[Arquivado] Aqui vai um LOG do HIJACKTHIS!

Boa Tarde! LFABER

<@> Dê um duplo clique no ícone do Norton,situado ao lado do relógio.<@> Vá em Sistema,e clique em Auto-Protect.

<@> Desmarque as seguintes opções:

< 1 > Ativar Auto-Protect

< 2 > Iniciar o Auto-Protect ao iniciar o Windows

<@> Ainda em Sistema,clique em Bloqueio de scripts.

<@> Desmarque a opção:

< 1 > Ativar bloqueio de scripts

<@> Baixe: < BankerFix 3.0 >

<@> Salve-o no Disco Local-C!

<@> Desabilite,temporariamente,o seu anti-vírus.

<@> Dê um duplo-clique sobre o bankerfix.exe.

<@> Ps: Execute o bankerfix.exe,apenas uma vez!Evitando,com isso,a sobrescrição de seu relatório.

<@> A janela do BankerFix 3.0,abrir-se-á com a seguinte pergunta: "Instalar o Bankerfix 3.0?" <-- Traduzido!

<@> Clique em Sim!

<@> Uma janela informando que o BankerFix 3.0 será baixado,via internet,abrir-se-á.

<@> Clique OK. <-- Aguarde!

<@> Na próxima janela,clique em OK.

<@> O BankerFix 3.0 será iniciado!

<@> Pressione qualquer tecla,para dar continuidade ao processo. <-- Aguarde!

<@> Terminado o scan,leia a mensagem na tela e aperte Enter.

<@> Habilite o seu anti-vírus.

<@> Retorne com o relatório,do BankerFix,que estará em: C:\LinhaDefensiva\relatorio.txt <--

<@> Poste,também,HijackThis atualizado.

Abraços!

Ola', DigRam, aqui vai o Segundo Log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:59:49 PM, on 2/16/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\hphmon03.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\vVX3000.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\svchost.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\CallCentral\CallCentral.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\DrvSvc.exe

C:\WINDOWS\system32\tophps.exe

C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Antivirus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher...amp;tbid=%tb_id

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tb...0112&tmpl=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80112

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tb...0112&tmpl=1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80112

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3

O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [Logitech CallCentral] "C:\Program Files\Logitech\CallCentral\CallCentral.exe" /hide

O4 - HKLM\..\Run: [GlobalFlagimglog2] C:\WINDOWS\system32\ssmss.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [serviço de Drivers] C:\WINDOWS\system32\DrvSvc.exe

O4 - HKCU\..\Run: [internetnitro] C:\WINDOWS\system32\tophps.exe

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.systemsoap.com/ssoap/pp...stemsoappro.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 11253 bytes

Este e' um computador americano, tudo em ingl^es. Para encontrar "Sistema", fui no Painel de Controle, e entrei no System. Com rela,c~ao aos "scripts", fui em Op,c~oes da Internet= Internet Options.

Desde j'a agrade,co a aten,c~ao e ajuda!!

Abra,cos de LFABER

Boa Noite! LFABER

<!> Restou postar,o relatório do BankerFix. ( C:\LinhaDefensiva\relatorio.txt )

<!> Se voçê está com dificuldades,ao rodar a ferramenta,tentaremos outro(s) método( s ).

Abraços!

BOA NOITE Dig Ram

BankerFix 3.0 VALKYRIE - Banker Trojan Remover

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Date: 2009-02-16 - 13:49

-------------------------------------------------------

Version: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

Infected file detected: C:\WINDOWS\ponto.dll

Infected file successfully removed.

Infected file detected: C:\WINDOWS\syst.dat

Infected file successfully removed.

Infected file detected: C:\WINDOWS\SYSTEM32\dllhostc.exe

Infected file successfully removed.

Infected file detected: C:\WINDOWS\SYSTEM32\MEGATRON.ini

Infected file successfully removed.

