Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Meu pc ta lento e estou com 3 Hd's e queria fazer uma "limpa"
Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:14:16, on 29/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\borland\interbase\bin\ibguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe
c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Arquivos de programas\borland\interbase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
c:\Arquivos de programas\Corel\CorelDRAW Graphics Suite X4\PROGRAMS\CORELDRW.EXE
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wp.setingsys.com:8083/connect.dat
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: MailList Controller - Arclab Software Technologies - c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
O23 - Service: Gbp Service (s) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\iS3\Anti-Spyware\SZServer.exe (file missing)
--
End of file - 10456 bytes
>
Olá!
Seja bem vindo à seção de Remoção de Malwares do IMasters Fórums!
Por favor, siga as instruções abaixo:
Faça o Download do DDS e salve no Desktop (Área de trabalho).
OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.
Abraços :D
DDS
DDS (Ver_10-11-10.01) - NTFSx86
Run by Administrador at 11:00:56,84 on seg 02/05/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.49 [GMT -3:00]
AV: avast! Antivirus On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\borland\interbase\bin\ibguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe
c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Arquivos de programas\borland\interbase\bin\ibserver.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
c:\Arquivos de programas\Corel\CorelDRAW Graphics Suite X4\PROGRAMS\CORELDRW.EXE
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrador\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearchAssistant = hxxp://www.google.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\arquivos de programas\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\arquivos de programas\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\arquivos de programas\alwil software\avast5\aswWebRepIE.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\arquivos de programas\alwil software\avast5\aswWebRepIE.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\administrador\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c
mRun: [soundMan] SOUNDMAN.EXE
mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe
mRun: [avast5] "c:\arquivos de programas\alwil software\avast5\avastUI.exe" /nogui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\arquiv~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\arquiv~1\mi3aa1~1\INetRepl.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll
Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\wjav1kz9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br
FF - prefs.js: network.proxy.type - 2
FF - component: c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\arquivos de programas\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\browserplusplugins\054b6841520a59bc7df387c379b16986\npybrowserplus_2.9.8.dll
FF - plugin: c:\documents and settings\administrador\dados de aplicativos\mozilla\plugins\npPxPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 39484862;39484862 Boot Guard Driver;c:\windows\system32\drivers\39484862.sys [2011-4-5 37392]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-8-20 45472]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]
R1 39484861;39484861;c:\windows\system32\drivers\39484861.sys [2011-4-5 128016]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-4 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-20 301528]
R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;c:\windows\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [2010-5-16 3584]
R1 fox.cmddrv;fox.cmddrv;c:\windows\system32\drivers\3948486.sys [2011-4-5 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-20 19544]
S3 cpuz129;cpuz129;\??\c:\docume~1\admini~1\config~1\temp\cpuz_x32.sys --> c:\docume~1\admini~1\config~1\temp\cpuz_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-4-8 23456]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\admini~1\config~1\temp\000000fd.nmc\nse\bin\ndiskio.sys --> c:\docume~1\admini~1\config~1\temp\000000fd.nmc\nse\bin\ndiskio.sys [?]
=============== Created Last 30 ================
2011-04-29 14:15:28 -------- d-----w- C:\DriveKey
2011-04-19 17:07:28 -------- d-sh--w- c:\documents and settings\administrador\UserData
2011-04-08 19:44:56 -------- d-----w- c:\docume~1\admini~1\dadosd~1\D-Book
2011-04-08 19:42:23 -------- d-----w- c:\arquivos de programas\Digipix D-Book
2011-04-08 12:20:54 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-04-08 12:20:54 -------- d-----w- c:\docume~1\admini~1\config~1\dadosd~1\eSupport.com
2011-04-08 12:10:45 -------- d-----w- c:\arquivos de programas\FinalWire
2011-04-05 13:46:06 37392 ----a-w- c:\windows\system32\drivers\39484862.sys
2011-04-05 13:46:06 315408 ----a-w- c:\windows\system32\drivers\3948486.sys
2011-04-05 13:46:06 128016 ----a-w- c:\windows\system32\drivers\39484861.sys
2011-04-04 11:51:29 -------- d-s---w- C:\ComboFix
==================== Find3M ====================
2011-05-02 12:19:15 2620 --sha-w- c:\docume~1\alluse~1\dadosd~1\KGyGaAvL.sys
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-03 00:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 22:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2004-10-01 18:00:16 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe
============= FINISH: 11:03:54,81 ===============
____________________
Attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/5/2008 14:38:21
System Uptime: 5/2/2011 08:08:40 (2067 hours ago)
Motherboard: | | K8M800-M2
Processor: AMD Sempron Processor 2600+ | Socket 940 | 1599/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 8,515 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 90,71 GiB free.
