opção CLEAN. Poste o log gerado.
<< 3 >>
Temporariamente desative seus programas de proteção!
Faça o download do BankerFix e salve no desktop (área de trabalho).
<< 4 >>
Poste um novo log do DDS.
Abraços :D
Vamos lá...o relatório AD-REPORT:
======= REPORT FROM AD-REMOVER 2.0.0.2,E | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 16/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org
C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 22:13:26 on 19/02/2011, Normal boot
Microsoft Windows XP Professional Service Pack 2 (X86)
Roseli Mareti@ESCRITORIO ( )
============== ACTION(S) ==============
File deleted: C:\Arquivos de programas\Mozilla FireFox\Components\AskSearch.js
Folder deleted: C:\Documents and Settings\Roseli Mareti\Dados de aplicativos\Mozilla\FireFox\Profiles\x2ihzpvd.default\conduit
Folder deleted: C:\Documents and Settings\Roseli Mareti\Dados de aplicativos\Mozilla\FireFox\Profiles\x2ihzpvd.default\ConduitEngine
Folder deleted: C:\Documents and Settings\Roseli Mareti\Dados de aplicativos\Mozilla\FireFox\Profiles\x2ihzpvd.default\extensions\engine@conduit.com
Folder deleted: C:\Documents and Settings\Roseli Mareti\Dados de aplicativos\PriceGong
(!) -- Temporary files deleted.
-- File opened: C:\Documents and Settings\Roseli Mareti\Dados de aplicativos\Mozilla\FireFox\Profiles\x2ihzpvd.default\Prefs.js --
Line deleted: user_pref("CT2552374.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/945276/941054/BR", "\"0\"")...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2552374", ...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63425009534667...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2552374&octid=...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"...
Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2552374");
Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");
Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_brasil");
Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2552374");
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_brasil");Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...
Line deleted: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2552374");
Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2552374");
Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Feb 18 2011 22:11:15 GMT-0200");
Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line deleted: user_pref("CommunityToolbar.alert.locale", "en");
Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Feb 18 2011 22:11:15 GMT-0200");
Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line deleted: user_pref("CommunityToolbar.alert.userId", "8131fb32-daa4-4504-a27b-db2a903343e5");
Line deleted: user_pref("ConduitEngine.FirstServerDate", "11/30/2010 23");
Line deleted: user_pref("ConduitEngine.FirstTime", true);
Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true);
Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line deleted: user_pref("ConduitEngine.Initialize", true);
Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line deleted: user_pref("ConduitEngine.InstalledDate", "Tue Nov 30 2010 18:36:13 GMT-0200");
Line deleted: user_pref("ConduitEngine.IsMulticommunity", false);
Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Feb 18 2011 22:11:36 GMT-0200");
Line deleted: user_pref("ConduitEngine.LastLogin_3.2.1.3", "Sat Feb 19 2011 21:33:14 GMT-0200");
Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Feb 19 2011 21:33:14 GMT-0200");
Line deleted: user_pref("ConduitEngine.UserID", "UN44073588401824866");
Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR");
Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Feb 18 2011 22:11:36 GMT-0200");
Line deleted: user_pref("ConduitEngine.initDone", true);
Line deleted: user_pref("ConduitEngine.usagesFlag", 2);-- File closed --
Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key deleted: HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key deleted: HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Key deleted: HKLM\Software\Classes\Toolbar.CT2552374
Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key deleted: HKLM\Software\AskBarDis
Key deleted: HKCU\Software\PriceGong
Key deleted: HKU\.DEFAULT\Software\AskToolbar
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
============== ADDITIONNAL SCAN ==============
** Mozilla Firefox Version [3.6.13 (pt-BR)] **
Plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)
Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)
Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)
Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)
Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)
-- C:\Documents and Settings\Roseli Mareti\Dados de aplicativos\Mozilla\FireFox\Profiles\x2ihzpvd.default --
Extensions\firebug@software.joehewitt.com (Firebug)
Extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5} (Softonic_Brasil Community Toolbar)
Extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66} (QuickProxy)
Prefs.js - browser.download.dir, C:\\Documents and Settings\\Roseli Mareti\\Meus documentos\\Lucas\\Nova pasta
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Roseli Mareti\\Meus documentos
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13
========================================
** Internet Explorer Version [8.0.6001.18702] **
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?)
HKCU_SearchScopes\{210073B5-670D-4ABE-A7CB-83EDBC77BF35} - "Orbit Search (Powered By Google)" (hxxp://search.orbitdownloader.com/ie.php?q={searchTerms}&enc={inputEncoding})
HKCU_SearchScopes\{8e04bb2c-d5aa-493b-bd76-4d162c4fa21b} - "iCall" (hxxp://www.ask.com/web?q={searchTerms}&o=1492&l=dis)
HKCU_Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (x)
HKLM_ElevationPolicy\{09E9B8FC-3D94-4A9B-AD2E-A64255121895} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtbws.exe (Kaspersky Lab)
HKLM_ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (x)
HKLM_ElevationPolicy\{4671F4B7-89F5-4701-B641-570278D5C856} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe (Kaspersky Lab)
HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Arquivos de programas\Java\jre6\bin\ssvagent.exe (x)
HKCU_Extensions\{AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - "Email Extractor" (C:\Arquivos de programas\Advanced Email Extractor PRO\AeePMsie.dll,2)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)
========================================
C:\Arquivos de programas\Ad-Remover\Quarantine: 67 File(s)
C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)
C:\Ad-Report-CLEAN[1].txt - 19/02/2011 22:13:36 (11529 Byte(s))
End at: 22:14:15, 19/02/2011
============== E.O.F ==============
RELATÓRIO BANKER FIX:
BankerFix 3.1 VALKYRIE - Removedor de BankersLinha Defensiva | http://www.linhadefensiva.org
http://www.linhadefensiva.org/bankerfix/
-------------------------------------------------------
Data: 2011-02-19 - 22:19
-------------------------------------------------------
Lista de Definição: 2010-12-25-1 | CORE: 2010-12-28-6
=======================================================
----- Fim -------------------------
RELATÓRIO DDS.txt:
>
DDS (Ver_10-12-12.02) - NTFSx86
Run by Roseli Mareti at 22:24:24,32 on s b 19/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1918.1376 [GMT -2:00]
AV: Kaspersky PURE Disabled/Updated {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE Disabled
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe
C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\sistray.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Roseli Mareti\Desktop\dds.scr
============== Pseudo HJT Report ===============
uWindow Title =
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 109.123.70.47:80
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HDAudDeck] c:\arquivos de programas\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Lexmark X1100 Series] "c:\arquivos de programas\lexmark x1100 series\lxbkbmgr.exe"
mRun: [AVP] "c:\arquivos de programas\kaspersky lab\kaspersky pure\avp.exe"
mRun: [AdobeCS5ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS4ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [avast5] "c:\arquivos de programas\alwil software\avast5\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: Advanced Email Extractor - c:\arquivos%20de%20programas\advanced%20email%20extractor%20pro\AeePMsie.dll/page.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Scan link with AEE - c:\arquivos%20de%20programas\advanced%20email%20extractor%20pro\AeePMsie.dll/link.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286333767890
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\arquiv~1\kasper~1\kasper~1\kloehk.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\roseli~1\dadosd~1\mozilla\firefox\profiles\x2ihzpvd.default\
FF - prefs.js: network.proxy.type - 1
FF - component: c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\arquivos de programas\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\documents and settings\all users\dados de aplicativos\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
============= SERVICES / DRIVERS ===============
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2009-12-14 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2009-12-14 39352]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-2-15 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-19 141312]
R2 CSObjectsSrv;CryptoStorage control service;c:\arquivos de programas\arquivos comuns\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-5 279680]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 avast! Antivirus;avast! Antivirus;"c:\arquivos de programas\alwil software\avast5\avastsvc.exe" --> c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [?]