Infected file detected: C:\WINDOWS\SYSTEM32\nvsvc33.exe

Infected file successfully removed.

Infected file detected: C:\WINDOWS\SYSTEM32\imglog.exe

Infected file successfully removed.

----- End -------------------------

Ai' esta',

Muito Grata e Esperando Resposta!!

LFABER

Bom Dia! LFABER

<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/combofix/desktopicon.png&key=c972c7524cf2a0d4771101cc561140ae5696a3aad55bcf64c111bf1861d92e85" alt="desktopicon.png" /> > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

Abraços!

Ola' Amigo DigRam,

Aqui vai o Relat'orio do ComboFix;

ComboFix 09-02-21.01 - Sonia Krieg 2009-02-22 11:02:35.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.44 [GMT -5:00]

Running from: c:\documents and settings\Sonia Krieg\Desktop\ComboFix.exe

AV: Norton 360 On-access scanning disabled (Updated)

FW: Norton 360 disabled

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini

c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\EPUWALcontrol.dll

c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\EPUWALcontrol.inf

c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\FP_AX_CAB_INSTALLER.exe

c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\HPDEXAXO.dll

c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\HPDEXAXO.inf

c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\MsnInstC.dll

c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\MsnInstC.inf

c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\MsnPUpld.dll

c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\MsnPUpld.inf

c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\PURen-us.dll

c:\documents and settings\Owner\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\swflash.inf

c:\documents and settings\Sonia Krieg\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

c:\documents and settings\Sonia Krieg\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini

c:\windows\IE4 Error Log.txt

c:\windows\setup.exe

c:\windows\system\oeminfo.ini

.

((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))

.

2009-02-16 13:47 . 2009-02-16 13:49	<DIR>	d--------	C:\LinhaDefensiva

2009-02-14 09:45 . 2009-02-14 09:46	<DIR>	d--------	c:\documents and settings\Owner\Application Data\HPAppData

2009-02-03 22:14 . 2009-02-19 20:05	<DIR>	d--------	C:\Antivirus

2009-01-29 15:28 . 2009-02-19 11:07	<DIR>	d--------	c:\windows\SYSTEM32\CatRoot_10

2009-01-29 15:24 . 2009-01-29 15:28 480,876 ---hs---- c:\windows\SYSTEM32\tophps.exe

2009-01-29 14:10 . 2009-01-29 15:12 376,231 --a------ c:\windows\SYSTEM32\jumb.exe

2009-01-29 11:45 . 2009-01-30 13:09	<DIR>	d---s----	c:\windows\Downloaded Program Files

2009-01-25 22:56 . 2009-01-25 22:56	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-01-25 09:24 . 2009-01-25 09:24 32,768 --a------ c:\windows\SYSTEM32\DrvSvc.exe

2009-01-24 16:45 . 2009-01-24 16:45 2 --a------ c:\windows\SYSTEM32\FelizAnoNovo.zip

2009-01-24 16:43 . 2009-01-25 09:24 24,884 --a------ c:\windows\SYSTEM32\MSNMessengerAPI.tlb

2009-01-24 15:03 . 2009-01-24 15:04 3,265,573 --a------ c:\windows\SYSTEM32\imagens.zip

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-22 15:54 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-02-22 15:53 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\HPAppData

2009-02-19 22:23 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\MSN6

2009-01-24 23:11 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2009-01-24 23:11 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-24 23:11 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2009-01-24 23:11 --------- d-----w c:\program files\Symantec

2009-01-05 03:37 --------- d-----w c:\program files\Yahoo!

