Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Poderiam analisar meu log?
O computador estava cheio de vírus poderiam verificar meu logo e me ajudar....
Como são computadores da firma sempre um funcionário acaba fazendo op que não deve, ja vim outras vezes aqui pedir ajuda em outros computadores....desculpe ficar todas vez pedindo ajuda....
Abraçossss
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:18, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Mlpd\lpd.exe
C:\Arquivos de programas\No-IP\DUC20.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ARQUIV~1\NXCLIE~1\bin\NXWin.exe
C:\Arquivos de programas\NX Client for Windows\bin\nxssh.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\Adobe_Updater.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Cliente\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MochaSoft Lpd.lnk = C:\Mlpd\lpd.exe
O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{451EAA7C-A74F-4635-B6E7-A4574AC3D087}: NameServer = 208.67.222.222,192.168.1.1
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 5411 bytes
Segue o log.
SDFix: Version 1.240
Run by Administrador on qui 07/02/aaaa at 17:12
Microsoft Windows XP [versÆo 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
ICF
Path :
C:\WINDOWS\system32\svchost.exe:ext.exe
ICF - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 17:14:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Arquivos de programas\\NX Client for Windows\\nxclient.exe"="C:\\Arquivos de programas\\NX Client for Windows\\nxclient.exe:*:Enabled:nxclient"
"C:\\Arquivos de programas\\NX Client for Windows\\bin\\nxssh.exe"="C:\\Arquivos de programas\\NX Client for Windows\\bin\\nxssh.exe:*:Enabled:nxssh"
"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"="C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Mlpd\\lpd.exe"="C:\\Mlpd\\lpd.exe:*:Enabled:lpd Application"
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Arquivos de programas\Autodesk\Autodesk DWF Viewer\Setup.exe"
Sat 24 Jan 2004 5,120 A.SHR --- "C:\Arquivos de programas\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Finished!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:51, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Mlpd\lpd.exe
C:\Arquivos de programas\No-IP\DUC20.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Cliente\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MochaSoft Lpd.lnk = C:\Mlpd\lpd.exe
O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{451EAA7C-A74F-4635-B6E7-A4574AC3D087}: NameServer = 208.67.222.222,192.168.1.1
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 5003 bytes
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Outro fato curioso quando vou em configurações do sistema - inicializar, aparece uma lista grande com muitas coisas...
O arquivo que mais tem é uulo c:\uulo.exe SOFTAWARE\Microsoft\Windows\CurrentVersion\Run deve ter uns 40 ítem de inicialização deste programa.
Abraçossss
- Faça o download do [ComboFix](http://download.bleepingcomputer.com/sUBs/ComboFix.exe) e salve-o na área de trabalho;
● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone *combofix.exe* para iniciar o scan;
● Leia o contrato que aparecerá e clique em **Sim** para continuar;
● Abrirá uma janela do *Console de Recuperação*, clique em **Sim** para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle **N**;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;● Será gerado um log em C:\ComboFix.txt.
Cole este log em sua próxima resposta.
Segue o log.....
ComboFix 09-07-02.02 - Cliente 03/07/2009 8:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.657 [GMT -3:00]
Executando de: c:\documents and settings\Cliente\Desktop\ComboFix.exe
AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-03 to 2009-07-03 ))))))))))))))))))))))))))))
.
2009-07-03 11:06 . 2009-07-03 11:15 -------- d-----w- c:\windows\LastGood
2009-07-02 20:11 . 2009-07-02 20:11 -------- d-----w- c:\windows\ERUNT
2009-07-02 20:02 . 2009-07-02 20:15 -------- d-----w- C:\SDFix
2009-07-02 17:44 . 2009-07-02 17:46 -------- d-----w- C:\Fotoshop
2009-07-02 13:23 . 2009-06-23 14:06 245408 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\unicows.dll
2009-07-02 13:23 . 2009-04-05 17:26 8784 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
2009-07-02 13:23 . 2009-04-05 17:26 71248 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
2009-07-02 13:23 . 2009-02-19 14:38 2633728 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2009-07-02 13:03 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-02 13:03 . 2009-03-24 19:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-02 13:03 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-02 13:03 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-02 13:03 . 2009-07-02 13:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira
2009-07-02 13:03 . 2009-07-02 13:03 -------- d-----w- c:\arquivos de programas\Avira
2009-07-02 12:35 . 2007-06-22 00:35 180224 ----a-r- c:\windows\system32\igfxres.dll
2009-07-02 12:29 . 2008-04-14 12:00 86016 -c--a-w- c:\windows\system32\dllcache\metada51.dll
2009-07-02 12:28 . 2008-04-14 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt040d.dll
2009-07-02 12:15 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-02 12:15 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-07-02 12:15 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-02 12:15 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-07-01 17:44 . 2009-07-01 17:44 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Yahoo!
2009-07-01 17:43 . 2009-07-02 13:03 -------- d-----w- c:\arquivos de programas\Yahoo!
2009-06-22 17:33 . 2009-06-22 17:33 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Malwarebytes
2009-06-22 17:33 . 2009-06-17 14:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 17:33 . 2009-06-22 17:33 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-06-22 17:33 . 2009-06-22 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-06-22 17:33 . 2009-06-17 14:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-19 13:59 . 2009-06-19 13:59 -------- d-----w- c:\documents and settings\Cliente\Phone Browser
2009-06-19 13:57 . 2009-06-19 13:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2009-06-19 13:57 . 2009-06-19 13:59 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Nokia
2009-06-19 13:57 . 2009-06-19 13:57 -------- d-----w- c:\arquivos de programas\DIFX
2009-06-19 13:57 . 2009-06-19 14:11 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\PC Suite
2009-06-19 13:57 . 2009-06-19 13:57 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution
2009-06-19 13:57 . 2007-02-22 14:15 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-19 13:57 . 2007-06-21 09:21 23919704 ----a-r- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_US.exe
2009-06-19 13:56 . 2009-06-19 14:13 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe
2009-06-19 13:56 . 2009-06-19 14:13 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-19 13:56 . 2009-06-19 14:13 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe
2009-06-19 13:56 . 2009-06-19 13:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations
2009-06-18 18:30 . 2009-06-18 18:29 45056 ----a-w- c:\windows\system32\unredmon.exe
2009-06-18 18:30 . 2009-06-18 18:29 116224 ----a-w- c:\windows\system32\redmonnt.dll
2009-06-18 18:29 . 2009-06-18 18:29 -------- d-----w- C:\redmon
2009-06-18 18:27 . 2009-06-18 18:27 -------- d-----w- c:\arquivos de programas\Ghostgum
2009-06-18 18:22 . 2009-06-18 18:22 -------- d-----w- c:\arquivos de programas\gs
2009-06-18 18:08 . 2009-06-18 18:08 -------- d-----w- c:\arquivos de programas\Autodesk
2009-06-18 18:07 . 2009-06-18 18:07 -------- d-----w- c:\arquivos de programas\AnswerWorks 4.0
2009-06-18 18:03 . 2009-06-18 18:58 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Autodesk
2009-06-18 18:03 . 2009-06-18 18:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared
2009-06-18 18:03 . 2009-06-18 18:08 -------- d-----w- c:\arquivos de programas\AutoCAD 2005
2009-06-18 18:03 . 2009-06-18 18:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk
2009-06-18 18:00 . 2009-06-18 18:01 -------- d-----w- c:\windows\system32\URTTemp
2009-06-17 16:47 . 2009-07-02 09:13 -------- d-----w- c:\windows\l2schemas
2009-06-17 16:47 . 2009-06-17 16:47 -------- d-----w- c:\windows\system32\bits
2009-06-17 16:45 . 2009-06-17 16:47 -------- d-----w- c:\windows\ServicePackFiles
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 11:38 . 2009-05-13 17:20 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Skype
2009-07-03 11:04 . 2009-05-13 17:24 -------- d-----w- c:\arquivos de programas\LogMeIn