G: is FIXED (NTFS) - 128 GiB total, 50,671 GiB free.
H: is FIXED (NTFS) - 105 GiB total, 8,923 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N95 8GB
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95 8GB
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Community Help
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS2
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PageMaker 7.0
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Reader 8.1.4 - Português
Adobe Setup
Adobe SING CS3
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
ADPHONE3
Advanced SystemCare 3
AIDA64 Extreme Edition v1.60
AiO_Scan
Any Video Converter 3.0.7
Apple Application Support
Apple Software Update
Ares 2.1.6
Arquivo do WinRAR
Assistente de Conexão do Windows Live
Atualização de Segurança para o Windows Media Player (KB952069)
Atualização de Segurança para o Windows Media Player (KB973540)
Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)
Atualização de Segurança para Windows Internet Explorer 7 (KB961260)
Atualização de Segurança para Windows Internet Explorer 7 (KB963027)
Atualização de Segurança para Windows Internet Explorer 7 (KB969897)
Atualização de Segurança para Windows Internet Explorer 7 (KB972260)
Atualização de Segurança para Windows XP (KB923561)
Atualização de Segurança para Windows XP (KB938464-v2)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB946648)
Atualização de Segurança para Windows XP (KB950760)
Atualização de Segurança para Windows XP (KB950762)
Atualização de Segurança para Windows XP (KB950974)
Atualização de Segurança para Windows XP (KB951066)
Atualização de Segurança para Windows XP (KB951376-v2)
Atualização de Segurança para Windows XP (KB951698)
Atualização de Segurança para Windows XP (KB951748)
Atualização de Segurança para Windows XP (KB952004)
Atualização de Segurança para Windows XP (KB952954)
Atualização de Segurança para Windows XP (KB954600)
Atualização de Segurança para Windows XP (KB955069)
Atualização de Segurança para Windows XP (KB956572)
Atualização de Segurança para Windows XP (KB956802)
Atualização de Segurança para Windows XP (KB956803)
Atualização de Segurança para Windows XP (KB956841)
Atualização de Segurança para Windows XP (KB957097)
Atualização de Segurança para Windows XP (KB958644)
Atualização de Segurança para Windows XP (KB958687)
Atualização de Segurança para Windows XP (KB958690)
Atualização de Segurança para Windows XP (KB959426)
Atualização de Segurança para Windows XP (KB960225)
Atualização de Segurança para Windows XP (KB960715)
Atualização de Segurança para Windows XP (KB960803)
Atualização de Segurança para Windows XP (KB960859)
Atualização de Segurança para Windows XP (KB961371)
Atualização de Segurança para Windows XP (KB961373)
Atualização de Segurança para Windows XP (KB961501)
Atualização de Segurança para Windows XP (KB968537)
Atualização de Segurança para Windows XP (KB969898)
Atualização de Segurança para Windows XP (KB970238)
Atualização de Segurança para Windows XP (KB971557)
Atualização de Segurança para Windows XP (KB971633)
Atualização de Segurança para Windows XP (KB971657)
Atualização de Segurança para Windows XP (KB973346)
Atualização de Segurança para Windows XP (KB973354)
Atualização de Segurança para Windows XP (KB973507)
Atualização de Segurança para Windows XP (KB973869)
Atualização para Windows Internet Explorer 7 (KB947518)
Atualização para Windows XP (KB955839)
Atualização para Windows XP (KB967715)
Atualização para Windows XP (KB968389)
Atualização para Windows XP (KB973815)
aTube Catcher
Auslogics Duplicate File Finder
avast! Free Antivirus
BufferChm
Caricature Studio Green 3.6
CCleaner
CoffeeCup Photo Gallery
ConvertXtoDVD 4.0.9.322
CoolSMS 2.06 beta
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
CustomerResearchQFolder
CuteFTP 8 Professional
D-Book 5.5.1
DAEMON Tools Toolbar
DeviceDiscovery
DeviceManagementQFolder
Dg Foto Art Gold Trial(Portuguese)
dj_sf_software
dj_sf_software_req
DM3 Contas a Pagar & Receber for Windows
DM3 Relatórios 6.2
Document2PDF Pilot 2.16.100 Trial
Document2PDF Sample 1.0
DriverAgent by eSupport.com
DVD Shrink 3.2
DVD Solution
EAX Unified
eMule
eSupportQFolder
Extensis Mask Pro 3.0
FastDictionary 2007
Ferramenta de Carregamento do Windows Live
Flash Slideshow Maker Pro 5.00
FormatFactory 2.20
GameSpy Comrade
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Guia do Dispositivo do MOTO Q gsm
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix para Windows XP (KB943232-v2)
Hotfix para Windows XP (KB952287)