2008-12-28 19:06 --------- d-----w c:\program files\Common Files\Logitech

2008-12-28 18:59 --------- d-----w c:\program files\Common Files\LogiShrd

2008-12-28 18:58 --------- d-----w c:\program files\Logitech

2008-12-27 16:15 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\Sony Corporation

2008-12-27 15:58 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-27 15:49 --------- d-----w c:\program files\Sony

2008-12-27 15:46 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\InstallShield

2008-12-26 01:16 77,824 ----a-w c:\windows\FelizAnoNovo.exe

2004-07-21 00:03 750,983 -c--a-w c:\program files\f11.jpg

2004-07-21 00:03 622,260 -c--a-w c:\program files\f10.jpg

2004-07-21 00:02 677,456 -c--a-w c:\program files\f9.jpg

2003-08-27 18:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll

2008-08-05 12:59 32,768 -csha-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080520080806\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Note empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]

@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"

[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]

2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]

@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"

[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]

2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]

@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"

[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]

2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"Serviço de Drivers"="c:\windows\system32\DrvSvc.exe" [2009-01-25 32768]

"internetnitro"="c:\windows\system32\tophps.exe" [2009-01-29 480876]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-04-26 77824]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]

"HPHmon03"="c:\windows\System32\hphmon03.exe" [2003-01-30 311296]

"DDCActiveMenu"="c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [2001-10-03 94208]

"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]

"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 1470464]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-03 185872]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-20 488984]

"Logitech CallCentral"="c:\program files\Logitech\CallCentral\CallCentral.exe" [2007-02-20 366616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2008-02-21 152952]

"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

c:\documents and settings\Sonia Krieg\Start Menu\Programs\Startup\

Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-27 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2001-11-07 16384]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]

-----c--- 2001-10-03 05:23 94208 c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM]

-----c--- 2001-10-03 05:21 155648 c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

-----c--- 2001-08-08 02:36 90112 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

-----c--- 1998-05-07 19:04 52736 c:\windows\SYSTEM\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

-----c--- 2001-08-08 03:25 143360 c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

--a------ 2005-02-02 16:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]

-----c--- 2001-07-04 00:13 81920 c:\windows\SYSTEM32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

-----c--- 2001-06-16 01:34 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]

-----c--- 2001-10-04 21:06 69632 c:\windows\SYSTEM32\S3tray2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 sonypvl2;sonypvl2;c:\windows\SYSTEM32\drivers\sonypvl2.sys [2004-04-19 19478]

R1 sonypvf2;sonypvf2;c:\windows\SYSTEM32\drivers\sonypvf2.sys [2004-04-19 634798]

R1 sonypvt2;sonypvt2;c:\windows\SYSTEM32\drivers\sonypvt2.sys [2004-04-19 430670]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-29 99376]

R3 lvdevenb;Logitech Device Enabler Filter;c:\windows\SYSTEM32\drivers\lvdevenb.sys [2008-12-28 35104]

S1 sonypvd2;sonypvd2;c:\windows\SYSTEM32\drivers\sonypvd2.sys [2004-04-19 64093]

S3 COH_Mon;COH_Mon;c:\windows\SYSTEM32\drivers\COH_Mon.sys [2008-01-12 23888]

S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\SYSTEM32\drivers\hphius09.sys [2003-01-30 18864]

S3 trid3d;trid3d;c:\windows\SYSTEM32\drivers\trid3dm.sys [2001-07-31 130332]

--- Other Services/Drivers In Memory ---

NewlyCreated - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2003-11-20 c:\windows\Tasks\ISP signup reminder 2.job

• c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2003-11-20 c:\windows\Tasks\ISP signup reminder 3.job

• c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2003-11-20 c:\windows\Tasks\Registration reminder 2.job

• c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

2003-11-20 c:\windows\Tasks\Registration reminder 3.job

• c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 19:12]

.

• - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Zero Knowledge Freedom - c:\program files\Zero Knowledge\Freedom\AutoStarterR.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mSearch Bar = hxxp://srch-us4.hpwis.com/

uInternet Settings,ProxyOverride = localhost

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-22 11:07:23

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2009-02-22 11:11:13

ComboFix-quarantined-files.txt 2009-02-22 16:11:07

Pre-Run: 58,466,500,608 bytes free

Post-Run: 58,527,621,120 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows Whistler Personal" /fastdetect /NoExecute=OptIn

230 --- E O F --- 2009-02-11 19:16:47

Muitos V'irus Por Aqui , 'E dose amigo, esse tal de MSN, Orkut e outros programinhas!!