2009-07-02 12:51 . 2001-10-28 18:07 61618 ----a-w- c:\windows\system32\perfc016.dat
2009-07-02 12:51 . 2001-10-28 18:07 413480 ----a-w- c:\windows\system32\perfh016.dat
2009-07-02 12:25 . 2009-05-11 17:36 23604 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-01 18:09 . 2004-08-04 03:45 14336 ----a-w- c:\windows\system32\svchost(3).exe
2009-07-01 18:09 . 2004-08-04 03:45 14336 ----a-w- c:\windows\system32\svchost(2).exe
2009-06-29 13:53 . 2009-05-11 18:35 -------- d-----w- c:\arquivos de programas\MSN Messenger
2009-05-27 20:52 . 2009-05-27 20:52 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2009-05-27 11:48 . 2009-05-27 11:48 -------- d-----w- c:\arquivos de programas\CCleaner
2009-05-20 15:36 . 2009-05-20 15:36 0 ----a-w- c:\windows\nsreg.dat
2009-05-13 17:46 . 2009-05-13 17:46 405504 ----a-w- c:\windows\lpduninstall.exe
2009-05-13 17:41 . 2009-05-13 17:41 -------- d-----w- c:\arquivos de programas\No-IP
2009-05-13 17:35 . 2009-05-13 17:35 -------- d-----w- c:\arquivos de programas\NX Client for Windows
2009-05-13 17:34 . 2009-05-13 17:33 -------- d-----w- c:\arquivos de programas\EditPlus 2
2009-05-13 17:31 . 2009-05-13 17:30 -------- d-----w- c:\arquivos de programas\Hewlett-Packard
2009-05-13 17:30 . 2009-05-13 17:30 -------- d-----w- c:\arquivos de programas\HP
2009-05-13 17:25 . 2009-05-13 17:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\LogMeIn
2009-05-13 16:20 . 2009-05-13 16:20 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-05-13 16:20 . 2009-05-11 18:00 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-05-13 16:19 . 2009-05-13 12:33 -------- d-----w- c:\arquivos de programas\TP-LINK
2009-05-13 12:53 . 2009-05-11 17:38 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-11 19:15 . 2009-05-11 19:15 -------- d-----r- c:\arquivos de programas\Skype
2009-05-11 19:15 . 2009-05-11 19:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype
2009-05-11 18:53 . 2009-05-11 18:53 -------- d-----w- c:\arquivos de programas\Microsoft.NET
2009-05-11 18:52 . 2009-05-11 18:52 -------- d-----w- c:\arquivos de programas\Microsoft Works
2009-05-11 18:51 . 2009-05-11 18:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero
2009-05-11 18:50 . 2009-05-11 18:49 -------- d-----w- c:\arquivos de programas\Ahead
2009-05-11 18:49 . 2009-05-11 18:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead
2009-05-11 18:27 . 2009-05-11 18:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-11 18:27 . 2009-05-11 18:27 -------- d-----w- c:\arquivos de programas\Java
2009-05-11 18:27 . 2009-05-11 18:27 152576 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-11 18:23 . 2009-05-11 18:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-05-11 18:12 . 2009-05-11 18:12 -------- d-----w- c:\arquivos de programas\Alwil Software
2009-05-11 18:01 . 2009-05-11 18:00 -------- d-----w- c:\arquivos de programas\IDT
2009-05-11 17:45 . 2009-05-11 17:45 -------- d-----w- c:\arquivos de programas\Intel
2009-05-11 17:44 . 2009-05-11 17:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2009-05-11 17:39 . 2009-05-11 17:39 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2009-05-11 17:37 . 2009-05-11 17:37 -------- d-----w- c:\arquivos de programas\Serviços on-line
2009-05-11 17:37 . 2009-05-11 17:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Cliente\Menu Iniciar\Programas\Inicializar\
MochaSoft Lpd.lnk - c:\mlpd\lpd.exe [2009-5-13 405504]
No-IP DUC.lnk - c:\arquivos de programas\No-IP\DUC20.exe [2009-5-13 1172992]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
TL-WN321G Wireless Utility.lnk - c:\arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2009-5-13 622592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 23:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"VSS"=3 (0x3)
"usnjsvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"ServiceLayer"=3 (0x3)
"helpsvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"c:\\Arquivos de programas\\NX Client for Windows\\nxclient.exe"=
"c:\\Arquivos de programas\\NX Client for Windows\\bin\\nxssh.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Mlpd\\lpd.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2/7/2009 10:03 108289]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [24/7/2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [13/5/2009 14:25 47640]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- =Outros Serviços/Drivers Na Memória ---
NewlyCreated - BITS
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.terra.com.br/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {451EAA7C-A74F-4635-B6E7-A4574AC3D087} = 208.67.222.222,192.168.1.1
FF - ProfilePath - c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\
FF - plugin: c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 08:45
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Tempo para conclusão: 2009-07-03 8:46
ComboFix-quarantined-files.txt 2009-07-03 11:46
Pré-execução: 10 pasta(s) 151.886.680.064 bytes disponíveis
Pós execução: 10 pasta(s) 151.915.716.608 bytes disponíveis
187 --- E O F --- 2009-06-22 20:53
Selecione e copie este conteúdo abaixo (começando de File). Cole dentro do bloco de notas de seu PC e salve-o no desktop como CFScript.txt
File::c:\windows\system32\svchost(3).exe
c:\windows\system32\svchost(2).exe
Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:
/applications/core/interface/imageproxy/imageproxy.php?img=http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif&key=aa06bb7a384f8fa15f7e1a4f58abd652eaebf82f4abc577ab5cdd4b0f21e4492" alt="CFScript.gif" />
● Se for solicitado à você, pressione **Enter** para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\**ComboFix.txt**;● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.
Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.
ComboFix 09-07-05.04 - Cliente 06/07/2009 17:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.597 [GMT -3:00]
Executando de: c:\documents and settings\Cliente\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Cliente\Desktop\CFScript.txt
AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\windows\system32\svchost(2).exe"
"c:\windows\system32\svchost(3).exe"
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\svchost(2).exe
c:\windows\system32\svchost(3).exe
----- BITS: Sites possivelmente infectados -----
hxxp://au.download.windowsupdate.cj+|Cv+@J:NGD_DQ{zcxLJS@uyS;:AV!Messenger Update.S-1-5-21-1844237615-1450960922-839522115-1003XtD$?
.(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-06 to 2009-07-06 ))))))))))))))))))))))))))))
.
2009-07-06 10:52 . 2009-07-06 10:52 -------- d-----w- c:\windows\LastGood
2009-07-03 11:26 . 2009-02-09 11:25 2193280 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-03 11:26 . 2009-02-09 11:25 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-03 11:26 . 2009-02-09 11:25 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-03 11:22 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-02 20:11 . 2009-07-02 20:11 -------- d-----w- c:\windows\ERUNT
2009-07-02 20:02 . 2009-07-02 20:15 -------- d-----w- C:\SDFix
2009-07-02 17:44 . 2009-07-02 17:46 -------- d-----w- C:\Fotoshop
2009-07-02 13:23 . 2009-06-23 14:06 245408 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\unicows.dll
2009-07-02 13:23 . 2009-04-05 17:26 8784 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
2009-07-02 13:23 . 2009-04-05 17:26 71248 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
2009-07-02 13:23 . 2009-02-19 14:38 2633728 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
2009-07-02 13:03 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-02 13:03 . 2009-03-24 19:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-02 13:03 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-02 13:03 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-02 13:03 . 2009-07-02 13:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira
2009-07-02 13:03 . 2009-07-02 13:03 -------- d-----w- c:\arquivos de programas\Avira
2009-07-02 12:35 . 2007-06-22 00:35 180224 ----a-r- c:\windows\system32\igfxres.dll
2009-07-02 12:29 . 2008-04-14 12:00 86016 -c--a-w- c:\windows\system32\dllcache\metada51.dll
2009-07-02 12:28 . 2008-04-14 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt040d.dll
2009-07-02 12:15 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-02 12:15 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-07-02 12:15 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-02 12:15 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-07-01 17:44 . 2009-07-01 17:44 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Yahoo!