S2 AVP;Kaspersky PURE;c:\arquivos de programas\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-10-13 136176]
S3 ivuozfi;ivuozfi;\??\c:\windows\system32\08.tmp --> c:\windows\system32\08.tmp [?]
S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\arquivos comuns\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 tvsnaeniw;tvsnaeniw;\??\c:\windows\system32\055.tmp --> c:\windows\system32\055.tmp [?]
S3 zruasdppp;zruasdppp;\??\c:\windows\system32\09.tmp --> c:\windows\system32\09.tmp [?]
S4 MySQL51;MySQL51;"c:\arquivos de programas\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\arquivos de programas\mysql\mysql server 5.1\my.ini" mysql51 --> c:\arquivos de programas\mysql\mysql server 5.1\bin\mysqld [?]
=============== Created Last 30 ================
2011-02-20 00:19:13 -------- d-----w- C:\LinhaDefensiva
2011-02-20 00:12:54 -------- d-----w- c:\arquivos de programas\Ad-Remover
2011-02-20 00:11:12 -------- d-----w- C:\HostsXpert
2011-02-19 22:38:21 -------- d-----w- c:\docume~1\roseli~1\dadosd~1\Canneverbe Limited
2011-02-19 22:38:21 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Canneverbe Limited
2011-02-19 22:38:11 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-02-19 22:26:02 47360 ----a-w- c:\windows\system32\drivers\Pcouffin.sys
2011-02-19 22:25:57 -------- d-----w- c:\arquivos de programas\vso
2011-02-19 06:49:22 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Alwil Software
2011-02-19 05:54:19 -------- d-----w- c:\arquivos de programas\WebExtractor
2011-02-19 01:53:28 -------- d-----w- C:\UsbFix
2011-02-19 01:52:59 1220299 ----a-w- C:\UsbFix.exe
2011-02-16 00:19:31 162392 ----a-w- c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-02-16 00:19:14 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-16 00:19:14 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-16 00:17:07 -------- d-----w- c:\arquivos de programas\arquivos comuns\InfoWatch
2011-02-16 00:17:04 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab
2011-02-16 00:17:04 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2011-02-16 00:10:42 -------- d-----w- c:\arquivos de programas\Microsoft Bootvis
2011-02-16 00:00:46 -------- d-----w- c:\docume~1\roseli~1\dadosd~1\Registry Mechanic
2011-02-15 23:58:23 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files
2011-02-15 23:45:57 -------- d-----w- C:\CARROS
2011-02-15 23:29:26 -------- dc-h--w- c:\windows\ie8
2011-02-14 08:43:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-14 08:43:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-13 06:05:49 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\XoftSpySE
2011-02-13 05:52:56 -------- d-----w- C:\_OTL
2011-02-13 05:41:36 -------- d-----w- C:\Program Files
2011-02-12 08:41:46 149504 ----a-w- c:\windows\UNWISE.EXE
2011-02-12 08:41:46 -------- d-----w- c:\arquivos de programas\arquivos comuns\TweakMarketing
2011-02-12 08:41:46 -------- d-----w- c:\arquivos de programas\Advanced Email Extractor PRO
2011-02-12 08:39:03 -------- d-----w- C:\extractor
2011-02-12 08:38:42 -------- d-----w- c:\arquivos de programas\JC-Email Segmenter Plus
2011-02-12 08:37:25 -------- d-----w- c:\arquivos de programas\FindEmail
2011-02-12 08:26:26 -------- d-----w- c:\arquivos de programas\Web Data Extractor 3.7
2011-02-11 10:17:38 43008 ----a-w- c:\windows\system32\MSMAPI32.oca
2011-02-11 10:17:38 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca
2011-02-11 10:11:24 1652736 ----a-w- c:\windows\system32\mshtml.oca
2011-02-11 10:11:22 64000 ----a-w- c:\windows\system32\ieframe.oca
2011-02-11 10:11:22 29184 ----a-w- c:\windows\system32\MSINET.oca
2011-02-11 10:11:22 135168 ----a-w- c:\windows\system32\MSCOMCT2.oca
2011-02-11 10:09:57 -------- d-----w- c:\arquivos de programas\Web Publish
2011-02-11 09:19:53 -------- d-----w- c:\arquivos de programas\Resource Hacker
2011-02-11 04:38:45 -------- d-----w- c:\arquivos de programas\Service-Desk-Crm
2011-02-11 04:38:41 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-02-11 04:38:41 249856 ------w- c:\windows\Setup1.exe
2011-02-10 18:33:09 -------- d-----w- c:\windows\system32\F6DAA0
2011-01-31 02:35:48 -------- d-----w- C:\AudacityPortable
2011-01-31 02:28:17 -------- d-----w- c:\arquivos de programas\AnalogX
2011-01-25 14:48:49 -------- d-----w- C:\DPEC
2011-01-25 14:48:33 -------- d-----w- C:\database
==================== Find3M ====================
2011-01-13 03:33:41 0 ----a-w- c:\documents and settings\roseli mareti\m.tmp
2010-12-03 00:03:25 796672 ----a-w- c:\windows\GPInstall.exe
============= FINISH: 22:24:53,92 ===============
RELATÓRIO Attach.txt:
>
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/10/2010 20:44:03
System Uptime: 19/2/2011 21:15:20 (1 hours ago)
Motherboard: FOXCONN | | M61PMV
Processor: AMD Athlon 7750 Dual-Core Processor | AMD Athlon 7750 Dual-Core Processor | 2712/200mhz
Processor: AMD Athlon 7750 Dual-Core Processor | AMD Athlon 7750 Dual-Core Processor | 2712/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 3,56 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP6: 19/2/2011 20:16:06 - Ponto de verificação do sistema
==== Installed Programs ======================
7-Zip 4.57
Ad-Remover By C_XX
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Advanced Archive Password Recovery
Advanced Email Extractor PRO
Agere Systems PCI Soft Modem
AnalogX Vocal Remover
Apple Application Support
Apple Software Update
Arquivo do WinRAR
Assistente de Conexão do Windows Live
µTorrent
avast! Free Antivirus
C-Media WDM Audio Driver
CCleaner
CDBurnerXP
Cheat Engine 5.5
Cheat Engine 5.6.1
Compatibility Pack for the 2007 Office system
Connect
ConvertXtoDVD 2.0.12
Emissor de Nota Fiscal Eletronica (NF-e)
Ferramenta de Carregamento do Windows Live
FindEmail 2.2.8
Foxit Reader
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
JC-Email Segmenter Plus
K-Lite Mega Codec Pack 4.2.5
Kaspersky PURE
kuler
Lexmark X1100 Series
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Bootvis
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edição 2003
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.13)
MSVCRT
MySQL Server 5.1
NVIDIA Drivers
PDF Settings CS5
Photoshop Camera Raw
Platform
QuickTime
Real Alternative 1.9.0
Resource Hacker Version 3.5.2
Segoe UI
SiS VGA Utilities
SiSAGP driver
Skype™ 5.1
Spyware Terminator
Suite Shared Configuration CS4