Abra,cos e Tudo de Bom!!

LFABER

Boa Tarde! LFABER

<@> Baixe: < Kaspersky Virus Removal Tool >

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é um pouco demorada. Aguarde!

<@> Caso seja encontrada infecções,clique em "disinfect".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events".

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

<@> Poste,também,HijackThis atualizado.

Abraços!

Ol'a Dig Ram,

Consegui salvar o Kaspersky em Program Files e reiniciei no modo de seguran,ca. N~ao tenho como dar in'icio ao SCAN, porque o Administrador de Sistema n~ao deixa que a instala,c~ao aconte,ca; " The system adminstrator has set policies to prevent this instalation".

Fui em Feramentas, opc~oes da Internet. Tentei abrir caminhos e nada. Por favor me ajude.

Muito Grata desde j'a!!

LFABER

Bom Dia! LFABER

<@> Baixe: < FixPolicies >

<@> Salve-o no Desktop!

<@> Esteja logado como Administrador!

<@> Execute o arquivo FixPolicies.exe,com um duplo-clique.

<@> Clique em Install.

<@> Abra a pasta FixPolicies --> Clique em Fix_policies.cmd --> Enter.

<@> Dê permissão ao reparo,caso seja negado por programas de proteção.

<@> Aguarde o término da verificação!

<@> Tente executar o Kaspersky Virus Removal Tool.

Abraços!

Ol'a DigRam, Aqui vai o novo Log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:34:09 AM, on 3/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\WINDOWS\System32\hphmon03.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\vVX3000.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\CallCentral\CallCentral.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\DrvSvc.exe

C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Antivirus\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tb...0112&tmpl=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80112

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [Logitech CallCentral] "C:\Program Files\Logitech\CallCentral\CallCentral.exe" /hide

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [serviço de Drivers] C:\WINDOWS\system32\DrvSvc.exe

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')

O4 - Startup: is-FN79P.lnk = C:\Documents and Settings\Sonia Krieg\My Documents\LEILA\Virus Removal Tool\is-FN79P\startup.exe

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 10421 bytes

Alguns Trojans e Bankers j'a foram removidos!

E, por favor, como fa,co para deletar o Kaspersky? Na pasta onde ele se encontra, n~ao consegui!

Fico muito grata desde j'a!!

Abra,cos e Tudo de BOM

LFABER

Boa Tarde! LFABER

E, por favor, como fa,co para deletar o Kaspersky? Na pasta onde ele se encontra, n~ao consegui!

<!> Voçê não postou o relatório do Kaspersky,e já quer removê-lo? rsrsr...

<><><><><><><><><><><>

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><><>

<!> Baixe,novamente: ComboFix.exe --> Execute-o --> Poste seu relatório: ComboFix.txt

Abraços!

ComboFix 09-04-04.01 - Sonia Krieg 2009-04-07 13:59:55.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.41 [GMT -4:00]

Running from: c:\documents and settings\Sonia Krieg\Desktop\Kombo.exe

AV: Norton 360 On-access scanning disabled (Updated)

FW: Norton 360 disabled

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))

.

2009-04-05 20:52 . 2009-04-07 13:55	<DIR>	d--------	c:\program files\Google

2009-03-27 12:05 . 2009-03-27 12:05	<DIR>	dr-------	c:\program files\Norton Support

2009-03-16 18:03 . 2009-03-16 18:03	<DIR>	d--------	c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}

2009-03-16 18:02 . 2009-03-16 18:02	<DIR>	d--------	c:\program files\Symantec

2009-03-16 18:02 . 2009-03-16 18:02 124,464 --a------ c:\windows\SYSTEM32\drivers\SYMEVENT.SYS