Hotfix para Windows XP (KB961118)
HP Customer Participation Program 9.0
HP Deskjet Printer Driver Software 9.0
HP Image Zone 4.2
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP PSC & OfficeJet 4.2
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HP USB Disk Storage Format Tool
HPProductAssistant
HPSSupply
Instalação das DLLs no Windows
Ipswitch WS_FTP 12
Java 2 Runtime Environment, SE v1.4.2_13
Java Auto Updater
Java 6 Update 24
Java 6 Update 6Macromedia Dreamweaver MX
Macromedia Extension Manager
Magic ISO Maker v5.4 (build 0256)
MailList Controller 7.2 R3 Free
Malwarebytes' Anti-Malware
MarketResearch
Megaupload Downloader
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 4.0 (x86 pt-BR)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Multimedia Launcher
NEF Codec
Nero 7 Essentials
neroxml
NETEagle
NOD32 FiX v2.1
Nokia Connectivity Cable Driver
NVIDIA PhysX v8.07.11
Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
PanoStandAlone
PC Connectivity Solution
PDF Settings
Photodex Presenter
PIXresizer
ProShow Gold
PSSWCORE
QFolder
QuickTime
Realtek AC'97 Audio
RegCure 1.5.1.3
Revo Uninstaller 1.90
RichFLV
Samsung SCX-4200 Series
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)Segoe UI
Shine Video To Audio Converter 3.00
Significado do seu nome
SmarThru 4
SmartSound Quicktracks Plugin
SolutionCenter
Sony DVD Architect 3.0c
Spybot - Search & Destroy
Status
SWF Opener
The Sims 2
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2522999)UsbFix By TeamXscript
você 9.0 Runtime
VideoToolkit01
Virtual Dj Studio 5.3
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
VisualLightBox
Vivo 3G
Warmonger
WebFldrs XP
WebReg
WinAVI Video Converter
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows XP Service Pack 3
Yahoo! BrowserPlus 2.9.8
==== End Of File ===========================
Olá!
Por favor, siga as instruções abaixo:
Por favor, siga o tutorial no link abaixo:
#### Como usar o ComboFix ####
Sugiro que imprima as instruções abaixo pois não poderá lê-las enquanto utiliza a ferramenta.
>
NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
-
De forma alguma saia do ComboFix usando o "X" do programa. Caso queira sair, tecle "N".
Abraços :D
ComboFix 11-05-04.04 - Administrador 09/05/2011 9:44:57.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.245 [GMT -3:00]
Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe
AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D}
ADS - drivers: deleted 216 bytes in 2 streams.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Administrador\WINDOWS
F:\install.exe
(((((((((((((((( Arquivos/Ficheiros criados de 2011-04-09 to 2011-05-09 ))))))))))))))))))))))))))))
2011-05-09 12:38:42 . 2011-05-09 12:38:42 12568 ----a-w- C:\WINDOWS\system32\drivers\PROCEXP113.SYS
2011-04-29 14:15:28 . 2011-04-29 14:15:28 -------- d-----w- C:\DriveKey
2011-04-19 17:07:28 . 2011-04-19 17:07:29 -------- d-sh--w- C:\Documents and Settings\Administrador\UserData
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-05-06 19:31:58 . 2008-12-05 18:44:33 2620 --sha-w- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys
2011-04-08 12:20:54 . 2011-04-08 12:20:54 23456 ----a-w- C:\WINDOWS\system32\drivers\DrvAgent32.sys
2011-03-09 20:30:59 . 2011-03-09 20:30:59 1049907 ----a-w- C:\UsbFix_Upload_Me_WEB.zip
2011-02-23 15:04:21 . 2010-10-20 19:20:04 40648 ----a-w- C:\WINDOWS\avastSS.scr
2011-02-23 15:04:17 . 2010-10-20 19:20:03 190016 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-02-23 14:56:55 . 2011-03-04 11:46:17 371544 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-02-23 14:56:45 . 2010-10-20 19:22:47 301528 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-02-23 14:55:49 . 2010-10-20 19:22:38 49240 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-02-23 14:55:47 . 2010-10-20 19:22:21 102232 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-02-23 14:55:44 . 2010-10-20 19:22:19 96344 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-02-23 14:55:10 . 2010-10-20 19:22:44 25432 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-02-23 14:54:57 . 2010-10-20 19:22:15 30680 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-02-23 14:54:55 . 2010-10-20 19:22:50 19544 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2004-10-01 18:00:16 . 2010-05-13 11:18:40 40960 ----a-w- C:\Arquivos de programas\Uninstall_CDS.exe
2011-05-04 12:58:21 . 2011-03-23 13:18:30 142296 ----a-w- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04:11 122512 ----a-w- C:\Arquivos de programas\Alwil Software\Avast5\ashShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 12:21:08 153136]