UltraISO Premium V8.63
UsbFix By El Desaparecido & C_XX
VIA Gerenciador de dispositivo de plataforma
VobSub v2.23 (Remove Only)
Web Data Extractor 3.7
Web Data Extractor 8.1
WebFldrs XP
WinAVI Video Converter
WinAVI Video Converter 9.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Player Firefox Plugin
Windows XP Service Pack 2
XP Codec Pack
==== End Of File ===========================
>
Olá!
Por favor, siga o tutorial no link abaixo:
#### Como usar o ComboFix ####
Sugiro que imprima as instruções abaixo pois não poderá lê-las enquanto utiliza a ferramenta.
>
NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
-
De forma alguma saia do ComboFix usando o "X" do programa. Caso queira sair, tecle "N".
Abraços :D
Opa...seguinte, vi no tuto fiz td certim...ai deixei fazendo e gerou o log:
>
ComboFix 11-02-19.02 - Roseli Mareti 20/02/2011 0:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1918.1525 [GMT -3:00]
Executando de: c:\documents and settings\Roseli Mareti\Desktop\ComboFix.exe
AV: Kaspersky PURE Disabled/Updated {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE Disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\arquivos de programas\Java
c:\arquivos de programas\Java\jre6\lib\ext\QTJava.zip
c:\documents and settings\Roseli Mareti\m.tmp
c:\documents and settings\Roseli Mareti\u.txt
c:\windows\system32\Cache
c:\windows\system32\reg_200.txt
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-20 to 2011-02-20 ))))))))))))))))))))))))))))
.
2011-02-20 00:19 . 2011-02-20 00:20 -------- d-----w- C:\LinhaDefensiva
2011-02-20 00:12 . 2011-02-20 00:12 -------- d-----w- c:\arquivos de programas\Ad-Remover
2011-02-20 00:11 . 2011-02-20 00:12 -------- d-----w- C:\HostsXpert
2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Canneverbe Limited
2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited
2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\arquivos de programas\CDBurnerXP
2011-02-19 22:38 . 2009-11-12 15:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-02-19 22:26 . 2011-02-20 02:25 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Vso
2011-02-19 22:26 . 2011-02-19 22:26 47360 ----a-w- c:\windows\system32\drivers\Pcouffin.sys
2011-02-19 22:25 . 2011-02-19 22:25 -------- d-----w- c:\arquivos de programas\vso
2011-02-19 06:49 . 2011-02-19 17:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software
2011-02-19 06:49 . 2011-02-19 06:49 -------- d-----w- c:\arquivos de programas\Alwil Software
2011-02-19 05:54 . 2011-02-19 05:57 -------- d-----w- c:\arquivos de programas\WebExtractor
2011-02-19 01:53 . 2011-02-19 02:13 -------- d-----w- C:\UsbFix
2011-02-16 00:19 . 2010-10-01 23:05 162392 ----a-w- c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-02-16 00:19 . 2011-02-16 00:55 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-16 00:19 . 2011-02-16 00:55 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-16 00:17 . 2011-02-16 00:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InfoWatch
2011-02-16 00:17 . 2011-02-20 03:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2011-02-16 00:17 . 2011-02-16 00:17 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2011-02-16 00:10 . 2011-02-16 00:10 -------- d-----w- c:\arquivos de programas\Microsoft Bootvis
2011-02-16 00:00 . 2011-02-16 00:00 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Registry Mechanic
2011-02-15 23:58 . 2011-02-15 23:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2011-02-15 23:45 . 2011-02-15 23:45 -------- d-----w- C:\CARROS
2011-02-15 23:44 . 2011-02-15 23:44 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2011-02-15 23:44 . 2011-02-15 23:44 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache
2011-02-15 23:43 . 2011-02-15 23:43 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
2011-02-15 23:29 . 2011-02-15 23:31 -------- dc-h--w- c:\windows\ie8
2011-02-14 08:43 . 2011-02-14 08:43 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-13 06:05 . 2011-02-13 06:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\XoftSpySE
2011-02-13 05:52 . 2011-02-13 05:52 -------- d-----w- C:\_OTL
2011-02-13 05:41 . 2011-02-13 05:41 -------- d-----w- C:\Program Files
2011-02-12 08:41 . 2011-02-12 08:41 -------- d-----w- c:\arquivos de programas\Advanced Email Extractor PRO
2011-02-12 08:41 . 2011-02-12 08:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\TweakMarketing
2011-02-12 08:41 . 1999-06-25 12:55 149504 ----a-w- c:\windows\UNWISE.EXE
2011-02-12 08:39 . 2011-02-12 08:39 -------- d-----w- C:\extractor
2011-02-12 08:38 . 2011-02-13 05:23 -------- d-----w- c:\arquivos de programas\JC-Email Segmenter Plus
2011-02-12 08:37 . 2011-02-12 08:45 -------- d-----w- c:\arquivos de programas\FindEmail
2011-02-12 08:26 . 2011-02-12 08:26 -------- d-----w- c:\arquivos de programas\Web Data Extractor 3.7
2011-02-11 10:17 . 2011-02-11 10:17 43008 ----a-w- c:\windows\system32\MSMAPI32.oca
2011-02-11 10:17 . 2011-02-11 10:17 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca
2011-02-11 10:11 . 2011-02-11 10:11 1652736 ----a-w- c:\windows\system32\mshtml.oca
2011-02-11 10:11 . 2011-02-18 00:16 29184 ----a-w- c:\windows\system32\MSINET.oca
2011-02-11 10:11 . 2011-02-18 00:16 64000 ----a-w- c:\windows\system32\ieframe.oca
2011-02-11 10:11 . 2011-02-11 10:11 135168 ----a-w- c:\windows\system32\MSCOMCT2.oca
2011-02-11 10:09 . 2011-02-11 10:09 -------- d-----w- c:\arquivos de programas\Web Publish
2011-02-11 09:19 . 2011-02-11 09:20 -------- d-----w- c:\arquivos de programas\Resource Hacker
2011-02-11 04:38 . 2011-02-11 09:42 -------- d-----w- c:\arquivos de programas\Service-Desk-Crm
2011-02-11 04:38 . 2011-02-11 04:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-02-11 04:38 . 2011-02-11 04:38 249856 ------w- c:\windows\Setup1.exe
2011-02-10 18:33 . 2011-02-13 05:35 -------- d-----w- c:\windows\system32\F6DAA0
2011-01-31 02:35 . 2011-01-31 02:36 -------- d-----w- C:\AudacityPortable
2011-01-31 02:28 . 2011-01-31 02:28 -------- d-----w- c:\arquivos de programas\AnalogX
2011-01-31 00:17 . 2011-01-31 00:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
2011-01-25 14:48 . 2011-01-25 14:48 -------- d-----w- C:\DPEC
2011-01-25 14:48 . 2011-01-25 14:48 -------- d-----w- C:\database
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-03 00:03 . 2010-12-03 00:03 796672 ----a-w- c:\windows\GPInstall.exe
.