2009-07-01 17:43 . 2009-07-02 13:03 -------- d-----w- c:\arquivos de programas\Yahoo!
2009-06-22 17:33 . 2009-06-22 17:33 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Malwarebytes
2009-06-22 17:33 . 2009-06-17 14:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 17:33 . 2009-06-22 17:33 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-06-22 17:33 . 2009-06-22 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2009-06-22 17:33 . 2009-06-17 14:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-19 13:59 . 2009-06-19 13:59 -------- d-----w- c:\documents and settings\Cliente\Phone Browser
2009-06-19 13:57 . 2009-06-19 13:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2009-06-19 13:57 . 2009-06-19 13:59 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Nokia
2009-06-19 13:57 . 2009-06-19 13:57 -------- d-----w- c:\arquivos de programas\DIFX
2009-06-19 13:57 . 2009-06-19 14:11 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\PC Suite
2009-06-19 13:57 . 2009-06-19 13:57 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution
2009-06-19 13:57 . 2007-02-22 14:15 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-06-19 13:57 . 2007-06-21 09:21 23919704 ----a-r- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_US.exe
2009-06-19 13:56 . 2009-06-19 14:13 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe
2009-06-19 13:56 . 2009-06-19 14:13 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-06-19 13:56 . 2009-06-19 14:13 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe
2009-06-19 13:56 . 2009-06-19 13:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations
2009-06-18 18:30 . 2009-06-18 18:29 45056 ----a-w- c:\windows\system32\unredmon.exe
2009-06-18 18:30 . 2009-06-18 18:29 116224 ----a-w- c:\windows\system32\redmonnt.dll
2009-06-18 18:29 . 2009-06-18 18:29 -------- d-----w- C:\redmon
2009-06-18 18:27 . 2009-06-18 18:27 -------- d-----w- c:\arquivos de programas\Ghostgum
2009-06-18 18:22 . 2009-06-18 18:22 -------- d-----w- c:\arquivos de programas\gs
2009-06-18 18:08 . 2009-06-18 18:08 -------- d-----w- c:\arquivos de programas\Autodesk
2009-06-18 18:07 . 2009-06-18 18:07 -------- d-----w- c:\arquivos de programas\AnswerWorks 4.0
2009-06-18 18:03 . 2009-06-18 18:58 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Autodesk
2009-06-18 18:03 . 2009-06-18 18:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared
2009-06-18 18:03 . 2009-06-18 18:08 -------- d-----w- c:\arquivos de programas\AutoCAD 2005
2009-06-18 18:03 . 2009-06-18 18:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk
2009-06-18 18:00 . 2009-06-18 18:01 -------- d-----w- c:\windows\system32\URTTemp
2009-06-17 16:47 . 2009-07-02 09:13 -------- d-----w- c:\windows\l2schemas
2009-06-17 16:47 . 2009-06-17 16:47 -------- d-----w- c:\windows\system32\bits
2009-06-17 16:45 . 2009-06-17 16:47 -------- d-----w- c:\windows\ServicePackFiles
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 20:37 . 2009-05-13 17:20 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Skype
2009-07-06 10:51 . 2009-05-13 17:24 -------- d-----w- c:\arquivos de programas\LogMeIn
2009-07-02 12:51 . 2001-10-28 18:07 61618 ----a-w- c:\windows\system32\perfc016.dat
2009-07-02 12:51 . 2001-10-28 18:07 413480 ----a-w- c:\windows\system32\perfh016.dat
2009-07-02 12:25 . 2009-05-11 17:36 23604 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-29 13:53 . 2009-05-11 18:35 -------- d-----w- c:\arquivos de programas\MSN Messenger
2009-05-27 20:52 . 2009-05-27 20:52 -------- d-----w- c:\arquivos de programas\MSXML 4.0
2009-05-27 11:48 . 2009-05-27 11:48 -------- d-----w- c:\arquivos de programas\CCleaner
2009-05-20 15:36 . 2009-05-20 15:36 0 ----a-w- c:\windows\nsreg.dat
2009-05-13 17:46 . 2009-05-13 17:46 405504 ----a-w- c:\windows\lpduninstall.exe
2009-05-13 17:41 . 2009-05-13 17:41 -------- d-----w- c:\arquivos de programas\No-IP
2009-05-13 17:35 . 2009-05-13 17:35 -------- d-----w- c:\arquivos de programas\NX Client for Windows
2009-05-13 17:34 . 2009-05-13 17:33 -------- d-----w- c:\arquivos de programas\EditPlus 2
2009-05-13 17:31 . 2009-05-13 17:30 -------- d-----w- c:\arquivos de programas\Hewlett-Packard
2009-05-13 17:30 . 2009-05-13 17:30 -------- d-----w- c:\arquivos de programas\HP
2009-05-13 17:25 . 2009-05-13 17:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\LogMeIn
2009-05-13 16:20 . 2009-05-13 16:20 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-05-13 16:20 . 2009-05-11 18:00 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-05-13 16:19 . 2009-05-13 12:33 -------- d-----w- c:\arquivos de programas\TP-LINK
2009-05-13 12:53 . 2009-05-11 17:38 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-11 19:15 . 2009-05-11 19:15 -------- d-----r- c:\arquivos de programas\Skype
2009-05-11 19:15 . 2009-05-11 19:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype
2009-05-11 18:53 . 2009-05-11 18:53 -------- d-----w- c:\arquivos de programas\Microsoft.NET
2009-05-11 18:52 . 2009-05-11 18:52 -------- d-----w- c:\arquivos de programas\Microsoft Works
2009-05-11 18:51 . 2009-05-11 18:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero
2009-05-11 18:50 . 2009-05-11 18:49 -------- d-----w- c:\arquivos de programas\Ahead
2009-05-11 18:49 . 2009-05-11 18:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead
2009-05-11 18:27 . 2009-05-11 18:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-11 18:27 . 2009-05-11 18:27 -------- d-----w- c:\arquivos de programas\Java
2009-05-11 18:27 . 2009-05-11 18:27 152576 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-11 18:23 . 2009-05-11 18:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2009-05-11 18:12 . 2009-05-11 18:12 -------- d-----w- c:\arquivos de programas\Alwil Software
2009-05-11 18:01 . 2009-05-11 18:00 -------- d-----w- c:\arquivos de programas\IDT
2009-05-11 17:45 . 2009-05-11 17:45 -------- d-----w- c:\arquivos de programas\Intel
2009-05-11 17:44 . 2009-05-11 17:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2009-05-11 17:39 . 2009-05-11 17:39 -------- d-----w- c:\arquivos de programas\microsoft frontpage
2009-05-11 17:37 . 2009-05-11 17:37 -------- d-----w- c:\arquivos de programas\Serviços on-line
2009-05-11 17:37 . 2009-05-11 17:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços
.