2009-03-16 18:02 . 2009-03-16 18:02 60,808 --a------ c:\windows\SYSTEM32\S32EVNT1.DLL

2009-03-16 18:02 . 2009-03-16 18:02 36,400 -ra------ c:\windows\SYSTEM32\drivers\SymIM.sys

2009-03-16 18:02 . 2009-03-16 18:02 7,386 --a------ c:\windows\SYSTEM32\drivers\SYMEVENT.CAT

2009-03-16 18:02 . 2009-03-16 18:02 805 --a------ c:\windows\SYSTEM32\drivers\SYMEVENT.INF

2009-03-16 18:00 . 2009-03-16 18:00	<DIR>	d--------	c:\windows\SYSTEM32\drivers\N360

2009-03-16 18:00 . 2009-03-16 18:01	<DIR>	d--------	c:\program files\Norton 360

2009-03-16 16:19 . 2009-03-16 16:19	<DIR>	d--------	c:\program files\NortonInstaller

2009-03-16 16:19 . 2009-03-16 16:19	<DIR>	d--------	c:\documents and settings\All Users\Application Data\PCSettings

2009-03-16 16:19 . 2009-03-16 17:59	<DIR>	d--------	c:\documents and settings\All Users\Application Data\NortonInstaller

2009-03-16 16:19 . 2009-03-16 18:04	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Norton

2009-03-16 16:15 . 2009-03-16 16:15	<DIR>	d--------	c:\documents and settings\All Users\Symantec Temporary Files

2009-03-09 16:29 . 2009-03-10 08:40 5,570,592 --ahs---- c:\windows\SYSTEM32\drivers\fidbox.dat

2009-03-09 16:29 . 2009-03-10 08:40 66,356 --ahs---- c:\windows\SYSTEM32\drivers\fidbox.idx

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-07 17:37 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\HPAppData

2009-03-16 22:08 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-03-16 22:00 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2009-03-16 20:24 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\Symantec

2009-03-09 20:18 35,591,440 ----a-w c:\program files\Kaspersky.exe

2009-02-28 02:30 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-02-19 22:23 --------- d-----w c:\documents and settings\Sonia Krieg\Application Data\MSN6

2009-02-14 14:46 --------- d-----w c:\documents and settings\Owner\Application Data\HPAppData

2004-07-21 00:03 750,983 -c--a-w c:\program files\f11.jpg

2004-07-21 00:03 622,260 -c--a-w c:\program files\f10.jpg

2004-07-21 00:02 677,456 -c--a-w c:\program files\f9.jpg

2003-08-27 18:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll

2008-08-05 12:59 32,768 -csha-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080520080806\index.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-02-22_11.09.25.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll

+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll

+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe

+ 2008-07-09 07:38:24	26,488	----a-w	c:\windows\$hf_mig$\KB967715\update\spcustom.dll

+ 2008-07-09 07:38:29	755,576	----a-w	c:\windows\$hf_mig$\KB967715\update\update.exe

+ 2008-07-09 07:38:37	382,840	----a-w	c:\windows\$hf_mig$\KB967715\update\updspapi.dll

+ 2008-04-14 00:12:05 8,461,312 -c----w c:\windows\$NtUninstallKB967715$\shell32.dll

+ 2008-07-09 07:38:25 231,288 -c----w c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe

+ 2008-07-09 07:38:37 382,840 -c----w c:\windows\$NtUninstallKB967715$\spuninst\updspapi.dll

+ 2008-08-12 18:15:10 450,560 ----a-w c:\windows\Downloaded Program Files\symdlmgr.dll

• 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

• 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe

+ 2000-08-31 12:00:00 29,696 ----a-w c:\windows\NIRCMD.exe

• 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe

+ 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe

+ 2008-09-17 20:29:12 20,040 ----a-w c:\windows\SYSTEM32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