------- Sigcheck -------
[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2004-08-04 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\d3d9.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 23:05 129624 ----a-w- c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\shellex.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-05-02 13529088]
"nwiz"="nwiz.exe" [2008-05-02 1630208]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-05-02 86016]
"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704]
"Lexmark X1100 Series"="c:\arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
"AdobeCS5ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-11-1 331776]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-11-26 04:38 500208 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2004-08-04 03:45 159744 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 03:45 1667584 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 13:17 421888 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 15:37 517096 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8789:TCP"= 8789:TCP:jjmeu
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [14/12/2009 11:44 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 19:18 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [14/12/2009 11:44 39352]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19/12/2008 14:07 141312]
R2 CSObjectsSrv;CryptoStorage control service;c:\arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 16:34 743992]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/9/2009 12:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 17:39 19472]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5/10/2010 22:08 279680]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [13/10/2010 14:25 136176]
S3 ivuozfi;ivuozfi;\??\c:\windows\system32\08.tmp --> c:\windows\system32\08.tmp [?]
S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 12:37 517096]
S3 tvsnaeniw;tvsnaeniw;\??\c:\windows\system32\055.tmp --> c:\windows\system32\055.tmp [?]
S3 zruasdppp;zruasdppp;\??\c:\windows\system32\09.tmp --> c:\windows\system32\09.tmp [?]
S4 MySQL51;MySQL51;"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini" MySQL51 --> c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
2011-02-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-ESCRITORIO-Roseli Mareti.job
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-13 17:24]
.
.------- Scan Suplementar -------
.
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 109.123.70.47:80
IE: Adicionar ao Antibanner - c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: Advanced Email Extractor - c:\arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scan link with AEE - c:\arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
FF - ProfilePath - c:\documents and settings\Roseli Mareti\Dados de aplicativos\Mozilla\Firefox\Profiles\x2ihzpvd.default\
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
.
MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-SunJavaUpdateSched - c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
AddRemove-Emissor de Nota Fiscal Eletronica (NF-e) - c:\windows\system32\javaws.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 00:15
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ivuozfi]
"ImagePath"="\??\c:\windows\system32\08.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51]
"ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL51"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tvsnaeniw]
"ImagePath"="\??\c:\windows\system32\055.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zruasdppp]
"ImagePath"="\??\c:\windows\system32\09.tmp"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\agrsmsvc.exe
c:\arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\nvsvc32.exe
c:\arquivos de programas\Spyware Terminator\sp_rsser.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-02-20 00:23:17 - Máquina reiniciou
ComboFix-quarantined-files.txt 2011-02-20 03:23
Pré-execução: 6.339.997.696 bytes disponíveis
Pós execução: 6.234.165.248 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
Olá!
Por favor, siga as instruções abaixo:
Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
FILE::
c:\windows\system32\055.tmp
c:\windows\system32\09.tmp
c:\windows\system32\08.tmp
REGISTRY::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8789:TCP"=-
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
-
Não use o mouse nem o teclado quando o ComboFix estiver rodando.
Abraços :D
ComboFix 11-02-19.02 - Roseli Mareti 20/02/2011 12:24:39.2.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1918.1527 [GMT -3:00]
Executando de: c:\documents and settings\Roseli Mareti\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Roseli Mareti\Desktop\CFScript.txt
AV: Kaspersky PURE Disabled/Updated {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE Disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FILE ::
"c:\windows\system32\055.tmp"
"c:\windows\system32\08.tmp"
"c:\windows\system32\09.tmp"
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASWFSBLK
-------\Legacy_ASWSP
-------\Legacy_TVSNAENIW
-------\Service_aswFsBlk
-------\Service_aswSP
-------\Service_ivuozfi
-------\Service_tvsnaeniw
-------\Service_zruasdppp
(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-20 to 2011-02-20 ))))))))))))))))))))))))))))
.