((((((((((((((((((((((((((((( SnapShot@2009-07-03_11.45.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-06 10:51 . 2009-07-06 10:51 16384 c:\windows\Temp\Perflib_Perfdata_7ec.dat
+ 2009-05-11 17:36 . 2008-10-16 17:08 34328 c:\windows\system32\wups.dll
+ 2009-05-11 18:00 . 2008-07-09 07:34 26488 c:\windows\system32\spupdsvc.exe
+ 2009-05-11 18:18 . 2008-07-09 07:34 18296 c:\windows\system32\spmsg.dll
+ 2008-04-14 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2008-04-14 12:00 . 2008-06-10 08:52 96768 c:\windows\system32\logagent.exe
+ 2009-05-11 17:36 . 2008-10-16 17:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2008-04-14 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2008-04-14 12:00 . 2008-06-10 08:52 96768 c:\windows\system32\dllcache\logagent.exe
+ 2008-04-14 12:00 . 2007-10-20 09:01 227328 c:\windows\system32\wmasf.dll
+ 2009-05-11 17:34 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-05-11 17:34 . 2009-02-09 10:53 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-05-11 17:34 . 2009-02-09 10:53 473600 c:\windows\system32\wbem\fastprox.dll
+ 2008-04-14 12:00 . 2008-10-03 10:04 247326 c:\windows\system32\strmdll.dll
+ 2008-04-14 12:00 . 2009-02-09 11:25 111104 c:\windows\system32\services.exe
+ 2008-04-14 12:00 . 2009-02-09 10:53 401408 c:\windows\system32\rpcss.dll
+ 2008-04-14 12:00 . 2009-03-06 14:20 286208 c:\windows\system32\pdh.dll
+ 2008-04-14 12:00 . 2009-02-09 10:53 730624 c:\windows\system32\ntdll.dll
+ 2008-04-14 12:00 . 2008-10-15 16:36 337408 c:\windows\system32\netapi32.dll
+ 2008-04-14 12:00 . 2009-02-09 10:53 731648 c:\windows\system32\lsasrv.dll
+ 2008-04-14 12:00 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys
+ 2008-04-14 12:00 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys
+ 2008-04-14 12:00 . 2008-10-24 11:21 455296 c:\windows\system32\drivers\mrxsmb.sys
+ 2009-05-11 17:35 . 2008-04-21 21:15 216064 c:\windows\system32\dllcache\wordpad.exe
+ 2009-05-11 17:34 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-05-11 17:34 . 2009-02-09 10:53 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2008-04-14 12:00 . 2007-10-20 09:01 227328 c:\windows\system32\dllcache\wmasf.dll
+ 2008-04-14 12:00 . 2008-10-03 10:04 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2008-04-14 12:00 . 2008-12-11 10:57 333952 c:\windows\system32\dllcache\srv.sys
+ 2008-04-14 12:00 . 2009-02-09 11:25 111104 c:\windows\system32\dllcache\services.exe
+ 2008-04-14 12:00 . 2009-02-09 10:53 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2008-04-14 12:00 . 2008-05-08 14:02 203136 c:\windows\system32\dllcache\rmcast.sys
+ 2008-04-14 12:00 . 2009-03-06 14:20 286208 c:\windows\system32\dllcache\pdh.dll
+ 2008-04-14 12:00 . 2009-02-09 10:53 730624 c:\windows\system32\dllcache\ntdll.dll
+ 2008-04-14 12:00 . 2008-10-15 16:36 337408 c:\windows\system32\dllcache\netapi32.dll
+ 2009-05-11 17:36 . 2008-05-01 14:36 331776 c:\windows\system32\dllcache\msadce.dll
+ 2008-04-14 12:00 . 2009-02-09 10:53 731648 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-11 17:34 . 2009-02-09 10:53 473600 c:\windows\system32\dllcache\fastprox.dll
+ 2008-04-14 12:00 . 2009-02-09 10:53 683520 c:\windows\system32\dllcache\advapi32.dll
+ 2008-04-14 12:00 . 2009-02-09 10:53 683520 c:\windows\system32\advapi32.dll
+ 2009-07-03 11:22 . 2008-10-24 11:21 455296 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-07-03 11:24 . 2008-04-15 17:49 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
+ 2008-04-14 12:00 . 2008-06-10 10:07 2376760 c:\windows\system32\WMVCore.dll
+ 2008-04-14 12:00 . 2007-04-30 11:20 5537792 c:\windows\system32\wmp.dll
+ 2008-04-14 12:00 . 2008-06-10 09:28 1028096 c:\windows\system32\WMNetmgr.dll
+ 2008-04-14 12:00 . 2009-02-09 11:25 2149376 c:\windows\system32\ntoskrnl.exe
+ 2008-04-13 19:00 . 2009-02-09 11:25 2028032 c:\windows\system32\ntkrnlpa.exe
+ 2008-04-14 12:00 . 2008-09-04 17:16 1106944 c:\windows\system32\msxml3.dll
+ 2008-04-14 12:00 . 2008-06-10 10:07 2376760 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-04-14 12:00 . 2007-04-30 11:20 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2008-04-14 12:00 . 2008-06-10 09:28 1028096 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2009-02-10 22:07 . 2009-02-10 22:07 2070272 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-04-14 12:00 . 2008-09-04 17:16 1106944 c:\windows\system32\dllcache\msxml3.dll
+ 2009-07-03 11:26 . 2009-02-09 11:25 2193280 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-07-03 11:26 . 2009-02-09 11:25 2028032 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-10 22:07 . 2009-02-10 22:07 2070272 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-07-03 11:26 . 2009-02-09 11:25 2149376 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Cliente\Menu Iniciar\Programas\Inicializar\
MochaSoft Lpd.lnk - c:\mlpd\lpd.exe [2009-5-13 405504]
No-IP DUC.lnk - c:\arquivos de programas\No-IP\DUC20.exe [2009-5-13 1172992]
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
TL-WN321G Wireless Utility.lnk - c:\arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2009-5-13 622592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 23:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"VSS"=3 (0x3)
"usnjsvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"ServiceLayer"=3 (0x3)
"helpsvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"c:\\Arquivos de programas\\NX Client for Windows\\nxclient.exe"=
"c:\\Arquivos de programas\\NX Client for Windows\\bin\\nxssh.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Mlpd\\lpd.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2/7/2009 10:03 108289]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [24/7/2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [13/5/2009 14:25 47640]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.terra.com.br/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {451EAA7C-A74F-4635-B6E7-A4574AC3D087} = 208.67.222.222,192.168.1.1
FF - ProfilePath - c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\
FF - plugin: c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 17:52
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\igfxdev.dll
.
Tempo para conclusão: 2009-07-06 17:53
ComboFix-quarantined-files.txt 2009-07-06 20:53
ComboFix2.txt 2009-07-03 11:46
Pré-execução: 10 pasta(s) 151.736.041.472 bytes disponíveis
Pós execução: 10 pasta(s) 151.729.020.928 bytes disponíveis
279 --- E O F --- 2009-07-03 20:52
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:15:31, on 8/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\STacSV.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\NX Client for Windows\bin\nxssh.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\ARQUIV~1\NXCLIE~1\bin\NXWin.exe
C:\Documents and Settings\Cliente\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MochaSoft Lpd.lnk = C:\Mlpd\lpd.exe
O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{451EAA7C-A74F-4635-B6E7-A4574AC3D087}: NameServer = 208.67.222.222,192.168.1.1
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 4914 bytes
Vá em Iniciar > Executar, digite ComboFix /u e dê um OK para remover a ferramenta.
Execute o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O log está limpo.
Algum problema ainda?
Ontem ainda o antri virus estava bem doido....
Vou postar o log aqui...
Sendo ligado em rede com outro computador teriamos que fazer a limpeza dos 2??
Abraçosssss
Avira AntiVir Personal
Report file date: quinta-feira, 9 de julho de 2009 16:17
Scanning for 1485149 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : M4151
Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/aaaa 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/aaaa 13:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/aaaa 14:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/aaaa 15:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/aaaa 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/aaaa 16:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/aaaa 13:08:19
ANTIVIR2.VDF : 7.1.4.198 778752 Bytes 7/8/aaaa 19:16:07
ANTIVIR3.VDF : 7.1.4.203 93696 Bytes 7/8/aaaa 19:16:10
Engineversion : 8.2.0.204
AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/aaaa 15:52:04
AESCRIPT.DLL : 8.1.2.13 426362 Bytes 7/2/aaaa 13:10:02
AESCN.DLL : 8.1.2.3 127347 Bytes 5/14/aaaa 15:02:01
AERDL.DLL : 8.1.2.2 438642 Bytes 7/2/aaaa 13:09:57
AEPACK.DLL : 8.1.3.18 401783 Bytes 5/27/aaaa 20:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/2/aaaa 13:09:48
AEHEUR.DLL : 8.1.0.137 1823095 Bytes 7/2/aaaa 13:09:45
AEHELP.DLL : 8.1.3.6 205174 Bytes 7/2/aaaa 13:09:00
AEGEN.DLL : 8.1.1.48 348532 Bytes 7/2/aaaa 13:08:56
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/aaaa 18:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 5/27/aaaa 20:07:20
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/aaaa 18:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/aaaa 12:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/aaaa 14:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/aaaa 18:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/aaaa 14:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/aaaa 19:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/aaaa 14:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/aaaa 19:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/aaaa 12:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/aaaa 14:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/aaaa 19:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/aaaa 14:19:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: quarta-feira, 8 de julho de 2009 16:17
Starting search for hidden objects.