+ 2008-05-19 10:33:20 4,445,184 ------w c:\windows\SYSTEM32\dllcache\msi.dll

+ 2008-05-19 05:57:42 95,744 ------w c:\windows\SYSTEM32\dllcache\msiexec.exe

• 2008-04-14 00:11:59 271,360 -c--a-w c:\windows\SYSTEM32\dllcache\msihnd.dll

+ 2008-05-19 10:33:20 332,800 ----a-w c:\windows\SYSTEM32\dllcache\msihnd.dll

+ 2008-04-17 05:43:24 2,560 ------w c:\windows\SYSTEM32\dllcache\msimsg.dll

+ 2008-05-19 10:33:20 18,944 ------w c:\windows\SYSTEM32\dllcache\msisip.dll

+ 2008-12-05 06:54:55 144,896 ------w c:\windows\SYSTEM32\dllcache\schannel.dll

+ 2008-06-17 19:02:19 8,461,312 ------w c:\windows\SYSTEM32\dllcache\shell32.dll

• 2008-09-15 12:12:56 1,846,400 -c----w c:\windows\SYSTEM32\dllcache\win32k.sys

+ 2009-02-09 11:13:27 1,846,784 ------w c:\windows\SYSTEM32\dllcache\win32k.sys

• 2007-06-12 03:51:12 10,834,944 -c--a-w c:\windows\SYSTEM32\dllcache\wmp.dll

+ 2008-11-11 22:34:42 10,838,016 ----a-w c:\windows\SYSTEM32\dllcache\wmp.dll

• 2008-04-17 17:12:54 15,464 ----a-w c:\windows\SYSTEM32\drivers\GEARAspiWDM.sys

+ 2009-01-15 16:19:36 23,848 ----a-w c:\windows\SYSTEM32\drivers\GEARAspiWDM.sys

+ 2009-03-16 22:02:18 258,608 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\BHDrvx86.sys

+ 2009-03-16 22:02:18 482,352 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\cchpx86.sys

+ 2009-03-16 22:02:20 307,760 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\srtsp.sys

+ 2009-03-16 22:02:20 43,696 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\srtspx.sys

+ 2009-03-16 22:02:20 310,320 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\SymEFA.sys

+ 2009-03-16 22:02:21 89,776 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\symfw.sys

+ 2009-03-16 22:02:21 34,736 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\symids.sys

+ 2009-03-16 22:02:21 37,296 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\symndis.sys

+ 2009-03-16 22:02:21 39,984 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\symndisv.sys

+ 2009-03-16 22:02:21 217,392 ----a-w c:\windows\SYSTEM32\drivers\N360\0300000.086\symtdi.sys

+ 2008-04-17 16:12:54 107,368 -c--a-w c:\windows\SYSTEM32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\x86\GEARAspi.dll

+ 2009-01-15 16:19:36 23,848 -c--a-w c:\windows\SYSTEM32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\x86\GEARAspiWDM.sys

• 2008-10-17 17:08:55 257,456 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT

+ 2009-03-12 22:40:28 257,456 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT

• 2008-04-17 17:12:54 107,368 ----a-w c:\windows\SYSTEM32\GEARAspi.dll

+ 2008-04-17 16:12:54 107,368 ----a-w c:\windows\SYSTEM32\GEARAspi.dll

+ 2009-02-03 02:07:18 240,544 ----a-r c:\windows\SYSTEM32\Macromed\Flash\FlashUtil10b.exe