2011-02-20 00:19 . 2011-02-20 00:20 -------- d-----w- C:\LinhaDefensiva
2011-02-20 00:12 . 2011-02-20 00:12 -------- d-----w- c:\arquivos de programas\Ad-Remover
2011-02-20 00:11 . 2011-02-20 00:12 -------- d-----w- C:\HostsXpert
2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Canneverbe Limited
2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited
2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\arquivos de programas\CDBurnerXP
2011-02-19 22:38 . 2009-11-12 15:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-02-19 22:26 . 2011-02-20 06:48 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Vso
2011-02-19 22:26 . 2011-02-19 22:26 47360 ----a-w- c:\windows\system32\drivers\Pcouffin.sys
2011-02-19 22:25 . 2011-02-19 22:25 -------- d-----w- c:\arquivos de programas\vso
2011-02-19 06:49 . 2011-02-19 17:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software
2011-02-19 06:49 . 2011-02-19 06:49 -------- d-----w- c:\arquivos de programas\Alwil Software
2011-02-19 05:54 . 2011-02-19 05:57 -------- d-----w- c:\arquivos de programas\WebExtractor
2011-02-19 01:53 . 2011-02-19 02:13 -------- d-----w- C:\UsbFix
2011-02-16 00:19 . 2010-10-01 23:05 162392 ----a-w- c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-02-16 00:19 . 2011-02-16 00:55 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-16 00:19 . 2011-02-16 00:55 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-16 00:17 . 2011-02-16 00:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InfoWatch
2011-02-16 00:17 . 2011-02-20 15:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2011-02-16 00:17 . 2011-02-16 00:17 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2011-02-16 00:10 . 2011-02-16 00:10 -------- d-----w- c:\arquivos de programas\Microsoft Bootvis
2011-02-16 00:00 . 2011-02-16 00:00 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Registry Mechanic
2011-02-15 23:58 . 2011-02-15 23:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2011-02-15 23:45 . 2011-02-15 23:45 -------- d-----w- C:\CARROS
2011-02-15 23:44 . 2011-02-15 23:44 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2011-02-15 23:44 . 2011-02-15 23:44 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache
2011-02-15 23:43 . 2011-02-15 23:43 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
2011-02-15 23:29 . 2011-02-15 23:31 -------- dc-h--w- c:\windows\ie8
2011-02-14 08:43 . 2011-02-14 08:43 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-13 06:05 . 2011-02-13 06:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\XoftSpySE
2011-02-13 05:52 . 2011-02-13 05:52 -------- d-----w- C:\_OTL
2011-02-13 05:41 . 2011-02-13 05:41 -------- d-----w- C:\Program Files
2011-02-12 08:41 . 2011-02-12 08:41 -------- d-----w- c:\arquivos de programas\Advanced Email Extractor PRO
2011-02-12 08:41 . 2011-02-12 08:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\TweakMarketing
2011-02-12 08:41 . 1999-06-25 12:55 149504 ----a-w- c:\windows\UNWISE.EXE
2011-02-12 08:39 . 2011-02-12 08:39 -------- d-----w- C:\extractor
2011-02-12 08:38 . 2011-02-13 05:23 -------- d-----w- c:\arquivos de programas\JC-Email Segmenter Plus
2011-02-12 08:37 . 2011-02-12 08:45 -------- d-----w- c:\arquivos de programas\FindEmail
2011-02-12 08:26 . 2011-02-12 08:26 -------- d-----w- c:\arquivos de programas\Web Data Extractor 3.7
2011-02-11 10:17 . 2011-02-11 10:17 43008 ----a-w- c:\windows\system32\MSMAPI32.oca
2011-02-11 10:17 . 2011-02-11 10:17 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca
2011-02-11 10:11 . 2011-02-11 10:11 1652736 ----a-w- c:\windows\system32\mshtml.oca
2011-02-11 10:11 . 2011-02-18 00:16 29184 ----a-w- c:\windows\system32\MSINET.oca
2011-02-11 10:11 . 2011-02-18 00:16 64000 ----a-w- c:\windows\system32\ieframe.oca
2011-02-11 10:11 . 2011-02-11 10:11 135168 ----a-w- c:\windows\system32\MSCOMCT2.oca
2011-02-11 10:09 . 2011-02-11 10:09 -------- d-----w- c:\arquivos de programas\Web Publish
2011-02-11 09:19 . 2011-02-11 09:20 -------- d-----w- c:\arquivos de programas\Resource Hacker
2011-02-11 04:38 . 2011-02-11 09:42 -------- d-----w- c:\arquivos de programas\Service-Desk-Crm
2011-02-11 04:38 . 2011-02-11 04:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-02-11 04:38 . 2011-02-11 04:38 249856 ------w- c:\windows\Setup1.exe
2011-02-10 18:33 . 2011-02-13 05:35 -------- d-----w- c:\windows\system32\F6DAA0
2011-01-31 02:35 . 2011-01-31 02:36 -------- d-----w- C:\AudacityPortable
2011-01-31 02:28 . 2011-01-31 02:28 -------- d-----w- c:\arquivos de programas\AnalogX
2011-01-31 00:17 . 2011-01-31 00:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
2011-01-25 14:48 . 2011-01-25 14:48 -------- d-----w- C:\DPEC
2011-01-25 14:48 . 2011-01-25 14:48 -------- d-----w- C:\database
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-03 00:03 . 2010-12-03 00:03 796672 ----a-w- c:\windows\GPInstall.exe
.
------- Sigcheck -------
[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2004-08-04 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\d3d9.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 23:05 129624 ----a-w- c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\shellex.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-05-02 13529088]
"nwiz"="nwiz.exe" [2008-05-02 1630208]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-05-02 86016]
"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704]
"Lexmark X1100 Series"="c:\arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
"AdobeCS5ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-11-1 331776]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-11-26 04:38 500208 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2004-08-04 03:45 159744 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 03:45 1667584 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 13:17 421888 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 15:37 517096 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [14/12/2009 11:44 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 19:18 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [14/12/2009 11:44 39352]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19/12/2008 14:07 141312]
R2 CSObjectsSrv;CryptoStorage control service;c:\arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 16:34 743992]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/9/2009 12:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 17:39 19472]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5/10/2010 22:08 279680]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [13/10/2010 14:25 136176]
S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 12:37 517096]
S4 MySQL51;MySQL51;"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini" MySQL51 --> c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
2011-02-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-ESCRITORIO-Roseli Mareti.job
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-13 17:24]
.
.------- Scan Suplementar -------
.
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 109.123.70.47:80
IE: Adicionar ao Antibanner - c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: Advanced Email Extractor - c:\arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scan link with AEE - c:\arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
FF - ProfilePath - c:\documents and settings\Roseli Mareti\Dados de aplicativos\Mozilla\Firefox\Profiles\x2ihzpvd.default\
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 12:35
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51]
"ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL51"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\agrsmsvc.exe
c:\arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\nvsvc32.exe
c:\arquivos de programas\Spyware Terminator\sp_rsser.exe
c:\windows\system32\RUNDLL32.EXE
c:\arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2011-02-20 12:40:05 - Máquina reiniciou
ComboFix-quarantined-files.txt 2011-02-20 15:40
ComboFix2.txt 2011-02-20 03:23
Pré-execução: 5.832.167.424 bytes disponíveis
Pós execução: 6.197.534.720 bytes disponíveis
Olá!
Por favor, siga as instruções abaixo:
Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
DirLook::
c:\windows\system32\F6DAA0
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
-
Não use o mouse nem o teclado quando o ComboFix estiver rodando.