'26754' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ibserver.exe' - '1' Module(s) have been scanned
Scan process 'ibguard.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'stacsv.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'DUC20.exe' - '1' Module(s) have been scanned
Scan process 'lpd.exe' - '1' Module(s) have been scanned
Scan process 'TWCU.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ramaint.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[iNFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[iNFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '54' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Cliente\Desktop\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\n.pif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000249.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000250.exe
[DETECTION] Contains recognition pattern of the WORM/AutoIt.BP worm
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000251.exe
[DETECTION] Is the TR/Spy.Gen Trojan
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000252.exe
[DETECTION] Is the TR/Spy.Gen Trojan
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000253.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP4\A0001838.pif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP4\A0001923.pif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
Beginning disinfection:
C:\Documents and Settings\Cliente\Desktop\ComboFix.exe
[NOTE] The file was moved to '4ac1f524.qua'!
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000249.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a84f4e6.qua'!
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000250.exe
[DETECTION] Contains recognition pattern of the WORM/AutoIt.BP worm
[NOTE] The file was moved to '4bf06d5f.qua'!
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000251.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '4bedf9ef.qua'!
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000252.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '4bf15567.qua'!
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000253.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4bfc4c3f.qua'!
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP4\A0001838.pif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4bfd3447.qua'!
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP4\A0001923.pif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '4bfe3c8f.qua'!
End of the scan: quarta-feira, 8 de julho de 2009 16:34
Used time: 15:31 Minute(s)
The scan has been done completely.
2948 Scanned directories
227813 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
8 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
227804 Files not concerned
1039 Archives were scanned
1 Warnings
9 Notes
26754 Objects were scanned with rootkit scan
0 Hidden objects were found
Este é o scam de hoje logo após executar o que pediu....
Avira AntiVir Personal
Report file date: sexta-feira, 10 de julho de 2009 08:18
Scanning for 1501656 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : M4151
Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/aaaa 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/aaaa 13:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/aaaa 14:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/aaaa 15:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/aaaa 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/aaaa 16:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/aaaa 13:08:19
ANTIVIR2.VDF : 7.1.4.198 778752 Bytes 7/8/aaaa 19:16:07
ANTIVIR3.VDF : 7.1.4.216 333824 Bytes 7/10/aaaa 11:16:14
Engineversion : 8.2.0.204
AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/aaaa 15:52:04
AESCRIPT.DLL : 8.1.2.13 426362 Bytes 7/2/aaaa 13:10:02
AESCN.DLL : 8.1.2.3 127347 Bytes 5/14/aaaa 15:02:01
AERDL.DLL : 8.1.2.2 438642 Bytes 7/2/aaaa 13:09:57
AEPACK.DLL : 8.1.3.18 401783 Bytes 5/27/aaaa 20:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/2/aaaa 13:09:48
AEHEUR.DLL : 8.1.0.137 1823095 Bytes 7/2/aaaa 13:09:45
AEHELP.DLL : 8.1.3.6 205174 Bytes 7/2/aaaa 13:09:00
AEGEN.DLL : 8.1.1.48 348532 Bytes 7/2/aaaa 13:08:56
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/aaaa 18:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 5/27/aaaa 20:07:20
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/aaaa 18:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/aaaa 12:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/aaaa 14:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/aaaa 18:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/aaaa 14:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/aaaa 19:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/aaaa 14:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/aaaa 19:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/aaaa 12:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/aaaa 14:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/aaaa 19:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/aaaa 14:19:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: sexta-feira, 10 de julho de 2009 08:18
Starting search for hidden objects.
'27161' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'msconfig.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'NXWin.exe' - '1' Module(s) have been scanned
Scan process 'nxssh.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'DUC20.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'lpd.exe' - '1' Module(s) have been scanned
Scan process 'TWCU.exe' - '1' Module(s) have been scanned
Scan process 'ibserver.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'stacsv.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
Scan process 'ramaint.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ibguard.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[iNFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[iNFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '53' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP9\A0002537.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\n.pif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
Beginning disinfection:
C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP9\A0002537.exe
[NOTE] The file was moved to '4a872880.qua'!
End of the scan: sexta-feira, 10 de julho de 2009 08:38
Used time: 15:48 Minute(s)
The scan has been done completely.
2971 Scanned directories
228111 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
228109 Files not concerned
1031 Archives were scanned
1 Warnings
2 Notes
27161 Objects were scanned with rootkit scan
0 Hidden objects were found
Ontem ainda o antri virus estava bem doido....Vou postar o log aqui...
Não é vírus. O Avira está detectando os arquivos do ComboFix - falso-positivo. Basta limpar a pasta da restauração do sistema que os alertas irão parar.
Vá em Iniciar > Executar, digite sysdm.cpl e dê um OK. Clique na aba Restauração do Sistema, marque a opção Desativar restauração do sistema > OK. Após isto, volte neste mesmo local e desmarque a opção.
Sendo ligado em rede com outro computador teriamos que fazer a limpeza dos 2??
Se já estava ligado quando fazíamos a limpeza deste PC, terá que limpar os outros dois sim. Se ligou os dois computadores na rede agora, não há necessidade.
Sim estava ligado enquanto faziamos a limpeza.....
Devo postar um novo log aqui ou abro um novo tópico???
Segue o log do outro computador.......