"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 00:12:18 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-23 19:18:30 90112]
"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 00:34:40 49152]
"avast5"="C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2011-02-23 15:04:20 3451496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45:32 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2010-09-29 12:49:22 342304 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"=
"C:\\Arquivos de programas\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Arquivos de programas\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"C:\\Arquivos de programas\\Ares\\Ares.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\Ipswitch\\WS_FTP 12\\wsftpgui.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 39484862;39484862 Boot Guard Driver;C:\WINDOWS\system32\drivers\39484862.sys [5/4/2011 10:46:06 37392]
R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [20/8/2009 10:48:21 45472]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [18/1/2009 15:05:46 717296]
R0 szkg5;szkg;C:\WINDOWS\system32\drivers\SZKG.sys [12/5/2009 14:13:12 61328]
R1 39484861;39484861;C:\WINDOWS\system32\drivers\39484861.sys [5/4/2011 10:46:06 128016]
R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [4/3/2011 08:46:17 371544]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [20/10/2010 16:22:47 301528]
R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;C:\WINDOWS\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [16/5/2010 09:22:10 3584]
R1 fox.cmddrv;fox.cmddrv;C:\WINDOWS\system32\drivers\3948486.sys [5/4/2011 10:46:06 315408]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [20/10/2010 16:22:50 19544]
R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [20/8/2009 10:48:18 55072]
R2 MailList Controller;MailList Controller;C:\Arquivos de programas\Arclab\MailList Controller\amlcSVC.exe [11/11/2009 16:52:16 1585152]
S2 gupdate;Google Update Service (gupdate);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [30/12/2009 15:47:46 135664]
S2 s;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [20/8/2009 10:48:18 55072]
S3 cpuz129;cpuz129;\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?]
S3 DrvAgent32;DrvAgent32;C:\WINDOWS\system32\drivers\DrvAgent32.sys [8/4/2011 09:20:54 23456]
S3 gupdatem;Serviço do Google Update (gupdatem);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [30/12/2009 15:47:46 135664]
S3 NDISKIO;NDISKIO;\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\000000fd.nmc\nse\bin\ndiskio.sys --> C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\000000fd.nmc\nse\bin\ndiskio.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Conteúdo da pasta 'Tarefas Agendadas'
2011-05-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2011-05-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2011-05-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
------- Scan Suplementar -------
uSearchAssistant = hxxp://www.google.com
IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\wjav1kz9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br
FF - prefs.js: network.proxy.type - 2
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-09 10:00:20
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-1292428093-329068152-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19753715-5CA6-E81A-F585-35AE9F7B75DD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaegkndhbppjofonfa"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69,
68,6e,67,6a,00,00
"haodplmmbokgnlim"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69,
68,6e,67,6a,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
C:\Arquivos de programas\GbPlugin\gbieh.dll
Tempo para conclusão: 2011-05-09 10:06:41
ComboFix-quarantined-files.txt 2011-05-09 13:06:37
ComboFix2.txt 2010-11-22 18:38:31
Pré-execução: 8.619.012.096 bytes disponíveis
Pós execução: 8.694.054.912 bytes disponíveis
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
Olá!
Você conhece o programa abaixo ou a porta que ele utiliza?
26675:TCP = ActiveSync Service
Poste um novo log do ComboFix, seguindo as instruções dadas acima...
Abraços :D
>
Olá!
Você conhece o programa abaixo ou a porta que ele utiliza?
26675:TCP = ActiveSync Service
Poste um novo log do ComboFix, seguindo as instruções dadas acima...
Abraços :D
Acredito que seja um programa que sincroniza o pc com o celular.
Aguardando novo log...
Abraços :D
>
Aguardando novo log...