• 2009-02-03 23:21:12 21,244,864 -c--a-w c:\windows\SYSTEM32\MRT.exe

+ 2009-02-25 16:55:00 24,768,960 -c--a-w c:\windows\SYSTEM32\MRT.exe

• 2008-04-14 00:11:59 2,843,136 ----a-w c:\windows\SYSTEM32\msi.dll

+ 2008-05-19 10:33:20 4,445,184 ----a-w c:\windows\SYSTEM32\msi.dll

• 2008-04-14 00:12:28 78,848 ----a-w c:\windows\SYSTEM32\msiexec.exe

+ 2008-05-19 05:57:42 95,744 ----a-w c:\windows\SYSTEM32\msiexec.exe

• 2008-04-14 00:11:59 271,360 -c--a-w c:\windows\SYSTEM32\msihnd.dll

+ 2008-05-19 10:33:20 332,800 ----a-w c:\windows\SYSTEM32\msihnd.dll

• 2008-04-13 15:39:43 884,736 ----a-w c:\windows\SYSTEM32\msimsg.dll

+ 2008-04-17 05:43:24 2,560 ----a-w c:\windows\SYSTEM32\msimsg.dll

• 2008-04-14 00:11:59 15,360 ----a-w c:\windows\SYSTEM32\msisip.dll

+ 2008-05-19 10:33:20 18,944 ----a-w c:\windows\SYSTEM32\msisip.dll

• 2008-11-03 13:55:35 53,436 ----a-w c:\windows\SYSTEM32\perfc009.dat

+ 2009-03-08 12:34:55 53,436 ----a-w c:\windows\SYSTEM32\perfc009.dat

• 2008-11-03 13:55:35 381,692 ----a-w c:\windows\SYSTEM32\perfh009.dat

+ 2009-03-08 12:34:55 381,692 ----a-w c:\windows\SYSTEM32\perfh009.dat

• 2008-04-14 00:12:05 144,384 ----a-w c:\windows\SYSTEM32\schannel.dll

+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\SYSTEM32\schannel.dll

• 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\SYSTEM32\shell32.dll

+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\SYSTEM32\shell32.dll

• 2008-07-09 07:38:24 17,272 ------w c:\windows\SYSTEM32\spmsg.dll

+ 2007-11-30 09:39:22 17,272 ------w c:\windows\SYSTEM32\spmsg.dll

• 2007-08-11 00:46:18 26,488 -c--a-w c:\windows\SYSTEM32\spupdsvc.exe

+ 2007-07-27 13:41:38 26,488 ----a-w c:\windows\SYSTEM32\spupdsvc.exe

• 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys

+ 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\SYSTEM32\win32k.sys

• 2007-06-12 03:51:12 10,834,944 ----a-w c:\windows\SYSTEM32\wmp.dll

+ 2008-11-11 22:34:42 10,838,016 ----a-w c:\windows\SYSTEM32\wmp.dll

+ 2009-04-07 16:36:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2d8.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Note empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"Serviço de Drivers"="c:\windows\system32\DrvSvc.exe" [2009-01-25 32768]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-04-26 77824]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 172032]

"HPHmon03"="c:\windows\System32\hphmon03.exe" [2003-01-30 311296]

"DDCActiveMenu"="c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [2001-10-03 94208]

"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 1470464]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-03 185872]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-20 488984]

"Logitech CallCentral"="c:\program files\Logitech\CallCentral\CallCentral.exe" [2007-02-20 366616]

"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]

c:\documents and settings\Sonia Krieg\Start Menu\Programs\Startup\

Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-27 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2001-11-07 16384]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]

-----c--- 2001-10-03 06:23 94208 c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM]

-----c--- 2001-10-03 06:21 155648 c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

-----c--- 2001-08-08 03:36 90112 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

-----c--- 1998-05-07 20:04 52736 c:\windows\SYSTEM\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

-----c--- 2001-08-08 04:25 143360 c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

--a------ 2005-02-02 17:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]

-----c--- 2001-07-04 01:13 81920 c:\windows\SYSTEM32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

-----c--- 2001-06-16 02:34 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]

-----c--- 2001-10-04 22:06 69632 c:\windows\SYSTEM32\S3tray2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=

"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 sonypvl2;sonypvl2;c:\windows\SYSTEM32\drivers\sonypvl2.sys [2004-04-19 19478]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\drivers\N360\0300000.086\SymEFA.sys [2009-03-16 18:02:20 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\drivers\N360\0300000.086\BHDrvx86.sys [2009-03-16 18:02:18 258608]