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:34, on 13/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\NX Client for Windows\bin\nxssh.exe
C:\ARQUIV~1\NXCLIE~1\bin\NXWin.exe
C:\Documents and Settings\Asafer\Meus documentos\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: hpdj00 - HP - C:\DOCUME~1\Asafer\CONFIG~1\Temp\hpdj00.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8853 bytes
- Faça o download do [RSIT](http://images.malwareremoval.com/random/RSIT.exe) e salve no seu desktop;
● Dê dois cliques em **RSIT.exe** para executar o programa;
● Na janela que abrir clique no botão **Continue** para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (**log.txt**) na sua próxima resposta;● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Asafer at 2009-07-14 09:06:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (70%) free of 50 GB
Total RAM: 2047 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:07:06, on 14/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\ARQUIV~1\NXCLIE~1\bin\NXWin.exe
C:\Arquivos de programas\NX Client for Windows\bin\nxssh.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Asafer\Desktop\RSIT.exe
C:\Documents and Settings\Asafer\Meus documentos\Asafer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8745 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{CA683917-B656-44F2-9D5E-06FFC81B47C9}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-08-17 1062184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbieh.dll [2009-06-18 302368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-05-28 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-28 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-10-29 86016]
"LanguageShortcut"=C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]
"LogMeIn GUI"=C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]
"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-05-28 148888]
"avgnt"=C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"SpybotSD TeaTimer"=C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"Skype"=C:\Arquivos de programas\Skype\Phone\Skype.exe [2007-08-17 23120680]
"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]
C:\Arquivos de programas\GbPlugin\gbieh.dll [2009-06-18 302368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\ARQUIV~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\Arquivos de programas\GbPlugin\gbieh.dll [2009-06-18 302368]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Programa de transferência de arquivos"
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Arquivos de programas\NX Client for Windows\nxclient.exe"="C:\Arquivos de programas\NX Client for Windows\nxclient.exe:*:Enabled:nxclient"
"C:\Arquivos de programas\NX Client for Windows\bin\nxssh.exe"="C:\Arquivos de programas\NX Client for Windows\bin\nxssh.exe:*:Enabled:nxssh"
"C:\Arquivos de programas\Java\jre6\bin\java.exe"="C:\Arquivos de programas\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary"
"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======File associations======
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2009-07-14 09:06:58 ----D---- C:\rsit
2009-07-13 11:06:27 ----D---- C:\3840
2009-07-06 17:50:56 ----D---- C:\WINDOWS\ERUNT
2009-07-06 17:50:09 ----D---- C:\WINDOWS\CSC
2009-07-06 17:45:32 ----D---- C:\SDFix
2009-07-02 08:57:59 ----D---- C:\MSNCleaner
2009-06-30 16:22:57 ----D---- C:\Arquivos de programas\Steam
2009-06-22 13:35:34 ----D---- C:\Arquivos de programas\Programas SPED
======List of files/folders modified in the last 1 months======
2009-07-14 09:07:00 ----D---- C:\WINDOWS\Prefetch
2009-07-14 08:45:05 ----D---- C:\Documents and Settings\Asafer\Dados de aplicativos\Skype
2009-07-14 08:21:03 ----D---- C:\WINDOWS\temp
2009-07-14 08:07:17 ----D---- C:\Arquivos de programas\LogMeIn
2009-07-14 07:55:59 ----D---- C:\Arquivos de programas\Mozilla Firefox
2009-07-14 07:44:47 ----D---- C:\WINDOWS
2009-07-14 07:43:02 ----SD---- C:\WINDOWS\Tasks
2009-07-14 07:40:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-14 07:39:53 ----D---- C:\WINDOWS\system32
2009-07-14 07:39:34 ----AD---- C:\WINDOWS\system32\drivers
2009-07-13 17:48:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-13 16:20:47 ----HD---- C:\WINDOWS\inf
2009-07-13 16:20:47 ----D---- C:\Arquivos de programas\Windows Live Safety Center
2009-07-13 11:10:46 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-13 11:10:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-13 11:09:36 ----A---- C:\WINDOWS\hpdj3840.ini
2009-07-13 11:09:21 ----SHD---- C:\WINDOWS\Installer
2009-07-13 11:09:21 ----HD---- C:\Config.Msi
2009-07-13 11:09:21 ----D---- C:\Arquivos de programas\Hewlett-Packard
2009-07-13 11:05:48 ----D---- C:\ncs
2009-07-13 08:02:13 ----D---- C:\Arquivos de programas\GbPlugin
2009-07-09 10:53:30 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2009-07-08 09:01:53 ----AC---- C:\WINDOWS\win.ini
2009-07-02 17:21:29 ----RASH---- C:\boot.ini
2009-07-02 17:21:29 ----A---- C:\WINDOWS\system.ini
2009-07-02 08:21:37 ----D---- C:\LinhaDefensiva
2009-07-02 08:18:55 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-06-30 16:22:57 ----RD---- C:\Arquivos de programas
2009-06-26 11:46:03 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft
2009-06-22 08:59:35 ----D---- C:\WINDOWS\network diagnostic
2009-06-16 08:14:33 ----D---- C:\WINDOWS\Debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-04-27 55640]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2007-05-28 116176]
R3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-11-22 176128]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2007-05-28 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-07 266880]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Asafer\CONFIG~1\Temp\catchme.sys []
S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2007-05-28 235100]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\z530bus.sys [2006-02-17 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2006-02-17 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2006-02-17 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2006-02-17 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\z530obex.sys [2006-02-17 83344]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [2009-06-09 185089]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2007-05-29 54784]
R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-05-13 53320]
R2 hpqddsvc;Serviço de Descoberta de dispositivos CUE HP; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-05-28 152984]
R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WinDefend;Windows Defender; C:\Arquivos de programas\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S2 LMIMaint;LogMeIn Maintenance Service; C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]
S2 LogMeIn;LogMeIn; C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]
-----------------EOF-----------------------------------
info.txt logfile of random's system information tool 1.06 2009-07-14 09:07:09
======Uninstall list======
-->C:\Arquivos de programas\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Lightroom 2.3-->MsiExec.exe /I{7CBD8A89-45F4-4203-9923-673F72603747}
Adobe Reader 8.1.4 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced WindowsCare 2.41 Personal-->"C:\Arquivos de programas\IObit\Advanced WindowsCare V2\unins000.exe"
Assistente de Conexão do Windows Live-->MsiExec.exe /I{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}
Atualização Crítica para o Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Atualização de Segurança para Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Atualização de Segurança para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Atualização para Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Atualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Atualização para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Atualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
AutoCAD 2004-->MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA}
Autodesk Express Viewer-->C:\ARQUIV~1\Autodesk\AUTODE~1\Setup.exe /remove
Automac-->C:\Automac\UNWISE.EXE C:\Automac\INSTALL.LOG
Avira AntiVir Personal - Free Antivirus-->C:\Arquivos de programas\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cobrança de Títulos-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{2CD24956-0074-4FA9-BA7D-21719839C161}\Setup.exe" -l0x416 Uninstall
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dream Aquarium-->"C:\Arquivos de programas\Dream Aquarium\UnInstall.exe"
DVD Suite-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EditPlus 2-->C:\Arquivos de programas\EditPlus 2\remove.exe
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
HijackThis 2.0.2-->"C:\Documents and Settings\Asafer\Meus documentos\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Arquivos de programas\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0-->C:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Arquivos de programas\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0-->C:\Arquivos de programas\HP\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 9.0-->C:\Arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel® PRO Network Connections Drivers-->Prounstl.exe
Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}LightModem 3.0-->"C:\Arquivos de programas\DLink\Modem\fw\unins000.exe"
LogMeIn-->MsiExec.exe /I{A75107A3-DB3A-4224-80EB-42F1ED13372B}
Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.11)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Essentials-->MsiExec.exe /X{AAB93551-3FFE-42B2-8315-96252BBC1046}
No-IP.com DUC (remove only)-->"C:\Arquivos de programas\No-IP\DUC20.exe" -uninstall
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NX Client for Windows 3.3.0-6-->"C:\Arquivos de programas\NX Client for Windows\unins000.exe"
Plugin JRE - Pentium IV-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{49015D1F-3596-11D6-9142-0002B30FBDFA}\Setup.exe" Uninstall
PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
SafeCast Shared Components-->C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sistema Simplificado de Cobrança Itaú 2.00-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{D5940AE3-7244-11D6-BAB7-00010332BA5B}\Setup.exe"
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x416
Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{3B96F4EA-CD82-4C57-B86A-646A017CAF18}
Windows Live Mail-->MsiExec.exe /I{852E74A9-74F1-4F71-BE3E-991A48EF232D}
Windows Live Messenger-->MsiExec.exe /X{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Arquivos de programas\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Arquivos de programas\WinRAR\uninstall.exe
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: ASAFER
Event Code: 7036
Message: O serviço Gerenciador de conexão de acesso remoto entrou no estado executando.
Record Number: 24613
Source Name: Service Control Manager
Time Written: 20090527114341.000000-180
Event Type: Informações
User:
Computer Name: ASAFER
Event Code: 7036
Message: O serviço IMAPI CD-Burning COM Service entrou no estado executando.
Record Number: 24612
Source Name: Service Control Manager
Time Written: 20090527114340.000000-180
Event Type: Informações
User:
Computer Name: ASAFER
Event Code: 7035
Message: O serviço IMAPI CD-Burning COM Service recebeu com êxito um controle Iniciar.
Record Number: 24611
Source Name: Service Control Manager
Time Written: 20090527114340.000000-180
Event Type: Informações
User: AUTORIDADE NT\SYSTEM
Computer Name: ASAFER
Event Code: 7036
Message: O serviço Serviço de descoberta SSDP entrou no estado executando.
Record Number: 24610
Source Name: Service Control Manager
Time Written: 20090527114339.000000-180
Event Type: Informações
User:
Computer Name: ASAFER
Event Code: 7035
Message: O serviço Gerenciador de conexão de acesso remoto recebeu com êxito um controle Iniciar.
Record Number: 24609
Source Name: Service Control Manager
Time Written: 20090527114339.000000-180
Event Type: Informações
User: ASAFER\Asafer
=====Application event log=====
Computer Name: ASAFER-662CB9E6
Event Code: 103
Message: msnmsgr (3688) \\.\C:\Documents and Settings\Asafer\Configurações locais\Dados de aplicativos\Microsoft\Messenger\leandro_777@vista.aero\SharingMetadata\Working\database_68A0_C273_A0C2_4772\dfsr.db: O mecanismo de banco de dados interrompeu uma instância (0).