Abraços :D
Novo Log ComboFix
ComboFix 11-05-26.03 - Administrador 27/05/2011 8:51:07.10.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.272 [GMT -3:00]
Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe
AV: avast! Antivirus Disabled/Updated {7591DB91-41F0-48A3-B128-1A293FD8233D}
ADS - drivers: deleted 204 bytes in 1 streams.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-04-27 to 2011-05-27 ))))))))))))))))))))))))))))
2011-05-26 14:56:33 . 2011-05-26 14:56:33 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\RapidSMTP
2011-05-26 14:50:26 . 2011-05-26 14:50:26 -------- d-----w- C:\Arquivos de programas\RapidSMTP.com
2011-05-09 12:38:42 . 2011-05-27 11:44:02 12568 ----a-w- C:\WINDOWS\system32\drivers\PROCEXP113.SYS
2011-04-29 14:15:28 . 2011-04-29 14:15:28 -------- d-----w- C:\DriveKey
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-05-25 19:27:12 . 2008-12-05 18:44:33 2620 --sha-w- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys
2011-04-08 12:20:54 . 2011-04-08 12:20:54 23456 ----a-w- C:\WINDOWS\system32\drivers\DrvAgent32.sys
2011-03-09 20:30:59 . 2011-03-09 20:30:59 1049907 ----a-w- C:\UsbFix_Upload_Me_WEB.zip
2004-10-01 18:00:16 . 2010-05-13 11:18:40 40960 ----a-w- C:\Arquivos de programas\Uninstall_CDS.exe
2011-05-04 12:58:21 . 2011-03-23 13:18:30 142296 ----a-w- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll
((((((((((((((((((((((((((((( SnapShot@2011-05-09_13.00.36 )))))))))))))))))))))))))))))))))))))))))
+ 2011-05-27 11:31:05 . 2011-05-27 11:31:05 16384 C:\WINDOWS\Temp\Perflib_Perfdata_330.dat
+ 2011-05-26 14:50:59 . 2011-05-26 14:50:59 10134 C:\WINDOWS\Installer\{CDB4E304-3A0B-4F67-9D1D-D34E213A048B}\_798896A94D94CDF133CE85.exe
+ 2011-05-26 14:50:59 . 2011-05-26 14:50:59 10134 C:\WINDOWS\Installer\{CDB4E304-3A0B-4F67-9D1D-D34E213A048B}\_4D557618789315658FE741.exe
+ 2011-05-26 14:50:59 . 2011-05-26 14:50:59 10134 C:\WINDOWS\Installer\{CDB4E304-3A0B-4F67-9D1D-D34E213A048B}\_1A7B3518CBD5661075CF55.exe
+ 2009-11-13 10:37:27 . 2011-05-11 15:05:39 35088 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-11-13 10:37:26 . 2011-05-11 15:05:38 18704 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-13 10:37:26 . 2011-05-11 15:05:38 20240 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-05-26 14:50:59 . 2011-05-26 14:50:59 3262 C:\WINDOWS\Installer\{CDB4E304-3A0B-4F67-9D1D-D34E213A048B}\_D452B1DEBDFFDE8CEF905E.exe
+ 2011-05-26 14:50:59 . 2011-05-26 14:50:59 3262 C:\WINDOWS\Installer\{CDB4E304-3A0B-4F67-9D1D-D34E213A048B}\_2B9895E6E3BAE959A44350.exe
+ 2011-05-26 14:50:58 . 2011-05-26 14:50:58 433152 C:\WINDOWS\Installer\ba869f.msi
+ 2009-11-13 10:37:27 . 2011-05-11 15:05:38 888080 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-13 10:37:26 . 2011-05-11 15:05:38 272648 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-11-13 10:37:26 . 2011-05-11 15:05:38 922384 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-13 10:37:26 . 2011-05-11 15:05:38 845584 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-11-13 10:37:26 . 2011-05-11 15:05:38 217864 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-13 10:37:25 . 2011-05-11 15:05:38 184080 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-11-13 10:37:25 . 2011-05-11 15:05:37 159504 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-05 12:39:31 . 2011-05-23 11:27:23 2561960 C:\WINDOWS\system32\FNTCACHE.DAT
+ 2011-04-29 15:27:04 . 2011-04-29 15:27:04 4158464 C:\WINDOWS\Installer\c47a96.msp
+ 2011-04-28 08:42:32 . 2011-04-28 08:42:32 4990976 C:\WINDOWS\Installer\c47a7d.msp
+ 2009-11-13 10:37:25 . 2011-05-11 15:05:37 1172240 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-11-13 10:37:25 . 2011-05-11 15:05:37 1165584 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-04-22 22:41:34 . 2011-04-22 22:41:34 11507712 C:\WINDOWS\Installer\c47ab3.msp
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04:11 122512 ----a-w- C:\Arquivos de programas\Alwil Software\Avast5\ashShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 12:21:08 153136]
"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 00:12:18 3872080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-23 19:18:30 90112]
"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 00:34:40 49152]
"avast5"="C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2011-02-23 15:04:20 3451496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45:32 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2010-09-29 12:49:22 342304 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"=