Abraços :D
Fala ae...cara...obrigado mesmo pela grande ajuda que você ta me dando...segue próximo log:
ComboFix 11-02-19.02 - Roseli Mareti 20/02/2011 14:54:16.3.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1918.1514 [GMT -3:00]
Executando de: c:\documents and settings\Roseli Mareti\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Roseli Mareti\Desktop\CFScript.txt
AV: Kaspersky PURE Disabled/Updated {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE Disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FILE ::
"c:\windows\Setup1.exe"
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Setup1.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-20 to 2011-02-20 ))))))))))))))))))))))))))))
.
2011-02-20 00:19 . 2011-02-20 00:20 -------- d-----w- C:\LinhaDefensiva
2011-02-20 00:12 . 2011-02-20 00:12 -------- d-----w- c:\arquivos de programas\Ad-Remover
2011-02-20 00:11 . 2011-02-20 00:12 -------- d-----w- C:\HostsXpert
2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Canneverbe Limited
2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited
2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\arquivos de programas\CDBurnerXP
2011-02-19 22:38 . 2009-11-12 15:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-02-19 22:26 . 2011-02-20 06:48 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Vso
2011-02-19 22:26 . 2011-02-19 22:26 47360 ----a-w- c:\windows\system32\drivers\Pcouffin.sys
2011-02-19 22:25 . 2011-02-19 22:25 -------- d-----w- c:\arquivos de programas\vso
2011-02-19 06:49 . 2011-02-19 17:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software
2011-02-19 06:49 . 2011-02-19 06:49 -------- d-----w- c:\arquivos de programas\Alwil Software
2011-02-19 05:54 . 2011-02-19 05:57 -------- d-----w- c:\arquivos de programas\WebExtractor
2011-02-19 01:53 . 2011-02-19 02:13 -------- d-----w- C:\UsbFix
2011-02-16 00:19 . 2010-10-01 23:05 162392 ----a-w- c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-02-16 00:19 . 2011-02-16 00:55 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-16 00:19 . 2011-02-16 00:55 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-16 00:17 . 2011-02-16 00:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InfoWatch
2011-02-16 00:17 . 2011-02-20 17:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab
2011-02-16 00:17 . 2011-02-16 00:17 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2011-02-16 00:10 . 2011-02-16 00:10 -------- d-----w- c:\arquivos de programas\Microsoft Bootvis
2011-02-16 00:00 . 2011-02-16 00:00 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Registry Mechanic
2011-02-15 23:58 . 2011-02-15 23:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2011-02-15 23:45 . 2011-02-15 23:45 -------- d-----w- C:\CARROS
2011-02-15 23:44 . 2011-02-15 23:44 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2011-02-15 23:44 . 2011-02-15 23:44 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache
2011-02-15 23:43 . 2011-02-15 23:43 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
2011-02-15 23:29 . 2011-02-15 23:31 -------- dc-h--w- c:\windows\ie8
2011-02-14 08:43 . 2011-02-14 08:43 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-13 06:05 . 2011-02-13 06:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\XoftSpySE
2011-02-13 05:52 . 2011-02-13 05:52 -------- d-----w- C:\_OTL
2011-02-13 05:41 . 2011-02-13 05:41 -------- d-----w- C:\Program Files
2011-02-12 08:41 . 2011-02-12 08:41 -------- d-----w- c:\arquivos de programas\Advanced Email Extractor PRO
2011-02-12 08:41 . 2011-02-12 08:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\TweakMarketing
2011-02-12 08:41 . 1999-06-25 12:55 149504 ----a-w- c:\windows\UNWISE.EXE
2011-02-12 08:39 . 2011-02-12 08:39 -------- d-----w- C:\extractor
2011-02-12 08:38 . 2011-02-13 05:23 -------- d-----w- c:\arquivos de programas\JC-Email Segmenter Plus
2011-02-12 08:37 . 2011-02-12 08:45 -------- d-----w- c:\arquivos de programas\FindEmail
2011-02-12 08:26 . 2011-02-12 08:26 -------- d-----w- c:\arquivos de programas\Web Data Extractor 3.7
2011-02-11 10:17 . 2011-02-11 10:17 43008 ----a-w- c:\windows\system32\MSMAPI32.oca
2011-02-11 10:17 . 2011-02-11 10:17 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca
2011-02-11 10:11 . 2011-02-11 10:11 1652736 ----a-w- c:\windows\system32\mshtml.oca
2011-02-11 10:11 . 2011-02-18 00:16 29184 ----a-w- c:\windows\system32\MSINET.oca
2011-02-11 10:11 . 2011-02-18 00:16 64000 ----a-w- c:\windows\system32\ieframe.oca
2011-02-11 10:11 . 2011-02-11 10:11 135168 ----a-w- c:\windows\system32\MSCOMCT2.oca
2011-02-11 10:09 . 2011-02-11 10:09 -------- d-----w- c:\arquivos de programas\Web Publish
2011-02-11 09:19 . 2011-02-11 09:20 -------- d-----w- c:\arquivos de programas\Resource Hacker
2011-02-11 04:38 . 2011-02-11 09:42 -------- d-----w- c:\arquivos de programas\Service-Desk-Crm
2011-02-11 04:38 . 2011-02-11 04:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-02-10 18:33 . 2011-02-13 05:35 -------- d-----w- c:\windows\system32\F6DAA0
2011-01-31 02:35 . 2011-01-31 02:36 -------- d-----w- C:\AudacityPortable
2011-01-31 02:28 . 2011-01-31 02:28 -------- d-----w- c:\arquivos de programas\AnalogX
2011-01-31 00:17 . 2011-01-31 00:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype
2011-01-25 14:48 . 2011-01-25 14:48 -------- d-----w- C:\DPEC
2011-01-25 14:48 . 2011-01-25 14:48 -------- d-----w- C:\database
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-03 00:03 . 2010-12-03 00:03 796672 ----a-w- c:\windows\GPInstall.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\F6DAA0 ----
------- Sigcheck -------
[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2004-08-04 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\d3d9.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 23:05 129624 ----a-w- c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\shellex.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-05-02 13529088]
"nwiz"="nwiz.exe" [2008-05-02 1630208]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-05-02 86016]
"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704]
"Lexmark X1100 Series"="c:\arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
"AdobeCS5ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-11-1 331776]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-11-26 04:38 500208 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2004-08-04 03:45 159744 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 03:45 1667584 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 13:17 421888 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 15:37 517096 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [14/12/2009 11:44 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 19:18 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [14/12/2009 11:44 39352]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19/12/2008 14:07 141312]
R2 CSObjectsSrv;CryptoStorage control service;c:\arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 16:34 743992]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/9/2009 12:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 17:39 19472]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5/10/2010 22:08 279680]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [13/10/2010 14:25 136176]
S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 12:37 517096]
S4 MySQL51;MySQL51;"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini" MySQL51 --> c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld [?]