Record Number: 212
Source Name: ESENT
Time Written: 20090113221818.000000-180
Event Type: Informações
User:
Computer Name: ASAFER-662CB9E6
Event Code: 1000
Message: Os contadores de desempenho para o serviço Outlook (Outlook) foram carregados com êxito.
A página 'Registrar dados' contém os novos valores de índice atribuídos
ao serviço.
Record Number: 211
Source Name: LoadPerf
Time Written: 20090113221555.000000-180
Event Type: Informações
User:
Computer Name: ASAFER-662CB9E6
Event Code: 2002
Message: O arquivo MOF criado para o serviço Outlook não pôde ser carregado. O
código de erro retornado pelo Compilador MOF está contido na página 'Registrar dados'.
Antes que os contadores de desempenho deste serviço possam ser coletados pelo WMI,
o arquivo MOF precisará ser carregado manualmente. Contate o fornecedor desse
serviço para obter informações adicionais.
Record Number: 210
Source Name: LoadPerf
Time Written: 20090113221555.000000-180
Event Type: aviso
User:
Computer Name: ASAFER-662CB9E6
Event Code: 1001
Message: Os contadores de desempenho para o serviço outlook (outlook) foram removidos com êxito.
A página 'Registrar dados' contém os novos valores das entradas
Last Counter e Last Help do Registro do sistema.
Record Number: 209
Source Name: LoadPerf
Time Written: 20090113221541.000000-180
Event Type: Informações
User:
Computer Name: ASAFER-662CB9E6
Event Code: 1000
Message: Faulting application outlook.exe, version 11.0.8217.0, stamp 480f95d9, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x00150227.
Record Number: 208
Source Name: Microsoft Office 11
Time Written: 20090113221451.000000-180
Event Type: Erro
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\Arquivos comuns\Autodesk Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Por favor, rode o ComboFix nesta máquina conforme passei na instrução anterior.
Poste o log dele em sua próxima resposta.
ComboFix 09-07-14.07 - Asafer 15/07/2009 8:06.7.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1565 [GMT -3:00]
Executando de: c:\documents and settings\Asafer\Desktop\Segurança\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Asafer\Desktop\CFScript.txt.txt
AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\52b01b6.msp
c:\windows\Installer\52b01cc.msp
c:\windows\Installer\52b01e2.msp
c:\windows\Installer\d1218f.msi
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-15 to 2009-07-15 ))))))))))))))))))))))))))))
.
2009-07-15 10:49 . 2009-07-15 10:49 -------- d-----w- c:\windows\LastGood
2009-07-14 12:06 . 2009-07-14 12:07 -------- d-----w- C:\rsit
2009-07-13 14:06 . 2009-07-13 14:06 -------- d-----w- C:\3840
2009-07-09 11:14 . 2009-07-09 11:18 -------- d-----w- c:\documents and settings\Asafer\DoctorWeb
2009-07-06 20:51 . 2009-07-06 20:51 579072 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-07-06 20:50 . 2009-07-06 20:50 -------- d-----w- c:\windows\ERUNT
2009-07-06 20:45 . 2009-07-06 20:58 -------- d-----w- C:\SDFix
2009-07-02 11:57 . 2009-07-02 11:58 -------- d-----w- C:\MSNCleaner
2009-06-30 19:22 . 2009-07-09 20:27 -------- d-----w- c:\arquivos de programas\Steam
2009-06-22 16:35 . 2009-06-22 16:35 -------- d-----w- c:\arquivos de programas\Programas SPED
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 10:47 . 2009-05-07 17:06 -------- d-----w- c:\documents and settings\Asafer\Dados de aplicativos\Skype
2009-07-15 10:46 . 2009-05-07 17:56 -------- d-----w- c:\arquivos de programas\LogMeIn
2009-07-15 10:46 . 2007-06-13 14:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2009-07-13 19:20 . 2007-05-29 19:25 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center
2009-07-13 14:09 . 2007-06-04 10:56 -------- d-----w- c:\arquivos de programas\Hewlett-Packard
2009-07-13 11:02 . 2007-06-13 14:09 -------- d-----w- c:\arquivos de programas\GbPlugin
2009-07-09 20:53 . 2009-05-27 11:22 1984508 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-09 20:53 . 2009-05-27 11:22 169252896 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-02 11:18 . 2008-09-17 17:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-06-15 22:19 . 2009-02-02 16:30 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-06-08 19:20 . 2009-06-08 19:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2009-06-08 19:17 . 2009-06-08 19:17 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2009-05-28 18:05 . 2009-05-28 18:05 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-28 18:05 . 2009-05-28 18:05 -------- d-----w- c:\arquivos de programas\Java
2009-05-28 18:02 . 2009-05-28 18:02 0 ----a-w- c:\windows\system32\REN25.tmp
2009-05-28 18:02 . 2009-05-28 18:02 0 ----a-w- c:\windows\system32\REN24.tmp
2009-05-25 19:53 . 2008-09-12 10:54 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-05-25 14:24 . 2009-05-25 14:24 2967799 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-13 17:23 . 2009-05-13 17:23 28271376 ----a-w- C:\3840_ptb_win2k_xp.exe
2009-05-13 05:03 . 2004-08-04 03:45 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-27 10:34 . 2009-04-20 12:24 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 10:34 . 2009-04-20 12:24 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 12:22 . 2001-10-28 15:07 62474 ----a-w- c:\windows\system32\perfc016.dat
2009-04-16 12:22 . 2001-10-28 15:07 416384 ----a-w- c:\windows\system32\perfh016.dat
2009-06-19 16:33 . 2009-05-07 17:09 134648 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2007-08-17 23120680]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-05-28 148888]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-06-18 21:00 302368 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 23:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\NX Client for Windows\\nxclient.exe"=
"c:\\Arquivos de programas\\NX Client for Windows\\bin\\nxssh.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [20/4/2009 09:24 108289]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [13/6/2007 11:09 53320]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [7/5/2009 14:56 47640]
R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2/2/2009 13:30 27056]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [24/7/2008 18:46 12856]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [9/8/2007 07:39 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [9/8/2007 07:39 85696]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [2/4/2008 12:37 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [2/4/2008 12:37 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [2/4/2008 12:37 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [2/4/2008 12:37 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [2/4/2008 12:37 83344]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-07-15 c:\windows\Tasks\MP Scheduled Scan.job
2009-07-14 c:\windows\Tasks\User_Feed_Synchronization-{CA683917-B656-44F2-9D5E-06FFC81B47C9}.job
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.terra.com.br/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
FF - ProfilePath - c:\documents and settings\Asafer\Dados de aplicativos\Mozilla\Firefox\Profiles\7tszqf0e.default\
FF - prefs.js: browser.startup.homepage - www.google.com.br
FF - component: c:\documents and settings\Asafer\Dados de aplicativos\Mozilla\Firefox\Profiles\7tszqf0e.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 08:10
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\wininet.dll
.
Tempo para conclusão: 2009-07-15 8:11
ComboFix-quarantined-files.txt 2009-07-15 11:11
Pré-execução: 16 pasta(s) 36.587.884.544 bytes disponíveis
Pós execução: 16 pasta(s) 36.722.860.032 bytes disponíveis
160 --- E O F --- 2009-07-14 10:43
Selecione e copie o texto abaixo. Cole no bloco de notas do PC e salve no desktop como CFScript.txt
File::c:\windows\system32\REN25.tmp
c:\windows\system32\REN24.tmp
Folder::
C:\rsit
C:\SDFix
C:\MSNCleaner
KillAll::
Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:
/applications/core/interface/imageproxy/imageproxy.php?img=http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif&key=aa06bb7a384f8fa15f7e1a4f58abd652eaebf82f4abc577ab5cdd4b0f21e4492" alt="CFScript.gif" />
● Se for solicitado à você, pressione **Enter** para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\**ComboFix.txt**;● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.
Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.
ComboFix 09-07-19.04 - Asafer 20/07/2009 8:00.8.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1492 [GMT -3:00]
Executando de: c:\documents and settings\Asafer\Desktop\Segurança\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Asafer\Desktop\CFScript.txt
AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Criado um novo ponto de restauração
FILE ::
"c:\windows\system32\REN24.tmp"
"c:\windows\system32\REN25.tmp"
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\MSNCleaner
c:\msncleaner\MSNCleaner_02_07-8_58_04.txt
C:\rsit
c:\rsit\info.txt
c:\rsit\log.txt
C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\Cghtme.exe
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\backups\backupreg.zip
c:\sdfix\backups\catchme.log
c:\sdfix\backups\HOSTS
c:\sdfix\catchme.exe
c:\sdfix\DBFix.bat
c:\sdfix\dummy.sys
c:\sdfix\Report.txt
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\XP_VirusAlert_Repair.inf
c:\windows\system32\REN24.tmp
c:\windows\system32\REN25.tmp
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-20 to 2009-07-20 ))))))))))))))))))))))))))))
.
2009-07-13 14:06 . 2009-07-13 14:06 -------- d-----w- C:\3840
2009-07-09 11:14 . 2009-07-09 11:18 -------- d-----w- c:\documents and settings\Asafer\DoctorWeb
2009-07-06 20:51 . 2009-07-06 20:51 579072 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-07-06 20:50 . 2009-07-06 20:50 -------- d-----w- c:\windows\ERUNT
2009-06-22 16:35 . 2009-06-22 16:35 -------- d-----w- c:\arquivos de programas\Programas SPED
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 11:06 . 2009-05-07 17:06 -------- d-----w- c:\documents and settings\Asafer\Dados de aplicativos\Skype
2009-07-17 19:39 . 2007-05-29 19:25 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center
2009-07-17 10:44 . 2007-06-13 14:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin
2009-07-15 10:46 . 2009-05-07 17:56 -------- d-----w- c:\arquivos de programas\LogMeIn
2009-07-13 14:09 . 2007-06-04 10:56 -------- d-----w- c:\arquivos de programas\Hewlett-Packard
2009-07-13 11:02 . 2007-06-13 14:09 -------- d-----w- c:\arquivos de programas\GbPlugin
2009-07-09 20:53 . 2009-05-27 11:22 1984508 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-09 20:53 . 2009-05-27 11:22 169252896 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-02 11:18 . 2008-09-17 17:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
2009-06-16 14:39 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:39 . 2001-10-28 15:06 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 22:19 . 2009-02-02 16:30 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2009-06-08 19:20 . 2009-06-08 19:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!
2009-06-08 19:17 . 2009-06-08 19:17 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live
2009-06-03 19:10 . 2004-08-04 03:45 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 18:05 . 2009-05-28 18:05 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-28 18:05 . 2009-05-28 18:05 -------- d-----w- c:\arquivos de programas\Java
2009-05-25 19:53 . 2008-09-12 10:54 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2009-05-25 14:24 . 2009-05-25 14:24 2967799 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-13 17:23 . 2009-05-13 17:23 28271376 ----a-w- C:\3840_ptb_win2k_xp.exe
2009-05-13 05:03 . 2004-08-04 03:45 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-27 10:34 . 2009-04-20 12:24 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-04-27 10:34 . 2009-04-20 12:24 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-19 16:33 . 2009-05-07 17:09 134648 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-15_11.10.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-20 11:04 . 2009-07-20 11:04 16384 c:\windows\temp\Perflib_Perfdata_7b4.dat
+ 2009-06-16 14:39 . 2009-06-16 14:39 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2007-05-29 00:14 . 2009-07-20 11:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-05-29 00:14 . 2009-07-20 11:04 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat
+ 2007-05-29 00:14 . 2009-07-20 11:04 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
+ 2007-05-29 00:22 . 2009-07-15 15:02 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-05-29 00:22 . 2009-07-15 15:02 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-05-29 00:22 . 2009-07-15 15:02 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-05-29 00:22 . 2009-07-15 15:02 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-05-29 00:22 . 2009-07-15 15:02 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-05-29 00:22 . 2009-07-15 15:02 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-05-29 00:22 . 2009-07-15 15:02 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-06-16 14:39 . 2009-06-16 14:39 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2007-05-29 00:22 . 2009-07-15 15:02 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-05-29 00:22 . 2009-07-15 15:02 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-05-29 00:22 . 2009-07-15 15:02 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-05-29 00:22 . 2009-07-15 15:02 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-05-29 00:22 . 2009-07-15 15:02 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-05-29 00:22 . 2009-07-15 15:02 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-05-07 05:11 . 2009-06-03 19:10 1295872 c:\windows\system32\dllcache\quartz.dll
+ 2009-06-30 14:30 . 2009-06-30 14:30 5520384 c:\windows\Installer\ea7d02.msp
+ 2007-05-29 14:02 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2007-08-17 23120680]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-05-28 148888]
"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-06-18 21:00 302368 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 23:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\NX Client for Windows\\nxclient.exe"=
"c:\\Arquivos de programas\\NX Client for Windows\\bin\\nxssh.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [20/4/2009 09:24 108289]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [13/6/2007 11:09 53320]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [24/7/2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [7/5/2009 14:56 47640]
R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2/2/2009 13:30 27056]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [9/8/2007 07:39 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [9/8/2007 07:39 85696]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [2/4/2008 12:37 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [2/4/2008 12:37 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [2/4/2008 12:37 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [2/4/2008 12:37 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [2/4/2008 12:37 83344]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Conteúdo da pasta 'Tarefas Agendadas'
2009-07-20 c:\windows\Tasks\MP Scheduled Scan.job
2009-07-20 c:\windows\Tasks\User_Feed_Synchronization-{CA683917-B656-44F2-9D5E-06FFC81B47C9}.job
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.terra.com.br/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
FF - ProfilePath - c:\documents and settings\Asafer\Dados de aplicativos\Mozilla\Firefox\Profiles\7tszqf0e.default\
FF - prefs.js: browser.startup.homepage - www.google.com.br
FF - component: c:\documents and settings\Asafer\Dados de aplicativos\Mozilla\Firefox\Profiles\7tszqf0e.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 08:05
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\wininet.dll
c:\windows\system32\WININET.dll
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\arquivos de programas\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\PortableDeviceApi.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe
c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
c:\arquivos de programas\LogMeIn\x86\LMIGuardian.exe
c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-07-20 8:10 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-07-20 11:10
ComboFix2.txt 2009-07-15 11:11
Pré-execução: 16 pasta(s) 36.473.323.520 bytes disponíveis
Pós execução: 13 pasta(s) 36.642.643.968 bytes disponíveis
332 --- E O F --- 2009-07-17 11:08
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:13:48, on 20/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Asafer\Meus documentos\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8418 bytes
Os logs estão limpos.
Vá em Iniciar > Executar, digite ComboFix /u e dê um OK para remover a ferramenta. Delete a ferramenta RSIT, caso esteja salva aí ainda.
Algum problema?
Minha dúvida é sobre isso: quando vou em configurações do sistema - inicializar, aparece uma lista grande com alguns programas, o programa uulo tem vários...
O arquivo que mais tem é uulo c:\uulo.exe SOFTAWARE\Microsoft\Windows\CurrentVersion\Run deve ter uns 40 ítem de inicialização deste programa.
Hoje dia 27 ficou acusando:
Virus or unwanted program 'TR/Banker.Banker.ajtj.9 [trojan]'
detected in file 'C:\WINDOWS\system32\smll86.dll.
Action performed: Deny access
Virus or unwanted program 'TR/Banker.Banker.ajtj.9 [trojan]'
detected in file 'C:\WINDOWS\system32\smll86.dll.
Action performed: Move file to quarantine
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Faça um novo log do HijackThis e cole na sua próxima resposta, juntamente com o log do SDFix.