"C:\\Arquivos de programas\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Arquivos de programas\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"C:\\Arquivos de programas\\Ares\\Ares.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\Ipswitch\\WS_FTP 12\\wsftpgui.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 39484862;39484862 Boot Guard Driver;C:\WINDOWS\system32\drivers\39484862.sys [5/4/2011 10:46:06 37392]
R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [20/8/2009 10:48:21 45472]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [18/1/2009 15:05:46 717296]
R0 szkg5;szkg;C:\WINDOWS\system32\drivers\SZKG.sys [12/5/2009 14:13:12 61328]
R1 39484861;39484861;C:\WINDOWS\system32\drivers\39484861.sys [5/4/2011 10:46:06 128016]
R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [4/3/2011 08:46:17 371544]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [20/10/2010 16:22:47 301528]
R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;C:\WINDOWS\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [16/5/2010 09:22:10 3584]
R1 fox.cmddrv;fox.cmddrv;C:\WINDOWS\system32\drivers\3948486.sys [5/4/2011 10:46:06 315408]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [20/10/2010 16:22:50 19544]
R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [20/8/2009 10:48:18 55072]
R2 MailList Controller;MailList Controller;C:\Arquivos de programas\Arclab\MailList Controller\amlcSVC.exe [11/11/2009 16:52:16 1585152]
S2 gupdate;Google Update Service (gupdate);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [30/12/2009 15:47:46 135664]
S2 s;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [20/8/2009 10:48:18 55072]
S3 cpuz129;cpuz129;\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?]
S3 DrvAgent32;DrvAgent32;C:\WINDOWS\system32\drivers\DrvAgent32.sys [8/4/2011 09:20:54 23456]
S3 gupdatem;Serviço do Google Update (gupdatem);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [30/12/2009 15:47:46 135664]
S3 NDISKIO;NDISKIO;\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\000000fd.nmc\nse\bin\ndiskio.sys --> C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\000000fd.nmc\nse\bin\ndiskio.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Conteúdo da pasta 'Tarefas Agendadas'
2011-05-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2011-05-27 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2011-05-26 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
------- Scan Suplementar -------
uSearchAssistant = hxxp://www.google.com
IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 200.204.0.10 200.204.0.138
FF - ProfilePath - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\wjav1kz9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br
FF - prefs.js: network.proxy.type - 2
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-27 09:09:16
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-1292428093-329068152-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19753715-5CA6-E81A-F585-35AE9F7B75DD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaegkndhbppjofonfa"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69,
68,6e,67,6a,00,00
"haodplmmbokgnlim"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69,
68,6e,67,6a,00,00
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
C:\Arquivos de programas\GbPlugin\gbieh.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\msi.dll
C:\Arquivos de programas\GbPlugin\gbieh.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\PortableDeviceTypes.dll
C:\WINDOWS\system32\PortableDeviceApi.dll
Tempo para conclusão: 2011-05-27 09:15:24
ComboFix-quarantined-files.txt 2011-05-27 12:15:19
ComboFix2.txt 2011-05-09 13:06:42
ComboFix3.txt 2010-11-22 18:38:31
Pré-execução: 6.038.798.336 bytes disponíveis
Pós execução: 6.093.393.920 bytes disponíveis
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
Olá!
Por favor, siga as instruções abaixo:
<< 1 >>
Siga o tutorial abaixo e execute o Kaspersky Removal Tool. Depois poste o log gerado.
Tutorial do Kaspersky Virus Removal Tool
<< 2 >>
Delete o dds do seu desktop, baixe um novo e poste um novo log.
Abraços :D
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Olá!
Seja bem vindo à seção de Remoção de Malwares do IMasters Fórums!
Por favor, siga as instruções abaixo:
Faça o Download do DDS e salve no Desktop (Área de trabalho).
OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.
Abraços :D