.
Conteúdo da pasta 'Tarefas Agendadas'
2011-02-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-ESCRITORIO-Roseli Mareti.job
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-13 17:24]
.
.------- Scan Suplementar -------
.
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 109.123.70.47:80
IE: Advanced Email Extractor - c:\arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scan link with AEE - c:\arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
FF - ProfilePath - c:\documents and settings\Roseli Mareti\Dados de aplicativos\Mozilla\Firefox\Profiles\x2ihzpvd.default\
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 15:02
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51]
"ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL51"
.
Tempo para conclusão: 2011-02-20 15:03:44
ComboFix-quarantined-files.txt 2011-02-20 18:03
ComboFix2.txt 2011-02-20 15:40
ComboFix3.txt 2011-02-20 03:23
Pré-execução: 6.197.440.512 bytes disponíveis
Pós execução: 6.185.644.032 bytes disponíveis
Olá!
Por favor, poste um novo log do DDS.
Abraços :D
Novos Logs:
DDS.txt
>
DDS (Ver_10-12-12.02) - NTFSx86
Run by Roseli Mareti at 21:09:34,16 on qua 23/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1918.1166 [GMT -3:00]
AV: AntiVir Desktop Enabled/Updated {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Kaspersky PURE Enabled/Updated {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE Enabled
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Roseli Mareti\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://br.ask.com?o=14784&l=dis
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 109.123.70.47:80
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll
uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HDAudDeck] c:\arquivos de programas\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Lexmark X1100 Series] "c:\arquivos de programas\lexmark x1100 series\lxbkbmgr.exe"
mRun: [AVP] "c:\arquivos de programas\kaspersky lab\kaspersky pure\avp.exe"
mRun: [AdobeCS5ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS4ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"
mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: Adicionar ao Antibanner - c:\arquivos de programas\kaspersky lab\kaspersky pure\ie_banner_deny.htm
IE: Advanced Email Extractor - c:\arquivos%20de%20programas\advanced%20email%20extractor%20pro\AeePMsie.dll/page.html
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000
IE: Scan link with AEE - c:\arquivos%20de%20programas\advanced%20email%20extractor%20pro\AeePMsie.dll/link.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286333767890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\roseli~1\dadosd~1\mozilla\firefox\profiles\x2ihzpvd.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://google.com.br
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=pt_BR&apn_uid=F20460D3-0933-4294-BB15-6F14E810F0C2&apn_ptnrs=VY&apn_sauid=C55E6A59-040F-42C6-B5BB-3E4D96D02A82&apn_dtid=YYYYYYYYBR&q=
FF - prefs.js: network.proxy.type - 1
FF - component: c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\arquivos de programas\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\documents and settings\all users\dados de aplicativos\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: VDownloader Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ff
============= SERVICES / DRIVERS ===============
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2009-12-14 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2011-2-23 11608]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2009-12-14 39352]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-2-15 315408]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-19 141312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2011-2-23 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2011-2-23 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-23 61960]
R2 AVP;Kaspersky PURE;c:\arquivos de programas\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]
R2 CSObjectsSrv;CryptoStorage control service;c:\arquivos de programas\arquivos comuns\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-5 279680]
S2 avast! Antivirus;avast! Antivirus;"c:\arquivos de programas\alwil software\avast5\avastsvc.exe" --> c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-10-13 136176]
S3 hjdjcob;hjdjcob;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\arquivos comuns\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MySQL51;MySQL51;"c:\arquivos de programas\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\arquivos de programas\mysql\mysql server 5.1\my.ini" mysql51 --> c:\arquivos de programas\mysql\mysql server 5.1\bin\mysqld [?]
=============== Created Last 30 ================
2011-02-23 19:30:12 -------- d-----w- c:\docume~1\roseli~1\dadosd~1\Avira
2011-02-23 19:21:29 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-23 19:21:28 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Avira
2011-02-23 19:21:28 -------- d-----w- c:\arquivos de programas\Avira
2011-02-23 19:12:22 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\MFAData
2011-02-23 04:01:12 -------- d-----w- C:\tmp_linkws
2011-02-23 03:21:51 -------- d-----w- c:\arquivos de programas\Carteiro
2011-02-22 12:13:39 -------- d-----w- c:\docume~1\roseli~1\config~1\dadosd~1\AskToolbar
2011-02-21 21:03:20 -------- d-----w- C:\1e15d7ed405a51104c55f3f68760b0
2011-02-21 20:52:27 -------- d-----w- C:\df0c51e09805af38960371adb036eaf8
2011-02-21 20:51:08 -------- d-----w- c:\arquivos de programas\Ask.com
2011-02-21 20:50:49 -------- d-----w- c:\arquivos de programas\WinPcap
2011-02-21 20:50:46 444283 ----a-w- c:\arquivos de programas\arquivos comuns\WinPcapNmap.exe
2011-02-21 20:50:46 3056008 ----a-w- c:\arquivos de programas\arquivos comuns\AskToolbarInstaller.exe
2011-02-21 20:50:46 -------- d-----w- C:\ProgramData
2011-02-21 20:50:43 -------- d-----w- c:\arquivos de programas\VDownloader
2011-02-21 20:48:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-20 02:55:18 -------- d-sha-r- C:\cmdcons
2011-02-20 02:28:38 98816 ----a-w- c:\windows\sed.exe
2011-02-20 02:28:38 89088 ----a-w- c:\windows\MBR.exe
2011-02-20 02:28:38 256512 ----a-w- c:\windows\PEV.exe
2011-02-20 02:28:38 161792 ----a-w- c:\windows\SWREG.exe
2011-02-20 00:19:13 -------- d-----w- C:\LinhaDefensiva
2011-02-20 00:12:54 -------- d-----w- c:\arquivos de programas\Ad-Remover
2011-02-20 00:11:12 -------- d-----w- C:\HostsXpert
2011-02-19 22:38:21 -------- d-----w- c:\docume~1\roseli~1\dadosd~1\Canneverbe Limited