R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\drivers\N360\0300000.086\cchpx86.sys [2009-03-16 18:02:18 482352]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090331.007\IDSXpx86.sys [2009-04-03 276344]

R1 sonypvf2;sonypvf2;c:\windows\SYSTEM32\drivers\sonypvf2.sys [2004-04-19 634798]

R1 sonypvt2;sonypvt2;c:\windows\SYSTEM32\drivers\sonypvt2.sys [2004-04-19 430670]

R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [2009-03-16 115560]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]

R3 lvdevenb;Logitech Device Enabler Filter;c:\windows\SYSTEM32\drivers\lvdevenb.sys [2008-12-28 35104]

S1 sonypvd2;sonypvd2;c:\windows\SYSTEM32\drivers\sonypvd2.sys [2004-04-19 64093]

S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\SYSTEM32\drivers\hphius09.sys [2003-01-30 18864]

S3 trid3d;trid3d;c:\windows\SYSTEM32\drivers\trid3dm.sys [2001-07-31 130332]

S3 utiznzu3;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utiznzu3.sys --> c:\windows\system32\Drivers\utiznzu3.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\PLAY.EXE

\Shell\install\command - e:\install\_SETUP.exe

.

Contents of the 'Scheduled Tasks' folder

2003-11-20 c:\windows\Tasks\ISP signup reminder 2.job

• c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 20:12]

2003-11-20 c:\windows\Tasks\ISP signup reminder 3.job

• c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 20:12]

2003-11-20 c:\windows\Tasks\Registration reminder 2.job

• c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 20:12]

2003-11-20 c:\windows\Tasks\Registration reminder 3.job

• c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 20:12]

.

• - - - ORPHANS REMOVED - - - -

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe

HKU-Default-Run-Symantec NetDriver Warning - c:\progra~1\SYMNET~1\SNDWarn.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mSearch Bar = hxxp://srch-us4.hpwis.com/

uInternet Settings,ProxyOverride = localhost

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-07 14:04:47

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"

.

Completion time: 2009-04-07 14:11:33

ComboFix-quarantined-files.txt 2009-04-07 18:11:16

Pre-Run: 57,990,823,936 bytes free

Post-Run: 57,931,038,720 bytes free

280 --- E O F --- 2009-03-15 00:43:45

E aqui vai um novo Log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:48:08 PM, on 4/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\WINDOWS\System32\hphmon03.exe

C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\vVX3000.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\CallCentral\CallCentral.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\DrvSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Antivirus\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tb...0112&tmpl=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80112

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe

O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [Logitech CallCentral] "C:\Program Files\Logitech\CallCentral\CallCentral.exe" /hide

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [serviço de Drivers] C:\WINDOWS\system32\DrvSvc.exe

O4 - HKUS\S-1-5-21-1790521817-3848448594-3852255402-1003\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun (User 'Owner')

O4 - HKUS\S-1-5-21-1790521817-3848448594-3852255402-1003\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe" (User 'Owner')

O4 - HKUS\S-1-5-21-1790521817-3848448594-3852255402-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Owner')

O4 - HKUS\S-1-5-21-1790521817-3848448594-3852255402-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Krieg's Bakery')

O4 - HKUS\S-1-5-21-1790521817-3848448594-3852255402-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')

O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')

O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

--

End of file - 9989 bytes

Muito Grata por sua ajuda e esperando sua resposta!!

LFABER

Boa Noite! LFABER

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

>
Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

File::

E:\PLAY.EXE

e:\install\_SETUP.exe

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

/applications/core/interface/imageproxy/imageproxy.php?img=http://farm4.static.flickr.com/3028/2872959479_997d4500c4_o.gif&key=5df91a69abacb5902724f70d14994f3bf5ba8d87bf300cea4c6fd8c885940cf0" alt="2872959479_997d4500c4_o.gif" />

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.