2011-02-19 22:38:21 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Canneverbe Limited
2011-02-19 22:38:11 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-02-19 22:26:02 47360 ----a-w- c:\windows\system32\drivers\Pcouffin.sys
2011-02-19 22:25:57 -------- d-----w- c:\arquivos de programas\vso
2011-02-19 06:49:22 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Alwil Software
2011-02-19 05:54:19 -------- d-----w- c:\arquivos de programas\WebExtractor
2011-02-19 01:53:28 -------- d-----w- C:\UsbFix
2011-02-19 01:52:59 1220299 ----a-w- C:\UsbFix.exe
2011-02-16 00:19:31 162392 ----a-w- c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-02-16 00:19:14 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-02-16 00:19:14 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2011-02-16 00:17:07 -------- d-----w- c:\arquivos de programas\arquivos comuns\InfoWatch
2011-02-16 00:17:04 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab
2011-02-16 00:17:04 -------- d-----w- c:\arquivos de programas\Kaspersky Lab
2011-02-16 00:10:42 -------- d-----w- c:\arquivos de programas\Microsoft Bootvis
2011-02-16 00:00:46 -------- d-----w- c:\docume~1\roseli~1\dadosd~1\Registry Mechanic
2011-02-15 23:58:23 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files
2011-02-15 23:45:57 -------- d-----w- C:\CARROS
2011-02-15 23:29:26 -------- dc-h--w- c:\windows\ie8
2011-02-14 08:43:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-14 08:43:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-13 06:05:49 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\XoftSpySE
2011-02-13 05:52:56 -------- d-----w- C:\_OTL
2011-02-13 05:41:36 -------- d-----w- C:\Program Files
2011-02-12 08:41:46 149504 ----a-w- c:\windows\UNWISE.EXE
2011-02-12 08:41:46 -------- d-----w- c:\arquivos de programas\arquivos comuns\TweakMarketing
2011-02-12 08:41:46 -------- d-----w- c:\arquivos de programas\Advanced Email Extractor PRO
2011-02-12 08:39:03 -------- d-----w- C:\extractor
2011-02-12 08:38:42 -------- d-----w- c:\arquivos de programas\JC-Email Segmenter Plus
2011-02-12 08:37:25 -------- d-----w- c:\arquivos de programas\FindEmail
2011-02-12 08:26:26 -------- d-----w- c:\arquivos de programas\Web Data Extractor 3.7
2011-02-11 10:17:38 43008 ----a-w- c:\windows\system32\MSMAPI32.oca
2011-02-11 10:17:38 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca
2011-02-11 10:11:24 1652736 ----a-w- c:\windows\system32\mshtml.oca
2011-02-11 10:11:22 64000 ----a-w- c:\windows\system32\ieframe.oca
2011-02-11 10:11:22 29184 ----a-w- c:\windows\system32\MSINET.oca
2011-02-11 10:11:22 135168 ----a-w- c:\windows\system32\MSCOMCT2.oca
2011-02-11 10:09:57 -------- d-----w- c:\arquivos de programas\Web Publish
2011-02-11 09:19:53 -------- d-----w- c:\arquivos de programas\Resource Hacker
2011-02-11 04:38:45 -------- d-----w- c:\arquivos de programas\Service-Desk-Crm
2011-02-11 04:38:41 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-02-10 18:33:09 -------- d-----w- c:\windows\system32\F6DAA0
2011-01-31 02:35:48 -------- d-----w- C:\AudacityPortable
2011-01-31 02:28:17 -------- d-----w- c:\arquivos de programas\AnalogX
2011-01-25 14:48:49 -------- d-----w- C:\DPEC
2011-01-25 14:48:33 -------- d-----w- C:\database
==================== Find3M ====================
2011-02-21 20:48:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-03 00:03:25 796672 ----a-w- c:\windows\GPInstall.exe
============= FINISH: 21:10:45,73 ===============
Attach.txt:
>
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/10/2010 20:44:03
System Uptime: 23/2/2011 20:31:25 (1 hours ago)
Motherboard: FOXCONN | | M61PMV
Processor: AMD Athlon 7750 Dual-Core Processor | AMD Athlon 7750 Dual-Core Processor | 2712/200mhz
Processor: AMD Athlon 7750 Dual-Core Processor | AMD Athlon 7750 Dual-Core Processor | 2712/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 0,602 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
7-Zip 4.57
Ad-Remover By C_XX
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Advanced Archive Password Recovery
Advanced Email Extractor PRO
Agere Systems PCI Soft Modem
AnalogX Vocal Remover
Apple Application Support
Apple Software Update
Arquivo do WinRAR
Ask Toolbar
Assistente de Conexão do Windows Live
µTorrent
avast! Free Antivirus
Avira AntiVir Personal - Free Antivirus
C-Media WDM Audio Driver
Carteiro
CCleaner
CDBurnerXP
Cheat Engine 5.5
Cheat Engine 5.6.1
Compatibility Pack for the 2007 Office system
Connect
ConvertXtoDVD 2.0.12
Ferramenta de Carregamento do Windows Live
FindEmail 2.2.8
Foxit Reader
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
Java Auto Updater
Java 6 Update 24
JC-Email Segmenter Plus
K-Lite Mega Codec Pack 4.2.5
Kaspersky PURE
kuler
Lexmark X1100 Series
Microsoft .NET Framework 2.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Bootvis
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edição 2003
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.13)
MSVCRT
MySQL Server 5.1
NVIDIA Drivers
PDF Settings CS5
Photoshop Camera Raw
Platform
QuickTime
Real Alternative 1.9.0
Resource Hacker Version 3.5.2
Segoe UI
SiS VGA Utilities
SiSAGP driver
Skype™ 5.1
Spyware Terminator
Suite Shared Configuration CS4
UltraISO Premium V8.63
UsbFix By El Desaparecido & C_XX
VDownloader 3.0.752
VIA Gerenciador de dispositivo de plataforma
VobSub v2.23 (Remove Only)
Web Data Extractor 3.7
Web Data Extractor 8.1
WebFldrs XP
WinAVI Video Converter
WinAVI Video Converter 9.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Player Firefox Plugin
Windows XP Service Pack 2
WinPcap 4.1.1
XP Codec Pack
==== End Of File ===========================
Só pra constar, entre ontem e hoje deu uma piorada o pc...ele desinstala a placa de rede e de som do nada...ai tem que restaurar o sistema...
Olá!
Por favor, quantos anti-vírus você tem instalado?
Você restaurou seu sistema? Usou algum pen-drive, HD Externo ou DVD que não usou enquanto estivemos no processo de remoção?
<< 1 >>
Siga as instruções do tutorial abaixo e execute o Ad-Remover. Utilize a opção CLEAN. Poste o log gerado.
<< 2 >>
Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
FILE::
c:\windows\system32\03.tmp
-
Não use o mouse nem o teclado quando o ComboFix estiver rodando.
Abraços :D
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Olá!
Seja bem vindo à seção de Remoção de Malwares do Imasters Fórums!
Por favor, siga as instruções abaixo:
Faça o Download do DDS e salve no Desktop (Área de trabalho).
OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.
Abraços :D